[SAMBA] Roaming Profiles problem

Alexander Gustafsson alexg at bredband.net
Thu Jan 22 16:45:01 GMT 2004 

Background:
I've setup my server (name:firewall) to acts as a PDC, and to use roaming 
profiles. I am using Windows XP with sp1 on the client machines.

Problem:
When I login to my domain (panacea) I get the following error-message:


--------------------------------------------------------------------------
Windows cannot locate the server copy of your roaming profile and is
attempting to log you on with your local profile. Changes to the profile
will not be copied to the server when you logoff. Possible causes of this
error include network problems or insufficient security rights. If this
problem persists, contact your network administrator.   

DETAIL - The filename, directory name, or volume label syntax is incorrect.
--------------------------------------------------------------------------


I can manually mount \\firewall\profiles\alexander, and in that directory I
can create files etc. I have also enabled the "Do not check for user
ownership of Roaming Profiles Folders".  I've attached all the relevant
information of my system...

Please help :)
Best regards Alexander


###########################################################################
##### Names #####
Domain: Panacea
Server: Firewall (192.168.0.1)
Host: Slave (192.168.0.3)
Linux: Debian (testing)
Samba: Version 3.0.0-Debian


###########################################################################
##### smb.conf #####
[global]

####### Browsing/Identification ########
   workgroup = PANACEA
   netbios name = FIREWALL
   server string = %h
   browseable = yes
   guest account = samba
   invalid users = @wheel, mail, daemon, adt
   lock directory = /var/lock/samba/locks
   wins support = yes
   name resolve order = lmhosts bcast wins hosts
   interfaces = eth1
   bind interfaces only = yes

####### Logging #######
   log file = /var/log/samba/log.%m
   syslog = 2
   max log size = 1000
   panic action = /usr/share/samba/panic-action %d

############ Performance/Tuning ############
   getwd cache = yes
   socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
   keep alive = 60
   dead time = 30

####### Authentication/Net Bios #######
   security = user
   encrypt passwords = true
   domain logons = yes
   os level = 34
   local master = yes
   preferred master = yes
   domain master = yes
   add user script = /usr/sbin/useradd -d /dev/null -g machines -s
/bin/false -M %u

####### Profiles #######
   logon drive = h:
   logon home = "\\%L\%U"
   logon path = "\\%L\profiles\%u"
   logon script = login.bat
   profile acls = yes

####### Password #######
   unix password sync = yes
   pam password change = yes
   obey pam restrictions = yes
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
   passwd program = /usr/bin/passwd %u
   passdb backend = tdbsam guest

########## Printing ##########
   load printers = yes
   printing = cups
   printcap name = cups
   #printcap name = /var/run/cups/printcap
   printer admin = @ntadmin


[netlogon]
   comment = Network Logon Service
   path = /panacea/users/netlogon
   guest ok = Yes

[profiles]
   path = /panacea/users/profiles
   read only = no
   create mask = 0744
   directory mask = 0744
   writable = yes
   browseable = yes
   csc policy = disable
   profile acls = yes 
   nt acl support = yes

[homes]
   comment = "Home Directory for : %u "
   path = /panacea/users/%u
   guest ok = no
   read only = no
   create mask = 700
   directory mask = 700
   writable = yes
   browseable = no



###########################################################################
##### User information #####
pdbedit -Lv -u alexander
Unix username:        alexander
NT username:          
Account Flags:        [U          ]
User SID:             S-1-5-21-198119243-2907378319-2784864356-3000
Primary Group SID:    S-1-5-21-198119243-2907378319-2784864356-3001
Full Name:            Alexander Gustafsson
Home Directory:       "\\firewall\alexander"
HomeDir Drive:        h:
Logon Script:         login.bat
Profile Path:         "\\firewall\profiles\%u"
Domain:               FIREWALL

# This is the user account
cat /etc/passwd | grep alexander
alexander:x:1001:100:Alexander Gustafsson,,,:/home/alexander:/bin/bash

