[Samba] Samba 3.0.9 PDC - Saving roaming user profiles from windows 2000 sp4 (w2k) failed

Alexander Hoff AHoff_04 at bian-fu.net
Sat Dec 4 10:55:00 GMT 2004 

Hello,

i must admit that i'm totally lost. After working a lot of hours my new samba server is still not running fine. I had read a lot of papers but i have no idea what's going wrong.

My goal:
---------
Samba 3.0.9 (Fedora Core 2) working as a PDC for windows 2000 professional client (with sp4 and all hotfixes applied) _with_ roaming user profiles.

My status:
----------
* root/Administrator can log on the samba pdc from any windows 2000 client using my domain "stargate". _Everything_ is working fine.

* any other user can log on the samba pdc from any windows 2000 client using my domain. Profiles beeing located on the samba server (if present) will be used, but windows never updates the user's profile.

If there's no user profile present on the samba server, windows creates a new directory in the profile directory for the user on the samba server during logout, but windows doesn't copy any files to this new directory.

My question(s):
--------------
Which configuration settings on the windows or the samba side can prevent windows from updating it's profile on the samba server as far as users (not admins) are concerned?

My configuration:
------------------

smb.conf (extract):
=====================

workgroup = STARGATE
netbios name = GATE
domain master = Yes
preferred master = Yes
os level = 64
security = user
admin users = root, @smbadmins
guest account = nobody
password server = PDC BDC
passdb backend = tdbsam
username map = /etc/samba/smbusers
domain logons = Yes
logon path = \\%L\profiles\%U
logon drive = z:
name resolve order = host lmhosts wins bc
wins support = yes
dns proxy = yes

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
idmap uid = 15000-20000
idmap gid = 15000-20000
winbind use default domain = no

[netlogon]
comment = Netlogon Share (Read-Only)
path = /srv/smb/netlogon
valid users = root, @smbusers
admin users = root, @smbadmins
browseable = No
writable = No
share modes = No
guest ok  = No

[profiles]
comment = Roaming Profile Share
path = /srv/smb/profiles
profile acls = No # i also tried "profile acls = Yes"
browseable = Yes
writeable = Yes

/etc/samba/smbusers:
====================
root = administrator
nobody = guest pcguest smbguest

initGrps.sh
============
(has been executed during samba setup)

# Map Windows Domain Groups to UNIX groups
net groupmap modify ntgroup="Domain Admins"  unixgroup=root
net groupmap modify ntgroup="Domain Users"   unixgroup=smbusers
net groupmap modify ntgroup="Domain Guests"  unixgroup=nobody

pdbedit  -v -L (extract):
=========================
Unix username:        starship-desktop$
NT username:          
Account Flags:        [W          ]
User SID:             S-1-5-21-1238991123-4049683364-3362944609-2402
Primary Group SID:    S-1-5-21-1238991123-4049683364-3362944609-2025
Full Name:            SMB Machine Account
Home Directory:       \\gate\starship-desktop_
HomeDir Drive:        z:
Logon Script:         starship-desktop_.bat
Profile Path:         \\gate\profiles\starship-desktop_
Domain:               STARGATE
Account desc:         
Workstations:         
Munged dial:          
Logon time:           0
Logoff time:          Fr, 13 Dez 1901 21:45:51 GMT
Kickoff time:         Fr, 13 Dez 1901 21:45:51 GMT
Password last set:    Mi, 01 Dez 2004 18:35:24 GMT
Password can change:  Mi, 01 Dez 2004 18:35:24 GMT
Password must change: Fr, 13 Dez 1901 21:45:51 GMT
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
---------------
Unix username:        starship
NT username:          
Account Flags:        [UX         ]
User SID:             S-1-5-21-1238991123-4049683364-3362944609-2002
Primary Group SID:    S-1-5-21-1238991123-4049683364-3362944609-1201
Full Name:            Starship
Home Directory:       \\gate\starship
HomeDir Drive:        z:
Logon Script:         starship.bat
Profile Path:         \\gate\profiles\starship
Domain:               GATE
Account desc:         
Workstations:         
Munged dial:          
Logon time:           0
Logoff time:          Fr, 13 Dez 1901 21:45:51 GMT
Kickoff time:         Fr, 13 Dez 1901 21:45:51 GMT
Password last set:    Do, 02 Dez 2004 21:45:01 GMT
Password can change:  Do, 02 Dez 2004 21:45:01 GMT
Password must change: Fr, 13 Dez 1901 21:45:51 GMT
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

ls -al /srv/smb:
================
drwxr-x---   2 root smbusers   4096 21. Nov 20:12 netlogon
drwxrwxrwx   5 root smbusers   4096  3. Dez 21:03 profiles
drwxrwx---  11 root smbusers   4096 24. Nov 16:09 shared

ls -al /srv/smb/profiles:
=========================
drwx------  16 root     root        4096  3. Dez 17:43 root
drwx------+ 14 starship smbusers    4096  3. Dez 20:56 starship

I would really appreciate any help. Thanks in advance.

Best regards,

Alex

More information about the samba mailing list