[Samba] XP Profile write ok, no read.

Louis van Belle louis at van-belle.nl
Wed Sep 14 15:08:21 GMT 2005


Hi,

I still have a problem with samba and profiles.
The profile is correctly written to the profile share.
but when i logon a other computer, logon takes ages..
and im unable to do anything registry is locked for example. 
( see logs below ) 
when i copy the network profile to the local computer there
is no problem. ( because the local profile is used ) 

OS : Linux Kernel 2.6.11  ( custom build )
     Debian Sarge 3.1 (stable) 
     Samba 3.014a-debian
     Ldap  2.2.23-8 ( debian ) 
     smbldap-tools  0.8.7-4  (debian)

	i have the nt Usrmgr.exe working, no problems.
	i cups with nt point en print setup, no problems.
	i have kix logon script working.
	i also use nfs without problems
	i use acl en ext3 and no problem.
	i use policies with folder redirection, no problems.
	
	the starting rights on /home/samba/profiles is 777
	user directories are automaticly created with 700
	
	my base was the idealx setup. ( but debianized ) 

	i have added these reg keys in my computers
	
	[HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon]
	"ExcludeProfileDirs"="Temporary Internet Files;History;Temp"
	
;-------------------------------------------------------------------------
	; force Windows XP Professional clients to accept Samba as a PDC
	
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
	"requiresignorseal"=dword:00000000
	"signsecurechannel"=dword:00000000 
	
;-------------------------------------------------------------------------
	; Do not check for user ownership of Roaming Profile Folders
	[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
	"CompatibleRUPSecurity"=dword:00000001


I have  in my smb.conf the following
[profiles]
        path = /home/samba/profiles
        comment = Profiel omgeving
        read only = no
        create mask = 0600
        directory mask = 0700
        browseable = Yes
        guest ok = Yes
        profile acls = yes
        csc policy = disable
        # next line is a great way to secure the profiles
        force user = %U
        # next line allows administrator to access all profiles
        valid users = %U @"Domain Admins"

this in the user/computer samba log : 

[2005/09/14 16:27:53, 2] rpc_parse/parse_prs.c:netsec_decode(1594)
  netsec_decode: FAILED: packet sequence number:
[2005/09/14 16:27:53, 2] lib/util.c:dump_data(1995)
  [000] 3C C7 63 37 99 18 D6 F2                           <.c7....
[2005/09/14 16:27:53, 2] rpc_parse/parse_prs.c:netsec_decode(1596)
  should be:
[2005/09/14 16:27:53, 2] lib/util.c:dump_data(1995)
  [000] 00 00 00 00 80 00 00 00                           ........
[2005/09/14 16:27:54, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/09/14 16:27:54, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
  init_sam_from_ldap: Entry found for user: ms249-wxp-043$
[2005/09/14 16:27:54, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
  init_sam_from_ldap: Entry found for user: ehouh
[2005/09/14 16:27:54, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000)
  init_group_from_ldap: Entry found for group: 2005
[2005/09/14 16:27:54, 2] passdb/pdb_ldap.c:init_group_from_ldap(2000)
  init_group_from_ldap: Entry found for group: 2017
[2005/09/14 16:27:54, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [ehouh] -> [ehouh] ->
[ehouh] succeeded
[2005/09/14 16:27:55, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2580)
  Returning domain sid for domain BAZUIN ->
S-1-5-21-1569642236-1413433477-3613035652
[2005/09/14 16:27:55, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
  init_sam_from_ldap: Entry found for user: ehouh
[2005/09/14 16:27:55, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
  init_sam_from_ldap: Entry found for user: ehouh
[2005/09/14 16:27:55, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [ehouh] -> [ehouh] ->
[ehouh] succeeded
[2005/09/14 16:27:55, 2] smbd/utmp.c:sys_utmp_update(419)
  utmp_update: uname:/var/run/utmp wname:/var/log/wtmp
[2005/09/14 16:27:55, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
  init_sam_from_ldap: Entry found for user: ehouh
[2005/09/14 16:27:55, 1] smbd/service.c:make_connection_snum(642)
  ms249-wxp-043 (192.168.249.132) connect to service profiles initially as
user ehouh (uid=2132, gid=513) (pid 13913)

this is in the userenv.log from xp ( sp 2)

USERENV(27c.280) 16:28:16:828 GetUserGuid: Failed to get user guid with
1355.
USERENV(27c.280) 16:28:16:828 GetUserGuid: Failed to get user guid with
1355.
USERENV(27c.280) 16:28:16:953 GetUserGuid: Failed to get user guid with
1355.
USERENV(27c.280) 16:28:17:984 GetSpecialFolderPath : ShGetSpecialFolderPath
failed, hr = 800703F0
USERENV(6e0.6f4) 16:28:18:296 MigrateNT4ToNT5: Failed to get root registry
key with 0
USERENV(28c.290) 16:29:02:421 CUserProfile::GetRefCountAndFlags:
RegQueryValueEx failed, key =
S-1-5-21-1569642236-1413433477-3613035652-5264, error = 00000002
USERENV(28c.290) 16:29:02:468 CUserProfile::CleanupUserProfile: Can not get
ref count and flags
USERENV(28c.290) 16:29:02:468 CUserProfile::CleanupUserProfile: Ref Count is
not 0
USERENV(28c.290) 16:29:02:468 CUserProfile::CleanupUserProfile: Ref Count is
not 0
USERENV(28c.290) 16:29:02:468 CUserProfile::CleanupUserProfile: Ref Count is
not 0
USERENV(28c.458) 16:29:18:281 GetGPOInfo:  Local GPO's gpt.ini is not
accessible, assuming default state.
USERENV(28c.290) 16:29:49:359 GetUserDNSDomainName:  MyGetUserNameEx failed
for NameDnsDomain style name with 1332
USERENV(2c4.328) 16:29:49:406 GetUserDNSDomainName:  MyGetUserNameEx failed
for NameDnsDomain style name with 1332
USERENV(2c4.328) 16:29:49:421 GetUserDNSDomainName:  MyGetUserNameEx failed
for NameDnsDomain style name with 1332
USERENV(28c.290) 16:29:50:140 GetUserDNSDomainName:  MyGetUserNameEx failed
for NameDnsDomain style name with 1332
USERENV(28c.1d0) 16:29:50:171 GetGPOInfo:  Local GPO's gpt.ini is not
accessible, assuming default state.

Error code 1332 = No mapping between account names and security IDs was
done. 
Error code 1355 = The specified domain either does not exist or could not be
contacted.
???????  

what's going wrong , i'm out of options and tried a lot.

Please somebody help.
This is the only thing what isnt working now :-( 

Louis



More information about the samba mailing list