[Samba] Problem with roaming profiles

Tilo Lutz TiloLutz at gmx.de
Sun Sep 7 13:23:07 GMT 2003 

Hi

After changing from samba 2.2.7 to 3.0.rc2 I can't get roaming profiles
work. Clients Are W2K and XP.
I've also switched from smbpasswd backend to ldap. Logon path is only
set in smb.conf, not in ldap.
Storing of profiles is working but it takes very long.
I've tried logon path = \\wilma2\profile\Win2K and \\wilma2\profile.
But the clients are always storing profile in \\wilma2\profile\Win2K.
Is it possible windows is caching home path anywere?

Loading of profiles dowsn't work I get the old "security permission"
error, but I've set use profile acls in profile share. I've also set
to option on client side not to check security settings on above
folders.

I'Ve attached relevant parts of smb.conf, log.smbd and ldif of user.
I hope anybody can help me.

relevant part of log.smbd
[2003/09/06 11:18:36, 2] passdb/pdb_ldap.c:init_sam_from_ldap(460)
  Entry found for user: tilo
[2003/09/06 11:18:36, 2] [2003/09/06 11:18:36, 2]
auth/auth.c:check_ntlm_password(302)
  check_ntlm_password:  authentication for user [tilo] -> [tilo] ->
[tilo] succeeded
  b111-pc16 (192.168.83.16) connect to service profile initially as user
tilo (uid=1546, gid=106) (pid 17106)
[2003/09/06 11:18:36, 2] smbd/open.c:open_file(250)
  tilo opened file Win2K/NTUSER.DAT read=Yes write=No (numopen=1)
[2003/09/06 11:18:36, 2] lib/smbldap.c:smbldap_search_suffix(1068)
 smbldap_search_suffix: searching
for:[(&(sambaSID=S-1-5-21-3371203057-3264423045-2392767973-3092)(objectclass=sambaSamAccou
nt))]
[2003/09/06 11:18:36, 2] smbd/open.c:open_file(250)
  tilo opened file Win2K/NTUSER.INI read=Yes write=No (numopen=2)
[2003/09/06 11:18:46, 2] smbd/close.c:close_normal_file(228)
  tilo closed file Win2K/NTUSER.INI (numopen=1)
[2003/09/06 11:19:52, 0] lib/util_sock.c:read_socket_data(342)
  read_socket_data: recv failure for 4. Error = Die Verbindung wurde vom
Kommunikationspartner zurückgesetzt
[2003/09/06 11:19:52, 2] smbd/server.c:exit_server(558)
  Closing connections
[2003/09/06 11:19:52, 1] smbd/service.c:close_cnum(874)
  b111-pc16 (192.168.83.16) closed connection to service profile
[2003/09/06 11:19:52, 2] smbd/close.c:close_normal_file(228)
  tilo closed file Win2K/NTUSER.DAT (numopen=0)
[2003/09/06 11:19:52, 2] smbd/utmp.c:sys_utmp_update(419)
  utmp_update: uname:/var/run/utmp wname:/var/log/wtmp
[2003/09/06 11:20:21, 2] lib/smbldap.c:smbldap_search_domain_info(1297)
  Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=WMS-NET))]
[2003/09/06 11:20:21, 2] lib/smbldap.c:smbldap_search_suffix(1068)
  smbldap_search_suffix: searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=WMS-NET))]
[2003/09/06 11:20:21, 2] lib/smbldap.c:smbldap_open_connection(625)
  smbldap_open_connection: connection opened
[2003/09/06 11:20:21, 2] smbd/reply.c:reply_special(93)
  netbios connect: name1=WILMA2          name2=B111-PC16
[2003/09/06 11:20:21, 2] smbd/reply.c:reply_special(100)
  netbios connect: local=wilma2 remote=b111-pc16, name type = 0
[2003/09/06 11:20:21, 2] smbd/sesssetup.c:setup_new_vc_session(535)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2003/09/06 11:20:21, 2] smbd/sesssetup.c:setup_new_vc_session(535)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2003/09/06 11:20:21, 2] lib/smbldap.c:smbldap_search_suffix(1068)
  smbldap_search_suffix: searching
for:[(&(sambaSID=S-1-5-21-3371203057-3264423045-2392767973-501)(objectclass=sambaSamAccoun
t))]


relevant part of smb.conf:

