[Samba] [Samba} Can't do roaming profiles (Solved)
Douglas Phillipson
phillipd at oem.doe.gov
Thu Oct 9 22:46:57 GMT 2003
Through much help from a guy in my local LUG I found the solution to
making roaming profiles work on Win2000 (SP4).
1) You should have SP4 installed.
2) Two registry changes are needed:
Use regedit and change the following two dword attributes to 0
"requiresignorseal"
"signsecurechannel"
3) Run the group policy editor "gpedit.msc" and enable the following 4
policies under:
Computer Configuration->Administrative Templates->System->Logon
"Do not check for ownership of Roaming Profiles Folders"
"Add the Administrators security group to roaming users profiles"
"Wait for remote user profile"
"Delete cached copies of roaming profiles"
Create the Linux user. Create the Samba user. Logon as the user on
windows, it will fail, but create the users profile dir on the Samba
PDC. It will NOT create a full profile on the PDC, but will on the Win
client. Copy a "default" profile and all the associated directories to
the users profile dir on the Samba PDC. Reboot the Client to release
the lock on the users local copy of ntuser.dat and login as
administrator and delete the users local profile copy on the PC. Log
back in as the user and the remote profile will be copied down from the
samba server to the client. When logging out, the samba users profile
will be updated to the PDC and then removed from the client PC.
This works for me I hope it does for everyone else...
Regards
Doug P
-----------------------------------------------------------------------
>I need a little advice on finishing off a Samba PDC. I have Samba
>3.0.0RC1 installed and working as a PDC on a Redhat AS 3.0 machine.
It >authenticates users nicely but the "roaming" profiles don't work.
>Tailing the samba log, I see the an attempt to access the users
>ntuser.dat file, which doesn't exist before the first logon, when
>logging in. The profile directory (/home/profiles/<username> DOES get
>created by samba when the user logs in. When the user logs off, there
>is no reference, in the log that ntuser.dat is being written with the
>users updated profile. In fact the ntuser.dat file is not created on
>the samba server. If I "touch ntuser.dat" in the profile directory on
>the samba PDC, then log in on a Win2000 client PC, I get a message
>saying the ntuser.dat file is not the proper format, so I know the
>"profiles" share and "logon path" are correct. But the profile will
>not update on the PDC. My Win2000 is SP2, and I tried SP4 also. I
>looked on the client PC and the profile is a "roaming" profile. Also
>the "add user script" doesn't work, I have to add the users by hand
>(with the same script). Here is my smb.conf file, any help is greatly
>appreciated...
>Regards and thanks for a great program!
>Doug P
---------------------------------------------------------------------
# Global parameters
[global]
workgroup = TESTDOM
server string = Samba Server
update encrypted = Yes
client lanman auth = No
client plaintext auth = No
log level = 4
log file = /var/log/samba.log
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /usr/sbin/useradd -d /dev/null -g machines -s
/bin/false -M %u
logon path = \\%L\profiles\%U
logon drive = H:
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
dns proxy = No
ldap ssl = no
preload = homes
[homes]
comment = Home Directories
path = /home/%S
read only = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[software]
path = /home/software
read only = No
[netlogon]
path = /home/scripts
browseable = No
[profiles]
path = /home/profiles
read only = No
writable = yes
create mask = 0600
directory mask = 0700
profile acls = Yes
browseable = No
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list