[Samba] Roaming Profiles & oplocks problems

Rob Mason rob at cissp.org.uk
Sun Oct 16 20:22:23 GMT 2005 

Craig White wrote:

>On Sun, 2005-10-16 at 20:14 +0100, Rob Mason wrote:
>  
>
>>Craig White wrote:
>>
>>    
>>
>>>On Sun, 2005-10-16 at 19:58 +0100, Rob Mason wrote:
>>> 
>>>
>>>      
>>>
>>>>I'm running FreeBSD 5.4-STABLE with Samba 3.0.20 configured as a PDC
>>>>serving a small-ish network (10 XP hosts).  My problem concerns roaming
>>>>profiles - some XP clients take ages to logon and logoff.  On doing some
>>>>Googling I identified the 'profile acls' parameter as being a likely
>>>>fix.  However, I seem to have got myself into one of two scenarios:
>>>>
>>>>a) With 'profile acls' switched on my XP clients logon more-or-less
>>>>immediately, but fail to save their roaming profile when logging off. 
>>>>The samba logs show "request_oplock_break: no response received..."
>>>>
>>>>or
>>>>
>>>>b) With 'profile acls' switched off my XP clients take an age to logon
>>>>and logoff, but the profiles are saved OK.
>>>>
>>>>I've spent days trying various permitations, but to no avail.  Can
>>>>anyone shed any light or ideas for trouble shooting this problem????
>>>>
>>>>
>>>>My smb.conf is:
>>>>   
>>>>
>>>>        
>>>>
>>> 
>>>
>>>      
>>>
>>>>[profiles]
>>>>       path = /home/profiles
>>>>       #valid users = %U, administrator
>>>>       #force user = %U
>>>>       read only = No
>>>>       create mask = 0600
>>>>       directory mask = 0700
>>>>       #profile acls = yes
>>>>   
>>>>
>>>>        
>>>>
>>>----
>>>this works for me...
>>>
>>>[Profiles]
>>>       path = /home/samba/profiles
>>>       browseable = no
>>>       guest ok = no
>>>       writeable = yes
>>>       create mask = 600
>>>       directory mask = 700
>>>       profile acls = yes
>>>       csc policy = disable
>>>
>>># ls -ld /home/samba/profiles/
>>>drwxrwx---  6 root dom_users 4096 Aug 22 16:58 /home/samba/profiles/
>>>
>>>(make sure that your /home/profiles is set with proper permissions too.
>>>
>>>Craig
>>>
>>>
>>> 
>>>
>>>      
>>>
>>Thanks Craig - can I confirm the permissions.  It should be:
>>
>>profiles = chmod'd 0755 owned and group owned by root
>>profiles/user = chmod'd 0770 owned and group owned by user
>>
>>Is this correct?
>>    
>>
>----
>I don't think so
>
># ls -ld /home/samba/profiles/
>drwxrwx---  6 root dom_users 4096 Aug 22 16:58 /home/samba/profiles/
>
># ls -l /home/samba/profiles/
>total 32
>drwxrwx---  13 Administrator dom_users 4096 Sep 23 22:51 Administrator
>drwxrwx---  19 craig         dom_users 4096 Oct  5 08:00 craig
>drwxrwx---  16 jennifer      dom_users 4096 Jan 26  2005 jennifer
>drwxrwx---  13 patricia      dom_users 4096 Jul 10 22:36 patricia
>
># net groupmap list |grep "Domain Users"
>Domain Users (S-1-5-21-1423820788-2381578139-3444021595-513) ->
>dom_users
>
>Thus the main directory and the actual profiles are owned by the group
>"Domain Users" who have rwx permissions and in the profile directory,
>the user owns their own directories...not root
>
>Craig
>
>
>  
>
Craig White wrote:

