[Samba] leaving Profiles on PDC

Mon Feb 21 11:58:41 GMT 2005

hi

I'm trying to configure my samba server and its clients to leave the user
profiles on the server if a user logs on/off.
Windows (2000) seems to synchronize the local profile every time a user logs
on/off, which can't be disabled. so, i thought, why
not use this synchronize "feature" to synchronize the _same_ files ( - or
then - don't touch anything ? )
I searched the registry and found the option "ProfilesDirectory", which was
set to "Dokumente und Einstellungen" (german version) ...I changed this
value
to \\server1\profiles\ so that windows doesn't the profile to "Dokumente und
Einstellungen". This \\server1\profiles share is also the Logon path
(smb.conf):

logon path = \\%N\profiles\%U\

[profiles]
        path=/home/
        writeable = yes
        valid users = root @smbusers

Using this configuration it should be possible, that (if there is no profile
yet) windows creates it, the first time a new user logs on.

windows logon process:
- read "logon path"; is there any profile ?
    - no ? >> create one using the %PROFILESDIR%\username  - variable, which
I changed before to \\server1\profiles (=> \\server1\profiles\username =>
creating on server1)
   ---or ----
   - yes ? >> is the "local" profile (using again %PROFILESDIR%) up to date
? yes it is (because it's not "local" but on server1 (due %PROFILESDIR%),
the 2 profiles are the _same_ files) => don't sync anything
- complete logon process

windows logoff process:
- has the "local" profile changed - or - are the profiles on the pdc and the
"local" profile identical ?
- yes they are (always), because they are both on the server and exact the
same files => don't sync anything
- complete logoff process

in this way it should work - i thought - but there's a strange problem: If I
try to logon with "testuser1", Windows says, that the profile can't be
created; reason: Access denied.
But the user "testuser1" has access to the profiles share (see smb.conf),
"valid users = root @smbusers", because "testuser1" is in group "smbusers".
I switched on samba debug level 2, which told me the following:

server1:/home# smbd -d 2 -i
smbd version 3.0.10-Debian started.
Copyright Andrew Tridgell and the Samba Team 1992-2004
uid=0 gid=0 euid=0 egid=0
Processing section "[netlogon]"
Processing section "[profiles]"
Processing section "[homes]"
added interface ip=192.168.0.100 bcast=192.168.0.255 nmask=255.255.255.0
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
waiting for a connection
netbios connect: name1=SERVER1         name2=PCK-01
netbios connect: local=server1 remote=pck-01, name type = 0
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
netsec_decode: FAILED: packet sequence number:
[000] F1 49 46 7C 3F A5 82 F4                           .IF|?...
should be:
[000] 00 00 00 00 80 00 00 00                           ........
check_ntlm_password:  authentication for user [testuser1] -> [testuser1] ->
[testuser1] succeeded
check_ntlm_password:  authentication for user [testuser1] -> [testuser1] ->
[testuser1] succeeded
pck-01 (192.168.0.234) connect to service profiles initially as user
testuser1 (uid=1000, gid=1000) (pid 860)
guest user (from session setup) not permitted to access this share
(profiles)
guest user (from session setup) not permitted to access this share
(profiles)
guest user (from session setup) not permitted to access this share
(profiles)
guest user (from session setup) not permitted to access this share
(profiles)
guest user (from session setup) not permitted to access this share
(profiles)
guest user (from session setup) not permitted to access this share
(profiles)
guest user (from session setup) not permitted to access this share
(profiles)
guest user (from session setup) not permitted to access this share
(profiles)

the log shows, that windows' error message is true (this time *g*). But why
tries Windows to connect as "guest user", if "testuser1" logs on ?
what can I do ?

Thanks4your help
Christoph