[Samba] Samba 3.0.4 Profile Permissions

Chuck Chauvin clchauvin at edcaugusta.com
Mon Oct 4 16:27:28 GMT 2004 

When attempting to login to my Samba 3.0.4 PDC from a Windows XP client as a 
user with administrative priveleges (in this case, the user is a member of 
the adm group in Linux and all members of that group are members of the 
Adminstrators group in Windows) I get the following error:


Windows did not load your roaming profile and is attempting to log you on 
with your local profile. Changes to the profile will not be copied to the 
server when you logoff. Windows did not load your profile because a server 
copy of the profile folder already exists that does not have the correct 
security. Either the current user or the Administrator's group must be the 
owner of the folder. Contact your network administrator. 


When I attempt to login using my own account (also a member of that group) I 
get the following error:


Windows cannot log you in now because the domain BAGGINS is not available.


I created a new user account in Linux and Samba called bagginsuser and get 
the same error as when I attempt to login using my account.


This is my smb.conf file for your perusal. Also included at the end of this 
are my log.smbd and log.nmbd files.

Any assistance would be appreciated.


[global]
   workgroup = BAGGINS
   security = user
   encrypt passwords = yes
   passdb backend = smbpasswd
   server string = Domain Controller
   netbios name = BILBO
   add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -
s /bin/false %m$
   domain master = yes
   domain logons = yes
   logon script = logon.cmd
   local master = yes
   preferred master = yes
   os level = 65

[homes]
   comment = Home Directory for %u
   path = /home/%u
   read only = No
   browseable = No

[Projects]
   comment = Project Folders
   path = /data-1/projects
   admin users = @Design, adm, Manager
   read only = No
   create mask = 0775
   force create mode = 0775
   force security mode = 0775
   force directory mode = 0775
   force directory security mode = 0775

[Temp]
   comment = Temporary Space
   path = /data-1/temp
   admin users = @Design, adm, Manager
   read only = No
   create mask = 0777

[Archive]
   comment = Archived Projects
   path = /data-1/archive
   write list = @adm
   security mask = 0755
   directory security mask = 0755
   guest ok = Yes

[netlogon]
   comment = Network Logon Service
   path = /etc/samba/netlogon
   guest ok = Yes

[Profiles]
   path = /home/%u/profile
   browseable = No
   writeable = yes
   nt acl support = yes






My log.smbd

[2004/10/04 11:55:00, 1] smbd/service.c:make_connection_snum(619)
  baggins001 (192.168.1.6) connect to service bagginsadmin initially as user 
bagginsadmin (uid=543, gid=4) (pid 7537)
[2004/10/04 11:55:00, 1] smbd/service.c:close_cnum(801)
  baggins001 (192.168.1.6) closed connection to service bagginsadmin
[2004/10/04 11:55:04, 1] smbd/service.c:make_connection_snum(619)
  baggins001 (192.168.1.6) connect to service bagginsadmin initially as user 
bagginsadmin (uid=543, gid=4) (pid 7537)
[2004/10/04 11:55:13, 1] smbd/service.c:close_cnum(801)
  baggins001 (192.168.1.6) closed connection to service bagginsadmin
[2004/10/04 11:55:14, 1] smbd/service.c:make_connection_snum(619)
  baggins001 (192.168.1.6) connect to service bagginsadmin initially as user 
bagginsadmin (uid=543, gid=4) (pid 7537)
[2004/10/04 11:55:15, 1] smbd/service.c:make_connection_snum(619)
  baggins001 (192.168.1.6) connect to service netlogon initially as user 
bagginsadmin (uid=543, gid=4) (pid 7537)
[2004/10/04 11:56:50, 1] smbd/service.c:close_cnum(801)
  baggins001 (192.168.1.6) closed connection to service netlogon
[2004/10/04 11:58:43, 1] smbd/service.c:make_connection_snum(619)
  baggins001 (192.168.1.6) connect to service Archive initially as user 
bagginsadmin (uid=543, gid=4) (pid 7537)
[2004/10/04 11:58:43, 1] smbd/service.c:make_connection_snum(619)
  baggins001 (192.168.1.6) connect to service Projects initially as user 
bagginsadmin (uid=543, gid=4) (pid 7537)
[2004/10/04 11:58:43, 1] smbd/service.c:make_connection_snum(619)
  baggins001 (192.168.1.6) connect to service Temp initially as user 
bagginsadmin (uid=543, gid=4) (pid 7537)
[2004/10/04 11:59:05, 0] rpc_parse/parse_samr.c:init_sam_user_info21A(5988)
  init_sam_user_info_21A: User bagginsadmin has Primary Group SID S-1-5-32-
544,
  which conflicts with the domain sid S-1-5-21-2763611909-969304523-
3334035465.  Failing operation.
[2004/10/04 12:00:21, 1] smbd/service.c:close_cnum(801)
  baggins001 (192.168.1.6) closed connection to service bagginsadmin
[2004/10/04 12:00:24, 1] smbd/service.c:make_connection_snum(619)
  baggins001 (192.168.1.6) connect to service bagginsadmin initially as user 
bagginsadmin (uid=543, gid=4) (pid 7537)
[2004/10/04 12:00:24, 1] smbd/service.c:close_cnum(801)
  baggins001 (192.168.1.6) closed connection to service bagginsadmin
[2004/10/04 12:01:23, 1] smbd/service.c:close_cnum(801)
  baggins001 (192.168.1.6) closed connection to service Archive
[2004/10/04 12:01:23, 1] smbd/service.c:close_cnum(801)
  baggins001 (192.168.1.6) closed connection to service Projects
[2004/10/04 12:01:23, 1] smbd/service.c:close_cnum(801)
  baggins001 (192.168.1.6) closed connection to service Temp




My log.nmbd

  *****
[2004/10/04 08:34:07, 0] nmbd/nmbd.c:terminate(54)
  Got SIGTERM: going down...
[2004/10/04 09:59:49, 0] nmbd/nmbd.c:main(664)
  Netbios nameserver version 3.0.4-SUSE started.
  Copyright Andrew Tridgell and the Samba Team 1994-2004
[2004/10/04 09:59:49, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
  add_domain_logon_names:
  Attempting to become logon server for workgroup BAGGINS on subnet 
192.168.1.100
[2004/10/04 09:59:49, 0] 
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(282)
  become_domain_master_browser_bcast:
  Attempting to become domain master browser on workgroup BAGGINS on subnet 
192.168.1.100
[2004/10/04 09:59:49, 0] 
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(295)
  become_domain_master_browser_bcast: querying subnet 192.168.1.100 for 
domain master browser on workgroup BAGGINS
[2004/10/04 09:59:53, 0] nmbd/nmbd_logonnames.c:become_logon_server_success
(124)
  become_logon_server_success: Samba is now a logon server for workgroup 
BAGGINS on subnet 192.168.1.100
[2004/10/04 09:59:57, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2
(113)
  *****

  Samba server BILBO is now a domain master browser for workgroup BAGGINS on 
subnet 192.168.1.100

  *****
[2004/10/04 10:00:13, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2
(396)
  *****

  Samba name server BILBO is now a local master browser for workgroup 
BAGGINS on subnet 192.168.1.100

  *****


--
Chuck Chauvin
Network Administrator
clchauvin at edcaugusta.com

More information about the samba mailing list