# This is the Host account
cat /etc/passwd | grep slave    
slave$:*:1000:100:Host slave,,,:/dev/null:/dev/null


###########################################################################
##### Directories/Permissions #####
I know that this system is "wide" open, but I thought the problem could be
permission related, so that's why I used 1777.

root at firewall:/panacea/users# ls -la
drwxr-xr-x    7 root     root         4096 Jan 21 22:04 .
drwxr-xr-x    4 root     root         4096 Dec 28 16:42 ..
drwx------    9 alexander users        4096 Jan 22 14:10 alexander
drwxrwxrwx    2 root     users        4096 Dec 28 16:39 netlogon
drwxrwxrwt    5 root     users        4096 Jan 22 15:20 profiles

root at firewall:/panacea/users/netlogon# ls -la
drwxrwxrwx    2 root     users        4096 Dec 28 16:39 .
drwxr-xr-x    7 root     root         4096 Jan 21 22:04 ..

root at firewall:/panacea/users/profiles# l
drwxrwxrwt    5 root     users        4096 Jan 22 15:20 .
drwxr-xr-x    7 root     root         4096 Jan 21 22:04 ..
drwxrwxrwt   13 root     users        4096 Jan 22 15:20 alexander

root at firewall:/panacea/users/profiles/alexander# ls -la
total 1080
drwxrwxrwt   13 root     users        4096 Jan 22 15:20 .
drwxrwxrwt    5 root     users        4096 Jan 22 15:20 ..
drwxrwxrwt    6 root     users        4096 Jan 22 15:20 Application Data
drwxrwxrwt    2 root     users        4096 Jan 22 15:20 Cookies
drwxrwxrwt    2 root     users        4096 Jan 22 15:20 Desktop
drwxrwxrwt    3 root     users        4096 Jan 22 15:22 Favorites
drwxrwxrwt    5 root     users        4096 Jan 22 15:20 My Documents
drwxrwxrwt    2 root     users        4096 Jan 22 15:20 NetHood
drwxrwxrwt    2 root     users        4096 Jan 22 15:20 PrintHood
drwxrwxrwt    2 root     users        4096 Jan 22 15:20 Recent
drwxrwxrwt    2 root     users        4096 Jan 22 15:20 SendTo
drwxrwxrwt    3 root     users        4096 Jan 22 15:20 Start Menu
drwxrwxrwt    2 root     users        4096 Jan 22 15:20 Templates
-rwxrwxrwt    1 root     users     1048576 Jan 22 15:20 ntuser.dat


###########################################################################
##### #####
cat log.slave
[2004/01/22 16:00:11, 1] smbd/service.c:close_cnum(880)
  slave (192.168.0.3) closed connection to service profiles
[2004/01/22 16:00:20, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1357)
  failed to decode PDU
[2004/01/22 16:00:20, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
  process_request_pdu: failed to do schannel processing.
[2004/01/22 16:00:36, 1] smbd/service.c:make_connection_snum(698)
  slave (192.168.0.3) connect to service netlogon initially as user
alexander (uid=1001, gid=100) (pid 7540)
[2004/01/22 16:00:47, 1] smbd/service.c:close_cnum(880)
  slave (192.168.0.3) closed connection to service netlogon
[2004/01/22 16:00:50, 0] rpc_server/srv_util.c:get_domain_user_groups(371)
  get_domain_user_groups: primary gid of user [slave$] is not a Domain group
!
  get_domain_user_groups: You should fix it, NT doesn't like that
[2004/01/22 16:00:50, 0] rpc_server/srv_util.c:get_alias_user_groups(219)
  get_alias_user_groups: gid of user slave$ doesn't exist. Check your
/etc/passwd and /etc/group files
[2004/01/22 16:00:56, 1] smbd/service.c:close_cnum(880)
  slave (192.168.0.3) closed connection to service alexander
[2004/01/22 16:00:56, 1] smbd/service.c:close_cnum(880)

cat log.smbd
[2004/01/22 16:01:00, 0] lib/util_sock.c:get_socket_addr(919)
  getpeername failed. Error was Transport endpoint is not connected

More information about the samba mailing list