SAMBA for NT User Profiles (Part 2)

Luke Kenneth Casson Leighton lkcl at
Tue Aug 12 19:16:28 GMT 1997

On Wed, 13 Aug 1997, Jeffrey Liu wrote:

> Hi all,
> Currently I have a Solaris 2.5 box running Samba 1.9.16p11.
> I also have a group of NT workstations which are in a domain  XYZ, but
> I do not have a resource server within domain XYZ nor do I have access 
> to create shares on the PDC.  I'm using Enterprise Administrator for user
> management, and for all intents and purposes, it is identical to "User
> Manager for Domains" within NT Server.
> Within Enterprise Administrator, there are two main dialog boxes.
> The first asks for User Profiles: Logon Script Path and User Profile Path.
> The second specifies the Home Directory.   
> I'm not using a logon script, so I'm not concerned with that, but within
> User Profile Path I tried to use "\\SAMBAHOST\%username%\%username%.usr"


> which does not work. 

nope, it doesn't!

> The above error message of course disappears if
> I used a local path, i.e., "C:\USERS\DEFAULT\%username%.usr" instead.

don't tell me - it creates a profile with EXACTLY that path, down to the 
'%' characters?

> My attempts to direct user profiles onto a SAMBA share (home share typically)
> results in an error message when the users log on stating that:
> "Unable to load your central profile.  The cached copy of your profile will
> be loaded instead.  Possible causes of this error include network problems,
> insufficient security rights, missing or corrupt central profile."

i had this occurring several times.  i eventually got it right.  you will 
need to create a...

hang on, i'm repeating myself.  which i cannot be bothered to do.  tell you 
what, i'll post the latest version (relevant sections) of DOMAIN.txt to 
the list, ok?
> Other than using an NT Server share for user profiles, is it possible to
> configure SAMBA for this purpose?


> One answer I received from Luke Kenneth Casson Leighton <lkcl at>:
> > true.
> > i have found that "logon path = \\%L\homes" fails, but "logon path =
> > \\%L\%U" does not.
> I was not quite sure where Luke was entering that command since I'm not
> sure that Enterprise Administrator has the exact same convention.
> Connecting the Home Directory with drive H: to \\SAMBAHOST\%username%
> works.

yes, this is correct.

read the NT user "help file" entry for the profile box of the "User 
Manager for Domains".  the topics are:

* user
* user profile path
* logon script name
* home directory
* local path
* connect to
* netware home directory relative path
* using %USERNAME% in the Home Directory path

note that it does _not_ say using %USERNAME% in the Home Directory path 
or the user profile path.

therefore, you can expect, if you attempt to specify the user profile 
path as "\\any_server\%USERNAME%" that the stupid machine will attempt to 
connect to that path.

this is why you have to manually specify the profile path individually 
for each and every user.

i'd like to know why specifying \\samba-server\homes doesn't work, even 
though i have "browseable = yes" in the [homes] share.  i just haven't 
got round to looking at a high debug log level, yet...


here's an smb.conf file for you.  none of this is actually relevant - you 
have an NT configuration issue to deal with more than a samba one.

   socket options = TCP_NODELAY

   interfaces =
   wins support = yes
   debug level = 1
   encrypt passwords = yes
   security = user
   printing = bsd
   printcap name = /etc/printcap
   load printers = yes

; logon parameters are only relevant to w95 because we can't do
; NT domain logons yet.

   logon script = allusers.bat
   logon path = \\%L\%U\profile

   preserve case = yes
   short preserve case = yes
   case sensitive = no

   guest ok = no

;  This next option sets a separate log file for each client. Remove
;  it if you want a combined log file.
   log file = /usr/local/samba/log.%m

;  You will need a world readable lock directory and "share modes=yes"
;  if you want to support the file sharing modes for multiple users
;  of the same files

   locking = yes
   lock directory = /usr/local/samba/var/locks
   share modes = yes

; browsing parameters

   workgroup = CB1
   os level = 33
   preferred master = yes
   domain logons = yes
   domain master = yes


   comment = Home Directories
   browseable = yes
   read only = no
   create mode = 0700

   comment = CB1 Applications 
   path = /usr/local/applications
   read only = yes
   public = no
   fake oplocks = yes

; over-ride the above two shares for specific users (e.g lkcl has an 
; [applications] share that is allowed write access:

include = /usr/local/samba/lib/smb.conf.%U

   comment = All Printers
   browseable = no
   printable = yes
   public = no
   writable = no
   create mode = 0700


   browseable = yes
   read only = yes
   path = /usr/local/samba/netlogon

   comment = Temporary file space
   path = /tmp
   read only = no
   public = no


   comment = Mail Directory
   path = /var/mail
   read only = no
   public = no

More information about the samba mailing list