[Samba] Profiles and PDC

Jonathan Knight jonathan at cs.keele.ac.uk
Wed Sep 29 18:07:11 GMT 2004

We have severla samba servers which we've just tried to upgrade to using the
domain based security.

Most things seem to be fine but there is one problem which is causing some

Roaming profiles are decalred on the PDC to be:

          logon path = \\ufs.%G\%U\Profiles

which resolves to a folder called Profiles in the users home directory.
The server ufs.%G is not the same server as the PDC.  When we try to log in
we get a message telling us that there is a security problem with the
Roaming profile and it refuses to download.  However the folder "Profiles"
does get created on the users home directory.  In the samba log files we get
the error:

  rm43pc066-kopen ( signed connect to service csa01 initially as user csa01 (uid=732, gid=426) (pid 31918)
[2004/09/29 18:03:11, 0] smbd/posix_acls.c:create_canon_ace_lists(1385)
  create_canon_ace_lists: unable to map SID S-1-5-21-1129199182-1858052969-2540920885-2464 to uid or gid.

However once logged in we can browse and play with the folder with no

We're running samba 3.0.7 on fedora-2 with acl support.

Using %N/Profiles/%U as the logon path works fine but we want the profiles
to be in the users home directory and not on the PDC.

  ______    jonathan at cs.keele.ac.uk    Jonathan Knight,
    /                                  Department of Computer Science
   / _   __ Telephone: +44 1782 583437 University of Keele, Keele,
(_/ (_) / / Fax      : +44 1782 713082 Staffordshire.  ST5 5BG.  U.K.

More information about the samba mailing list