[Samba] How to use local profiles in samba PDC?

Kyle Schmitt kyleaschmitt at gmail.com
Tue Jul 28 14:09:55 MDT 2009 

How do you enable local profile creation on machines connected to a samba PDC?

I thought it would be automatic, but it doesn't seem to be.  If there
isn't a roving profile, windows complains it can't find your profile
on the server, then instead of creating a local one, it throws up this
message:

"Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when
you log off."


I thought perhaps it needed a "Default User" profile served over the
network, but adding such a profile to my config didn't help anything.

I wouldn't think it was something to do in my smb.conf, but it's
below, just in case it helps.

Thanks
--Kyle

[global]
	workgroup = DEVDOMAIN
	passdb backend = ldapsam
	log level = 1
	name resolve order = wins lmhosts hosts bcast
	logon script = logon.bat
	#This is used for roaming profiles
	logon path = \\dvpdc01.testcompany.com\profiles\%U
	logon drive = U:
	logon home = \\dvpdc01.testcompany.com\%U
	domain logons = Yes
	os level = 64
	preferred master = Yes
	domain master = Yes
	wins support = Yes
	ldap admin dn = cn=admin,dc=devdomain,dc=com
	ldap delete dn = Yes
	ldap group suffix = ou=groups
	ldap idmap suffix = ou=idmap
	ldap machine suffix = ou=computers
	ldap suffix = dc=devdomain,dc=com
	ldap user suffix = ou=users
	ldap password sync = yes
	idmap domains = DEVDOMAIN
	idmap backend = ldap:ldap://localhost
	idmap alloc backend = ldap
	winbind use default domain = Yes
	idmap alloc config:range = 50000-500000
	idmap alloc config:ldap_url = ldap://localhost
	idmap alloc config:ldap_user_dn = cn=admin,dc=devdomain,dc=com
	idmap alloc config:ldap_base_dn = ou=idmap,dc= devdomain,dc=com
	idmap config DEVDOMAIN:range = 50000-500000
	idmap config DEVDOMAIN:ldap_url = ldap://localhost
	idmap config DEVDOMAIN:ldap_user_dn = cn=admin,dc= devdomain,dc=com
	idmap config DEVDOMAIN:ldap_base_dn = ou=idmap,dc= devdomain,dc=com
	idmap config DEVDOMAIN:default = yes
	idmap config DEVDOMAIN:readonly = no
	idmap config DEVDOMAIN:backend = ldap
	ldapsam:editposix = yes
	ldapsam:trusted = yes
	#Templates
	template homedir = /home/%U
	template shell = /bin/false

[homes]
	comment = Home Directories
	valid users = %S
	read only = No
	create mask = 0640
	directory mask = 0750
	browseable = No

[IT]
	path = /home/IT
	comment= IT stuff
	valid users = @IT
	read only = no
	create mask = 0660
	directory mask = 0770
	browseable = yes

[netlogon]
	path = /var/lib/samba/netlogon
	browseable = no
	write list = @wheel @domadmins

[profiles]
	path = /var/lib/samba/profiles
	writeable = yes
	create mask = 0700
	directory mask = 0700
	browsable = no
	valid users = @wheel @domusers @domadmins

More information about the samba mailing list