[Samba] XP Profile write ok, no read.
Louis van Belle
louis at van-belle.nl
Wed Sep 14 15:08:21 GMT 2005
Hi,
I still have a problem with samba and profiles.
The profile is correctly written to the profile share.
but when i logon a other computer, logon takes ages..
and im unable to do anything registry is locked for example.
( see logs below )
when i copy the network profile to the local computer there
is no problem. ( because the local profile is used )
OS : Linux Kernel 2.6.11 ( custom build )
Debian Sarge 3.1 (stable)
Samba 3.014a-debian
Ldap 2.2.23-8 ( debian )
smbldap-tools 0.8.7-4 (debian)
i have the nt Usrmgr.exe working, no problems.
i cups with nt point en print setup, no problems.
i have kix logon script working.
i also use nfs without problems
i use acl en ext3 and no problem.
i use policies with folder redirection, no problems.
the starting rights on /home/samba/profiles is 777
user directories are automaticly created with 700
my base was the idealx setup. ( but debianized )
i have added these reg keys in my computers
[HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"="Temporary Internet Files;History;Temp"
;-------------------------------------------------------------------------
; force Windows XP Professional clients to accept Samba as a PDC
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"requiresignorseal"=dword:00000000
"signsecurechannel"=dword:00000000
;-------------------------------------------------------------------------
; Do not check for user ownership of Roaming Profile Folders
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"CompatibleRUPSecurity"=dword:00000001
I have in my smb.conf the following
[profiles]
path = /home/samba/profiles
comment = Profiel omgeving
read only = no
create mask = 0600
directory mask = 0700
browseable = Yes
guest ok = Yes
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles
force user = %U
# next line allows administrator to access all profiles
valid users = %U @"Domain Admins"
this in the user/computer samba log :
[2005/09/14 16:27:53, 2] rpc_parse/parse_prs.c:netsec_decode(1594)
netsec_decode: FAILED: packet sequence number:
[2005/09/14 16:27:53, 2] lib/util.c:dump_data(1995)
[000] 3C C7 63 37 99 18 D6 F2 <.c7....
[2005/09/14 16:27:53, 2] rpc_parse/parse_prs.c:netsec_decode(1596)
should be:
[2005/09/14 16:27:53, 2] lib/util.c:dump_data(1995)
[000] 00 00 00 00 80 00 00 00 ........
[2005/09/14 16:27:54, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2005/09/14 16:27:54, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
init_sam_from_ldap: Entry found for user: ms249-wxp-043$
[2005/09/14 16:27:54, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
init_sam_from_ldap: Entry found for user: ehouh
[2005/09/14 16:27:54, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000)
init_group_from_ldap: Entry found for group: 2005
[2005/09/14 16:27:54, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000)
init_group_from_ldap: Entry found for group: 2017
[2005/09/14 16:27:54, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [ehouh] -> [ehouh] ->
[ehouh] succeeded
[2005/09/14 16:27:55, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580)
Returning domain sid for domain BAZUIN ->
S-1-5-21-1569642236-1413433477-3613035652
[2005/09/14 16:27:55, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
init_sam_from_ldap: Entry found for user: ehouh
[2005/09/14 16:27:55, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
init_sam_from_ldap: Entry found for user: ehouh
[2005/09/14 16:27:55, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [ehouh] -> [ehouh] ->
[ehouh] succeeded
[2005/09/14 16:27:55, 2] smbd/utmp.c:sys_utmp_update(419)
utmp_update: uname:/var/run/utmp wname:/var/log/wtmp
[2005/09/14 16:27:55, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
init_sam_from_ldap: Entry found for user: ehouh
[2005/09/14 16:27:55, 1] smbd/service.c:make_connection_snum(642)
ms249-wxp-043 (192.168.249.132) connect to service profiles initially as
user ehouh (uid=2132, gid=513) (pid 13913)
this is in the userenv.log from xp ( sp 2)
USERENV(27c.280) 16:28:16:828 GetUserGuid: Failed to get user guid with
1355.
USERENV(27c.280) 16:28:16:828 GetUserGuid: Failed to get user guid with
1355.
USERENV(27c.280) 16:28:16:953 GetUserGuid: Failed to get user guid with
1355.
USERENV(27c.280) 16:28:17:984 GetSpecialFolderPath : ShGetSpecialFolderPath
failed, hr = 800703F0
USERENV(6e0.6f4) 16:28:18:296 MigrateNT4ToNT5: Failed to get root registry
key with 0
USERENV(28c.290) 16:29:02:421 CUserProfile::GetRefCountAndFlags:
RegQueryValueEx failed, key =
S-1-5-21-1569642236-1413433477-3613035652-5264, error = 00000002
USERENV(28c.290) 16:29:02:468 CUserProfile::CleanupUserProfile: Can not get
ref count and flags
USERENV(28c.290) 16:29:02:468 CUserProfile::CleanupUserProfile: Ref Count is
not 0
USERENV(28c.290) 16:29:02:468 CUserProfile::CleanupUserProfile: Ref Count is
not 0
USERENV(28c.290) 16:29:02:468 CUserProfile::CleanupUserProfile: Ref Count is
not 0
USERENV(28c.458) 16:29:18:281 GetGPOInfo: Local GPO's gpt.ini is not
accessible, assuming default state.
USERENV(28c.290) 16:29:49:359 GetUserDNSDomainName: MyGetUserNameEx failed
for NameDnsDomain style name with 1332
USERENV(2c4.328) 16:29:49:406 GetUserDNSDomainName: MyGetUserNameEx failed
for NameDnsDomain style name with 1332
USERENV(2c4.328) 16:29:49:421 GetUserDNSDomainName: MyGetUserNameEx failed
for NameDnsDomain style name with 1332
USERENV(28c.290) 16:29:50:140 GetUserDNSDomainName: MyGetUserNameEx failed
for NameDnsDomain style name with 1332
USERENV(28c.1d0) 16:29:50:171 GetGPOInfo: Local GPO's gpt.ini is not
accessible, assuming default state.
Error code 1332 = No mapping between account names and security IDs was
done.
Error code 1355 = The specified domain either does not exist or could not be
contacted.
???????
what's going wrong , i'm out of options and tried a lot.
Please somebody help.
This is the only thing what isnt working now :-(
Louis
More information about the samba
mailing list