> <snip>
>
>I don't think so
>
># ls -ld /home/samba/profiles/
>drwxrwx---  6 root dom_users 4096 Aug 22 16:58 /home/samba/profiles/
>
># ls -l /home/samba/profiles/
>total 32
>drwxrwx---  13 Administrator dom_users 4096 Sep 23 22:51 Administrator
>drwxrwx---  19 craig         dom_users 4096 Oct  5 08:00 craig
>drwxrwx---  16 jennifer      dom_users 4096 Jan 26  2005 jennifer
>drwxrwx---  13 patricia      dom_users 4096 Jul 10 22:36 patricia
>
># net groupmap list |grep "Domain Users"
>Domain Users (S-1-5-21-1423820788-2381578139-3444021595-513) ->
>dom_users
>
>Thus the main directory and the actual profiles are owned by the group
>"Domain Users" who have rwx permissions and in the profile directory,
>the user owns their own directories...not root
>
>Craig
>
>
>  
>

Hi Craig,

I've copied my /home/profiles to /usr/local/profiles and amended the
permissions as follows:

# ls -ld profiles
drwxrwx---  7 root  ntuser  512 Oct 16 20:09 profiles

# ls -ld masonr
drwxrwx---  13 masonr  ntuser  512 Oct 16 20:07 masonr

# net groupmap list |grep "Domain Users"
Domain Users (S-1-5-21-2172559920-1503628540-3826915466-513) -> ntuser

I have chowned and chmoded the files in the directories to reflect the
correct permissions folloiwng the copy from /home/profiles.  My samba
logs now give me:

[2005/10/16 21:04:50, 0] smbd/oplock.c:oplock_break(866)
  oplock_break: receive_smb timed out after 30 seconds.
  oplock_break failed for file masonr/prf62A.tmp (dev = 417, inode =
1271829, file_id = 146).
[2005/10/16 21:04:50, 0] smbd/oplock.c:oplock_break(943)
  oplock_break: client failure in oplock break in file masonr/prf62A.tmp
[2005/10/16 21:04:54, 1] smbd/service.c:close_cnum(835)
  rob (192.168.200.10) closed connection to service profiles

Roaming profile still fails to update :-(

My new smb.conf (abridged) is:
[global]
        workgroup = BSDBOX
        netbios name = SERVER
        server string = BSDBox
        interfaces = 192.168.200.254
        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=16384
SO_RCVBUF=16384
        hosts allow = 192.168.200., 172.16.200., localhost

        passdb backend = tdbsam
        passwd program = /usr/bin/passwd -l %u
        passwd chat = *Password* %n\n *Password* %n\n *Changed*\n
        unix password sync = Yes
        username map = /usr/local/etc/samba/smbusers

        log level = 1
        log file = /var/log/samba/%m.log
        max log size = 50

        printing = cups
        printcap name = cups

        logon script = netlogon.cmd
        logon path = \\%L\profiles\%U
        logon drive = Z:
        logon home = \\%L\%U
        domain logons = Yes
        os level = 65
        preferred master = Yes
        domain master = Yes
        wins support = Yes
        remote announce = 172.16.200.255
        #time server = yes
        #case sensitive = auto

        admin users = root
        hide unreadable = Yes
        create mask = 0644
        add group script = /usr/local/etc/samba/smbgrpadd.sh "%g"
        delete group script = /usr/local/etc/samba/smbgrpdel.sh "%g"

#       veto oplock files = /*.doc/*.xls/*.mdb/

[profiles]
        #path = /home/profiles
        path = /usr/local/profiles
        #valid users = %U, administrator
        #force user = %U
        read only = No
        guest ok = No
        browseable = No
        create mask = 0600
        directory mask = 0700
        profile acls = yes
        csc policy = disable

[netlogon]
        path = /home/netlogon
        write list = root
        browseable = No
        read only = Yes
#       locking = No

[homes]
        comment = Home Directories
        read only = No
        create mask = 0600
        directory mask = 0700
        browseable = No

[tmp]
        comment = Temporary file space
        path = /tmp
        read only = No
        directory mask = 0775
        guest ok = Yes
        browseable = No

More information about the samba mailing list