[Samba] Problems with migrating from local to roaming profiles

Gabriel Preston gpreston at sgillc.com
Tue Jan 14 15:32:00 GMT 2003

Hello everyone!  I have had a lot of luck with mailing lists in the past, so 
I'm hoping this one works out well also.  I've recently helped my company move 
from an NT4 PDC to a Samba 2.2.7a PDC and everything has gone smoothly until 
this point.  We made the decision to migrate to roaming profiles so our users 
could move around and use whichever computer they wanted to unlike before, but 
hit a snag in the process.

I followed someone's instructions by logging into the local machine as the 
administrator and opening up "User Profiles" and copying the profiles to our 
network share on the Samba machine.  I then recursively chown-ed their profiles 
so that they had ownership over their stuff and I believe the ACL's were set up 
properly using setfacl.  I then joined the machine into the new domain, logged 
out, and then attempted to log back in.  This is where we found the problem.  
The file NTUSER.DAT which contains that user's HKEY_CURRENT_USER information 
was not being copied into the registry properly, so the machine was acting as 
if the person had never logged in before.  It would try and install things on 
demand again like Microsoft Outlook but complain about the installation files.  
The little Internet Connection Wizard would appear on the desktop again.  Also, 
users settings were not being saved on logout.

I found that if I put these users in the administrator's group on the Samba 
machine everything acted just fine, but this isn't a proper solution.  I've 
also found that if I don't give this person a profile to start with at all, it 
creates their entire profile in their /home/username/profile directory without 
a hitch and any changes they make to their desktop from there out saves just 

I am apparently missing something in one of two places; my smb.conf file, or my 
process of moving each user's profile from the local machine to the Samba 

With that said, here is a copy of my smb.conf file so hopefully you can pick 
out something in there that is set wrong or missing entirely:

        ; basic settings
        netbios name = SGI-FILE
        workgroup = SGILLC
        server string = File and Authentication Server

        ; act as domain and local master browser
        os level = 65
        preferred master = yes
        domain master = yes
        local master = yes

        ; server security settings
        hosts allow =

        ; user security settings
        security = user
        encrypt passwords = yes
        min password length = 7

        ; password synchronization
        unix password sync = yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %
        obey pam restrictions = yes

        ; support domain logons
        domain logons = yes

        ; script to automatically add machine truct accounts
        add user script = /usr/sbin/useradd -d /dev/null -g winwkst -
s /bin/false %u

        ; home directory settings
        logon path = \\%L\%U\profile
        logon home = \\%L\%U
        logon drive = H:

        ; logon script
        ;logon script = logon.bat

        ; map users and groups
        domain admin group = @winadmin
        username map = /etc/samba/smbusers

        nt acl support = no

        ; load all cups printers
        printcap name = cups
        load printers = yes
        printing = cups

        ; activate time server
        time server = yes

        ; activate wins server
        wins support = yes

        ; log settings
        log file = /var/log/samba/log.%m
        log level = 3
        max log size = 1024

        ; tcp socket setting optimizations
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

        ; misc options
        ;hide local users = yes

        create mode = 0600
        directory mode = 0700
        ;path = /home/profile
        read only = no
        writeable = yes
        browseable = no

        comment = Domain logon service
        path = /usr/home/_netlogon
        writeable = no

        Comment = Home directory
        browseable = no
        writeable = yes

        Comment = All Printers
        path = /var/spool/samba
        browseable = no
        public = yes
        guest ok = yes
        writable = no
        printable = yes
        printer admin = root @winadmin

        comment = Printer Drivers
        path = /etc/samba/drivers
        browseable = yes
        guest ok = no
        read only = yes
        write list = root @winadmin

        Comment = Software Repository
        path = /usr/home/_export/install
        browseable = yes
        writeable = no
        write list = @winadmin

        Comment = Network File Store
        path = /usr/home/_export/data
        browseable = yes
        writeable = yes

Thank you in advance for any help you all can give on the matter.


Gabriel Preston

Gabriel D. Preston            Network Administrator

SGI, LLC           111 Broadway        NY, NY 10006

"Networking is when you can not get any work done 
 because of the failure of a machine you have never 
 even heard of."

More information about the samba mailing list