[Samba] XP roaming profile problem (access denied)
Kelly Joyner
some_assembly_reqd at yahoo.com
Tue Jun 15 17:15:57 GMT 2004
Hi! I was hoping someone had seen this problem, and might be able to
help me out with it; I've tried the suggestions I found in the mailing
lists and on web sites, to no avail. I'm running samba 3.0.2 on RHEL 3,
and XP clients seem to occasionally have problems saving the roaming
profile, resulting in error messages and the use of the local profile.
The problem is when renaming prf*tmp files for programs that seem like
they may be using those files when the user is logging out; this is
mostly the ICA client, although I have seen IE cookies cause the error
as well.
I have tried disabling oplocks, and setting CSC policy to disable on the
share, and this reduced the frequency of the error to the point that I
thought I'd solved it, but after a couple of weeks I found two more
occurrences. When the error occurs I get the following in the
USERENV.LOG file on the client machine:
USERENV(208.154) 16:33:37:609 ReconcileFile: Failed to rename file
<E:\scowman\Application Data\ICAClient\Cache\prf5049.tmp> to
<E:\scowman\Application Data\ICAClient\Cache\2E78E792.DMA> with error = 32
USERENV(208.154) 16:33:37:609 ReportError: Impersonating user.
USERENV(208.20c) 16:34:08:687 UnloadUserProfileP: CopyProfileDirectory
returned FALSE for primary profile. Error = 32
USERENV(208.20c) 16:34:08:687 ReportError: Impersonating user.
On the server side, I see only (log level = 2):
scowman opened file scowman/Application Data/ICAClient/Cache/prf5049.tmp
read=
Yes write=No (numopen=5)
[2004/06/09 16:31:14, 2] smbd/close.c:close_normal_file(228) scowman
closed file scowman/Application Data/ICAClient/Cache/prf503B.tmp (numopen=4)
[2004/06/09 16:31:14, 2] smbd/close.c:close_normal_file(228) scowman
closed file scowman/Application Data/ICAClient/Cache/prf5049.tmp (numopen=3)
The relevant portions of my samba config are:
[global]
# netbios name of this server
netbios name = pdc
# domain name of this server
workgroup = khlsc
# use the TDBSAM (Trivial Database SAM) backend to store account info.
passdb backend = tdbsam
# require client to encrypt passwords
encrypt passwords = yes
# Rotate logs when they reach 200MB
max log size = 200000
# This should allow us to bypass requiring signorseal, but turning it
# on breaks XP clients, for some reason.
;server schannel = yes
# Listen for SMB traffic only on port 139. This may help avoid
# lost connection issues under Windows XP.
smb ports = 139
# Run a WINS server
wins support = yes
# Always act as the local master browser
# and domain master browser. Do not allow
# any other system to take over these roles!
domain master = yes
local master = yes
preferred master = yes
os level = 255
# Perform domain authentication.
domain logons = yes
# The profiles share is for storing
# Windows NT/2000/XP roaming profiles.
# Use your own path, and make sure
# the directory exists.
[profiles]
# -- The following options are in effect to resolve the roaming
# profile "access denied" issue.
# Disable opportunistic locking on this share.
oplocks = false
level2 oplocks = false
# Disable client-side caching of profile information.
csc policy = disable
# This should have not effect if oplocks are disabled.
veto oplock files = /prf*.tmp/;
path = /files/profiles
writeable = yes
create mask = 0600
directory mask = 0700
browseable = no
# workaround for Windows 2000 SP4/XP SP1 security issue.
profile acls = yes
Thanks for any assistance!
More information about the samba
mailing list