[Samba] Problems with migrating from local to roaming profiles

John H Terpstra jht at samba.org
Tue Jan 14 22:32:00 GMT 2003


On Tue, 14 Jan 2003, Gabriel Preston wrote:

> Hello everyone!  I have had a lot of luck with mailing lists in the past, so
> I'm hoping this one works out well also.  I've recently helped my company move
> from an NT4 PDC to a Samba 2.2.7a PDC and everything has gone smoothly until
> this point.  We made the decision to migrate to roaming profiles so our users
> could move around and use whichever computer they wanted to unlike before, but
> hit a snag in the process.

That happens when one is learning. :)

> I followed someone's instructions by logging into the local machine as the
> administrator and opening up "User Profiles" and copying the profiles to our
> network share on the Samba machine.  I then recursively chown-ed their profiles
> so that they had ownership over their stuff and I believe the ACL's were set up
> properly using setfacl.  I then joined the machine into the new domain, logged
> out, and then attempted to log back in.  This is where we found the problem.
> The file NTUSER.DAT which contains that user's HKEY_CURRENT_USER information
> was not being copied into the registry properly, so the machine was acting as
> if the person had never logged in before.

Well, the reason is that you did NOT migrate the profiles according to the
procedures Microsoft document in the MS WIndows NT4 and 2000 resource
kits.

You see the NTUser.DAT file is keyed to the user's SID and the Domain SID
of the NT4 environment in which they were created. You need to either use
the NT4 procedure as documented in the resource kit for migrating the
profile, something that Microsoft only supports within the one domain
anyhow, or else use the profile editting tool that Richard Sharpe has
provided and that is part of samba-3.0.0 that will appear in the next
alpha. Meanwhile you could download the source from the CVS tree and
compile it yourself. It is called profiles.c. It would be best to build
samba-3.0.0 from the CVS tree as this tool is build automatically when you
do it this way.

> It would try and install things on demand again like Microsoft Outlook
> but complain about the installation files.
> The little Internet Connection Wizard would appear on the desktop again.  Also,
> users settings were not being saved on logout.

All of this is fixed by correct profile migration procedures as per the
resource kit instructions.

> I found that if I put these users in the administrator's group on the Samba
> machine everything acted just fine, but this isn't a proper solution.  I've
> also found that if I don't give this person a profile to start with at all, it
> creates their entire profile in their /home/username/profile directory without
> a hitch and any changes they make to their desktop from there out saves just
> fine.
>
> I am apparently missing something in one of two places; my smb.conf file, or my
> process of moving each user's profile from the local machine to the Samba
> server.

See above.

>
> With that said, here is a copy of my smb.conf file so hopefully you can pick
> out something in there that is set wrong or missing entirely:

The problem is not your smb.conf.

- John T.

>
> [global]
>         ; basic settings
>         netbios name = SGI-FILE
>         workgroup = SGILLC
>         server string = File and Authentication Server
>
>         ; act as domain and local master browser
>         os level = 65
>         preferred master = yes
>         domain master = yes
>         local master = yes
>
>         ; server security settings
>         hosts allow = 65.242.179.0/255.255.255.128
>
>         ; user security settings
>         security = user
>         encrypt passwords = yes
>         min password length = 7
>
>         ; password synchronization
>         unix password sync = yes
>         passwd program = /usr/bin/passwd %u
>         passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %
> n\n*passwd:*all*authentication*tokens*updated*successfully*
>         obey pam restrictions = yes
>
>         ; support domain logons
>         domain logons = yes
>
>         ; script to automatically add machine truct accounts
>         add user script = /usr/sbin/useradd -d /dev/null -g winwkst -
> s /bin/false %u
>
>         ; home directory settings
>         logon path = \\%L\%U\profile
>         logon home = \\%L\%U
>         logon drive = H:
>
>         ; logon script
>         ;logon script = logon.bat
>
>         ; map users and groups
>         domain admin group = @winadmin
>         username map = /etc/samba/smbusers
>
>         nt acl support = no
>
>         ; load all cups printers
>         printcap name = cups
>         load printers = yes
>         printing = cups
>
>         ; activate time server
>         time server = yes
>
>         ; activate wins server
>         wins support = yes
>
>         ; log settings
>         log file = /var/log/samba/log.%m
>         log level = 3
>         max log size = 1024
>
>         ; tcp socket setting optimizations
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>
>         ; misc options
>         ;hide local users = yes
>
> [profile]
>         create mode = 0600
>         directory mode = 0700
>         ;path = /home/profile
>         read only = no
>         writeable = yes
>         browseable = no
>
> [netlogon]
>         comment = Domain logon service
>         path = /usr/home/_netlogon
>         writeable = no
>
> [homes]
>         Comment = Home directory
>         browseable = no
>         writeable = yes
>
> [printers]
>         Comment = All Printers
>         path = /var/spool/samba
>         browseable = no
>         public = yes
>         guest ok = yes
>         writable = no
>         printable = yes
>         printer admin = root @winadmin
>
> [print$]
>         comment = Printer Drivers
>         path = /etc/samba/drivers
>         browseable = yes
>         guest ok = no
>         read only = yes
>         write list = root @winadmin
>
> [install]
>         Comment = Software Repository
>         path = /usr/home/_export/install
>         browseable = yes
>         writeable = no
>         write list = @winadmin
>
> [data]
>         Comment = Network File Store
>         path = /usr/home/_export/data
>         browseable = yes
>         writeable = yes
>
>
> Thank you in advance for any help you all can give on the matter.
>
> Regards,
>
> Gabriel Preston
>
>

-- 
John H Terpstra
Email: jht at samba.org



More information about the samba mailing list