[global] # Globale Einstellungen
    netbios name = Wilma2
    workgroup = WMS-NET
    os level = 255
    local master = yes
    bind interfaces only = true
    interfaces =  192.168.0.7/16 127.0.0.1
    security = user
    encrypt passwords = yes
    domain logons = yes
    preferred master = yes
    domain master = yes
    logon script = %I.bat
    logon drive = h:
    #logon path = "\\WILMA2\profile\Win2K"
    logon path = "\\192.168.0.7\profile"
    wins support = yes
    time server = yes
    dead time = 15
    kernel oplocks = yes
    mangle case = yes
    case sensitive = no
    default case = lower
    preserve case = yes
    short preserve case = yes
    name resolve order = wins bcast host lmhosts
    #veto files = /.*/
    printing = cups
    load printers = yes
    username map = /etc/samba/smbusers
    nt acl support = yes
    log level = 2
    max log size = 100000
    use sendfile = yes
    large readwrite = yes
    socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192
SO_RCVBUF=8192
    utmp = yes
    passdb backend = ldapsam:ldap://localhost guest
    algorithmic rid base = 1000
    printing = cups
    printcap name = cups
    load printers = yes
    unix charset = UTF8
    unicode = yes
    display charset = UTF8
    dos charset = ASCII
    unix extensions = yes
        ldap admin dn           =  uid=wilma2,dc=wms-hn,dc=de
        ldap suffix             =             dc=wms-hn,dc=de
        ldap machine suffix     = ou=machines
        ldap group suffix       =   ou=groups
        ldap idmap suffix       =
        ldap user suffix        =   ou=people
        ldap passwd sync = yes



[netlogon]
    comment = The domain logon service
    veto files = //
    path = /samba/netlogon
    create mode = 0600
    directory mode = 0700
    public = no
    writeable = no
    browseable = no
    root preexec = /samba/netlogon/findgroup %I %u %L
    #root postexec = rm /samba/netlogon/%I.bat
    oplocks = no
    level2 oplocks = no
    use sendfile = no


[homes]
    comment = Hier werden private Daten gespeichert.
    include = /samba/prefs/home
    create mask = 777
    guest ok = yes
    public = no
    veto files =/public_html/Maildir/profile/
    create mode = 0600
    directory mode = 0700
    writeable = yes
    follow symlinks = yes
    browseable = no

[profile]
    comment = Hier wird das Benutzerprofil gespeichert
    create mask = 777
    guest ok = no
    public = no
    create mode = 0600
    directory mode = 0700
    writeable = yes
    browseable = no
    follow symlinks = no
    path = /home/%G/%U/profile
    #path = /tmp
    nt acl support = no
    profile acls = yes
    hide files = /desktop.ini/
    #csc policy = disable


Relevant part of user entry as ldif:

# tilo, lehrer, people, wms-hn.de
dn: uid=tilo,ou=lehrer,ou=people,dc=wms-hn,dc=de
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: person
objectClass: organizationalPerson
objectClass: top
objectClass: sambaSamAccount
cn: tilo
sn: tilo
uid: tilo
gidNumber: 106
homeDirectory: /home/lehrer/tilo
uidNumber: 1546
gecos: tilo
loginShell: /bin/bash
shadowLastChange: 12056
shadowMin: 0
shadowMax: 99999
sambaLMPassword: XXX
sambaNTPassword: XXX
sambaPwdLastSet: 1060192824
sambaSID: S-1-5-21-3371203057-3264423045-2392767973-3092
sambaPrimaryGroupSID: S-1-5-21-3371203057-3264423045-2392767973-213
shadowExpire: 21915
givenName: tilo
sambaHomeDrive: H:
userPassword:: XXX
sambaPwdCanChange: 1060279200
sambaPwdMustChange: 1895022847
sambaAcctFlags: [UX         ]
sambaDomainName: WMS-NET



Regards, Tilo

More information about the samba mailing list