AW: [Samba] Big problem with roaming profiles

Benjamin.Oeltze at Benjamin.Oeltze at
Fri Sep 23 06:52:33 GMT 2005

I had the same problem.
We used samba 3.0.14 and upgraded to 3.0.20
After that profile were not loaded anymore. Th problen you are discribing looks like Windows is loading the local
copy of your profile and after you deleted it it tries to load the profile from samba and fails.
I found out that we had problems with "profile acls = Yes" wich was needed by the earlier samba releases.
Disable it (or #) and try again. Be sure to set the fitting access rights to the Profiles.


Von: at im Auftrag von S.Schaefer at
Gesendet: Do 22.09.2005 16:22
An: samba at
Betreff: [Samba] Big problem with roaming profiles

Hello everyone!

I'm facing a big problem with the samba server I just set up:

System: FreeBSD 5.4
Samba ver: 3.0.20 (previuosly 3.0.12)
Client(s): Windows XP Professional

I configured the server to make use of roaming profiles. I was able to copy local profiles to the server, to login and voila - got my desktop. Also after creating a new user, the new profile gets copied to the server, synchronized and reloaded after next login.
So far so good.
But when I delete the local copy of the profile (deleting the entire user.dom directory) it doesn't get copied back from the server. Instead Windows waits für about 10 minutes until I get a new desktop from some default profile, where I can't change most settings. No update to the server occurs after logout.
The same happens when I try to login from a different client. No profile gets loaded.
The log reveals no problems or errors.
I'm pretty clueless now, since I've read many, many documentations and sample configurations.

Below is my smb.conf:

        display charset = ISO-8859-15
        dos charset = 850
        unix charset = ISO-8859-15
        enable privileges = yes
        map to guest = Bad User
#       smb passwd file = /etc/samba/smbpasswd
        time server = Yes
        encrypt passwords = yes
        veto files = /*.eml/*.nws/riched20.dll/*.{*}
        allow hosts =
        unix extensions = Yes
        netbios name = PDC
        server string = Samba Domain Controller
        printing = CUPS
        path = /var/spool/samba
        workgroup = IZKF4
        os level = 65
        domain master = yes
        preferred master = yes
        local master = yes
        wins support = yes
        printcap name = CUPS
        cups options = "raw"
        use client driver = no
        security = user
        domain logons = yes
        logon script = STARTUP.CMD
        logon path = \\%L\profiles\%U
        logon drive = P:
        hide unreadable = yes
        hide dot files = yes

        log level = 2
        log file = /var/log/samba/log.%m

        ldap passwd sync = Yes
        passdb backend = ldapsam:ldap://

; SAMBA-LDAP declarations
          passdb backend = ldapsam:ldap://
          # ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
          ldap admin dn = cn=Manager,dc=mydomain,dc=com
          ldap suffix = dc=mydomain,dc=com
          ldap group suffix = ou=Groups
          ldap user suffix = ou=Users
          ldap machine suffix = ou=Computers
#         ldap ssl = start_tls

          add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
          add user script = /usr/local/sbin/smbldap-useradd -m "%u"
          ldap delete dn = Yes
          delete user script = /usr/local/sbin/smbldap-userdel "%u"
          add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
          delete group script = /usr/local/sbin/smbldap-groupdel "%g"
          add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
          delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
          set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"

   comment = Data
   browsable = yes
   path = /data/drivew
   create mask = 0664
   directory mask = 0775
   public = no
   writable = yes
   printable = no
   write list = @users

   path = /data/netlogon
   public = no
   writeable = no
   browseable = no

   browseable = no
   writeable = yes
   guest ok = Yes
   profile acls = Yes
   csc policy = disable
   force user = %U
#   hide files = /desktop.ini/ntuser.ini/NTUSER.*/
#   write list = %U @"Domain Admins"
   valid users = %U @"Domain Admins"
   create mask = 0600
   directory mask = 0700
#   default case = lower
   preserve case = Yes
   case sensitive = no

   comment = Home Directories
   valid users = %S
   browseable = No
   read only = No
   create mask = 0640
   directory mask = 0750

   comment = All Printers
   path = /var/spool/samba
   printable = Yes
   create mask = 0600
   browseable = No
   public = yes
   writable = No

        comment = Printer Drivers
        path = /var/lib/samba/printers
        write list = root,"@Domain Admins"
        force group = "Domain Admins"
        create mask = 0664
        directory mask = 0775

        comment = HP Laserjet 1300
        printable = yes
        path = /var/spool/hplaserjet1300
        public = no
        guest ok = no
        printer admin = "Domain Admins"

Additionally I applied the following patch to the XP-Clients:

; Windows XP Professional
; enable windows logon to samba server as domain controller (pdc) with roaming profile

; disable secure channel

; disable check for user ownership of Roaming Profile Folders

Does anybody have an idea?
To unsubscribe from this list go to the following URL and read the
instructions: <> 

More information about the samba mailing list