[Samba] Roaming Profiles with Samba PDC
Scott Millhisler
sjmlistread at sjm.net
Mon Mar 10 17:35:17 GMT 2003
I have been working on this problem for quite some time now and have not been able to find the solution.
I have Samba running on Debian Linux 3.0 (Woody) as a primary domain controller. From my Windows 2000 desktop I am able to browse that Linux server with Windows Explorer.
My biggest problem is trying to log in to that domain. Under Windows 2000 I am able to join the domain (sjmlinux) but after I restart the Windows desktop and attempt to log in to that domain, Windows gives me a message like, "cannot create profile directory \\servername\profiledirectory.pds". It then the proceeds to assign me a generic profile that cannot be updated.
The profile directory has fairly liberal write access so the Windows machine should have sufficient rights to create or delete any files or directories it deems necessary. One, of many, things I do not understand is where the .pds suffix that the message indicates is coming from. It certainly is not what I have defined for the profile directory in smb.conf is and it is not something that I have seen before.
I have seen some documents that referred to creating a policy file (*.pol) with the Windows server policy editor tool. However, I understand profiles to be much more than a single file and that actually a directory structure that contain everything desktop colors to your recent files list. Under Windows 2000 this is essentially what you see in your subdirectory of the Documents and Settings folder.
I am sure that somebody must have seen this issue before as I have seen reference to it in the archives; I had just never seen what the solution is. Below is a snippet of my smb.conf file that I believe would contain the pertinent information.
[global]
# Change this for the workgroup/NT-domain name your Samba server will part of
workgroup = sjmlinux
netbios name = sjmpdc
# server string is the equivalent of the NT Description field
server string = %h server (Samba %v)
guest account = nobody
invalid users = root
# This tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
# Put a capping on the size of the log files (in Kb).
max log size = 1000
# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smb,nmb} instead. If you want to log
# through syslog you should set the following parameter to something higher.
syslog = 0
# "security = user" is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# security_level.txt for details.
security = user
# You may wish to use password encryption. Please read ENCRYPTION.txt,
# Win95.txt and WinNT.txt in the Samba documentation. Do not enable this
# option unless you have read those documents
encrypt passwords = true
# Support Domain logins
domain logons = true
# Admin group (temp solution)
domain admin group = @staff
# User profile path
logon path = \\%N\home\%u\ntprofile
# Where is the user's home directory and what is the drive
logon drive = H:
logon home = \\%N\home\%u\pchome
# Specify a generic logon script for all users
# this is a relative **DOS** path to the [netlogon] share
logon script = logon.bat
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
local master = yes
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
os level = 64
domain master = yes
preferred master = yes
wins support = yes
# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no
# Name mangling options
preserve case = yes
unix password sync = true
# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
winbind uid = 10000-20000
winbind gid = 10000-20000
template shell = /bin/bash
#======================= Share Definitions =======================
[homes]
comment = Home Directories
browseable = yes
# By default, the home directories are exported read-only. Change next
# parameter to 'yes' if you want to be able to write to them.
writable = yes
# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
create mask = 0775
# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0775
valid users = %u
guest ok = no
path = /home/%u/pchome
# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = yes
writable = no
share modes = no
write list = @staff
# Share for User's profiles
[profiles]
path = /home/%u/ntprofile
writable = yes
directory mode = 0700
create mode = 0600
----------------
Sincerely,
Scott Millhisler
SJM Computer Consulting
More information about the samba
mailing list