AW: [Samba] Big problem with roaming profiles
Benjamin.Oeltze at fujitsu-siemens.com
Benjamin.Oeltze at fujitsu-siemens.com
Fri Sep 23 06:52:33 GMT 2005
I had the same problem.
We used samba 3.0.14 and upgraded to 3.0.20
After that profile were not loaded anymore. Th problen you are discribing looks like Windows is loading the local
copy of your profile and after you deleted it it tries to load the profile from samba and fails.
I found out that we had problems with "profile acls = Yes" wich was needed by the earlier samba releases.
Disable it (or #) and try again. Be sure to set the fitting access rights to the Profiles.
________________________________
Von: samba-bounces+benjamin.oeltze=fujitsu-siemens.com at lists.samba.org im Auftrag von S.Schaefer at ukmuenster.de
Gesendet: Do 22.09.2005 16:22
An: samba at lists.samba.org
Betreff: [Samba] Big problem with roaming profiles
Hello everyone!
I'm facing a big problem with the samba server I just set up:
System: FreeBSD 5.4
Samba ver: 3.0.20 (previuosly 3.0.12)
Client(s): Windows XP Professional
I configured the server to make use of roaming profiles. I was able to copy local profiles to the server, to login and voila - got my desktop. Also after creating a new user, the new profile gets copied to the server, synchronized and reloaded after next login.
So far so good.
But when I delete the local copy of the profile (deleting the entire user.dom directory) it doesn't get copied back from the server. Instead Windows waits für about 10 minutes until I get a new desktop from some default profile, where I can't change most settings. No update to the server occurs after logout.
The same happens when I try to login from a different client. No profile gets loaded.
The log reveals no problems or errors.
I'm pretty clueless now, since I've read many, many documentations and sample configurations.
Below is my smb.conf:
[global]
display charset = ISO-8859-15
dos charset = 850
unix charset = ISO-8859-15
enable privileges = yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
map to guest = Bad User
# smb passwd file = /etc/samba/smbpasswd
time server = Yes
encrypt passwords = yes
veto files = /*.eml/*.nws/riched20.dll/*.{*}
allow hosts = 128.176.52.0/255.255.255.128 192.168.0.0/24
unix extensions = Yes
netbios name = PDC
server string = Samba Domain Controller
printing = CUPS
path = /var/spool/samba
workgroup = IZKF4
os level = 65
domain master = yes
preferred master = yes
local master = yes
wins support = yes
printcap name = CUPS
cups options = "raw"
use client driver = no
security = user
domain logons = yes
logon script = STARTUP.CMD
logon path = \\%L\profiles\%U
logon drive = P:
hide unreadable = yes
hide dot files = yes
log level = 2
log file = /var/log/samba/log.%m
ldap passwd sync = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
; SAMBA-LDAP declarations
passdb backend = ldapsam:ldap://127.0.0.1/
# ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
ldap admin dn = cn=Manager,dc=mydomain,dc=com
ldap suffix = dc=mydomain,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
# ldap ssl = start_tls
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
[W]
comment = Data
browsable = yes
path = /data/drivew
create mask = 0664
directory mask = 0775
public = no
writable = yes
printable = no
write list = @users
[netlogon]
path = /data/netlogon
public = no
writeable = no
browseable = no
[profiles]
path=/data/ntprofiles
browseable = no
writeable = yes
guest ok = Yes
profile acls = Yes
csc policy = disable
force user = %U
# hide files = /desktop.ini/ntuser.ini/NTUSER.*/
# write list = %U @"Domain Admins"
valid users = %U @"Domain Admins"
create mask = 0600
directory mask = 0700
# default case = lower
preserve case = Yes
case sensitive = no
[homes]
comment = Home Directories
valid users = %S
browseable = No
read only = No
create mask = 0640
directory mask = 0750
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
create mask = 0600
browseable = No
public = yes
writable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
write list = root,"@Domain Admins"
force group = "Domain Admins"
create mask = 0664
directory mask = 0775
[hplj1300]
comment = HP Laserjet 1300
printable = yes
path = /var/spool/hplaserjet1300
public = no
guest ok = no
printer admin = "Domain Admins"
Additionally I applied the following patch to the XP-Clients:
###########
; Windows XP Professional
; enable windows logon to samba server as domain controller (pdc) with roaming profile
; disable secure channel
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"requiresignorseal"=dword:00000000
"signsecurechannel"=dword:00000000
; disable check for user ownership of Roaming Profile Folders
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"CompatibleRUPSecurity"=dword:00000001
###########
Does anybody have an idea?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba <https://pdbvpn1.fujitsu-siemens.com/https/0/lists.samba.org/mailman/listinfo/samba>
More information about the samba
mailing list