[Samba] Big problem with roaming profiles

S.Schaefer at ukmuenster.de S.Schaefer at ukmuenster.de
Thu Sep 22 14:22:46 GMT 2005 

Hello everyone!

I'm facing a big problem with the samba server I just set up:

System: FreeBSD 5.4
Samba ver: 3.0.20 (previuosly 3.0.12)
Client(s): Windows XP Professional

I configured the server to make use of roaming profiles. I was able to copy local profiles to the server, to login and voila - got my desktop. Also after creating a new user, the new profile gets copied to the server, synchronized and reloaded after next login.
So far so good.
But when I delete the local copy of the profile (deleting the entire user.dom directory) it doesn't get copied back from the server. Instead Windows waits für about 10 minutes until I get a new desktop from some default profile, where I can't change most settings. No update to the server occurs after logout.
The same happens when I try to login from a different client. No profile gets loaded. 
The log reveals no problems or errors.
I'm pretty clueless now, since I've read many, many documentations and sample configurations.

Below is my smb.conf:


[global]
        display charset = ISO-8859-15
        dos charset = 850
        unix charset = ISO-8859-15
        enable privileges = yes
        socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
        map to guest = Bad User
#       smb passwd file = /etc/samba/smbpasswd
        time server = Yes
        encrypt passwords = yes
        veto files = /*.eml/*.nws/riched20.dll/*.{*}
        allow hosts = 128.176.52.0/255.255.255.128 192.168.0.0/24
        unix extensions = Yes
        netbios name = PDC
        server string = Samba Domain Controller 
        printing = CUPS
        path = /var/spool/samba
        workgroup = IZKF4
        os level = 65
        domain master = yes
        preferred master = yes
        local master = yes
        wins support = yes
        printcap name = CUPS
        cups options = "raw"
        use client driver = no
        security = user
        domain logons = yes
        logon script = STARTUP.CMD
        logon path = \\%L\profiles\%U
        logon drive = P:
        hide unreadable = yes
        hide dot files = yes

        log level = 2
        log file = /var/log/samba/log.%m

        ldap passwd sync = Yes
        passdb backend = ldapsam:ldap://127.0.0.1/

; SAMBA-LDAP declarations
          passdb backend = ldapsam:ldap://127.0.0.1/
          # ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
          ldap admin dn = cn=Manager,dc=mydomain,dc=com
          ldap suffix = dc=mydomain,dc=com
          ldap group suffix = ou=Groups
          ldap user suffix = ou=Users
          ldap machine suffix = ou=Computers
#         ldap ssl = start_tls

          add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
          add user script = /usr/local/sbin/smbldap-useradd -m "%u"
          ldap delete dn = Yes
          delete user script = /usr/local/sbin/smbldap-userdel "%u"
          add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
          delete group script = /usr/local/sbin/smbldap-groupdel "%g"
          add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
          delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
          set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"

[W]
   comment = Data
   browsable = yes
   path = /data/drivew
   create mask = 0664
   directory mask = 0775
   public = no
   writable = yes
   printable = no
   write list = @users

[netlogon]
   path = /data/netlogon
   public = no
   writeable = no
   browseable = no

[profiles]
   path=/data/ntprofiles
   browseable = no
   writeable = yes
   guest ok = Yes
   profile acls = Yes
   csc policy = disable
   force user = %U
#   hide files = /desktop.ini/ntuser.ini/NTUSER.*/
#   write list = %U @"Domain Admins"
   valid users = %U @"Domain Admins"
   create mask = 0600
   directory mask = 0700
#   default case = lower
   preserve case = Yes
   case sensitive = no

[homes]
   comment = Home Directories
   valid users = %S
   browseable = No
   read only = No
   create mask = 0640
   directory mask = 0750

[printers]
   comment = All Printers
   path = /var/spool/samba
   printable = Yes
   create mask = 0600
   browseable = No
   public = yes
   writable = No

[print$]
        comment = Printer Drivers
        path = /var/lib/samba/printers
        write list = root,"@Domain Admins"
        force group = "Domain Admins"
        create mask = 0664
        directory mask = 0775

[hplj1300]
        comment = HP Laserjet 1300
        printable = yes
        path = /var/spool/hplaserjet1300
        public = no
        guest ok = no
        printer admin = "Domain Admins"

Additionally I applied the following patch to the XP-Clients:

###########
; Windows XP Professional
; enable windows logon to samba server as domain controller (pdc) with roaming profile

; disable secure channel
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"requiresignorseal"=dword:00000000
"signsecurechannel"=dword:00000000

; disable check for user ownership of Roaming Profile Folders
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"CompatibleRUPSecurity"=dword:00000001
###########


Does anybody have an idea?

More information about the samba mailing list