[Samba] Windows clients aren't synching profiles

Dave Welsh davewelsh79 at hotmail.com
Fri Dec 8 18:31:27 GMT 2006 

Hi. I used to have samba set up on a Fedora Core 3 server that acted as a 
PDC for a dozen Windows XP clients. I hade roaming profiles working fine.

Then I decided to upgrade (reformat) to Fedora Core 6 for the added harware 
support. I didn't save the right files and hosed my roaming profile (SID 
issue, I guess). Now I'm remaking the PDC on Fedora Core 6. I'll start 
everyone off with a fresh profile.

I've gotten most of the way there. The Windows XP clients can join the new 
domain and the users can log into the domain. My problem is that even though 
users can write to \\%L\Profiles\%U, XP doesn't s seen to even try to write 
there upon logging off. And it isn't reading from there at log on either.

I don't think it's a permissions issue. If I have restrictive permissions on 
/home/profiles, Windows complains   at log on, but when the permissions are 
set to allow writing, Windows doesn't even try to use the roaming profile 
share.

Here's the output of testparm:
[root at isis samba]# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[Profiles]"
Processing section "[printers]"
Processing section "[temp]"
Processing section "[public]"
Processing section "[production]"
Processing section "[database]"
Processing section "[optical]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
        workgroup = QUALITY
        server string =
        interfaces = 192.168.6.0/24
        passwd program = /usr/bin/passwd %u
        passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* 
%n\n *passwd:*all*authentication*tokens*updated*successfully*
        username map = /etc/samba/smbusers
        unix password sync = Yes
        log file = /var/log/samba/%m.log
        max log size = 50
        keepalive = 30
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        printcap name = /etc/printcap
        logon drive = P:
        domain logons = Yes
        os level = 33
        preferred master = Yes
        domain master = Yes
        dns proxy = No
        remote announce = 192.168.6.255
        hosts allow = 192.168.6., 127.
        cups options = raw

[homes]
        comment = Home Directory
        read only = No
        create mask = 0600
        directory mask = 0700
        browseable = No

[netlogon]
        comment = Network Logon Service
        path = /home/netlogon
        guest ok = Yes
        share modes = No

[Profiles]
        path = /home/profiles
        read only = No
        guest ok = Yes
        browseable = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No

[temp]
        comment = Temporary File Space - Keep Clear
        path = /home/temp
        read only = No
        create mask = 0660
        directory mask = 01770
        guest ok = Yes

[public]
        comment = Public Stuff
        path = /home/public
        create mask = 0664
        directory mask = 02775
        guest ok = Yes

[production]
        comment = Other Work
        path = /home/production
        create mask = 0664
        directory mask = 02775
        guest ok = Yes

[database]
        comment = QC Database
        path = /home/database
        create mask = 0660
        directory mask = 02770

[optical]
        comment = Optical Drive
        path = /media/cdrecorder
        guest ok = Yes

And here is a directory listing that shows my unix permissions:
[root at isis home]# ll
total 48
drwx------  2 alex    domain_users 4096 Dec  6 19:45 alex
drwx------ 21 dave    domain_users 4096 Dec  7 18:52 dave
drwx------  2 dominic domain_users 4096 Dec  6 19:45 dominic
drwx------  2 gilda   domain_users 4096 Dec  6 19:45 gilda
drwx------  2 karine  domain_users 4096 Dec  6 19:45 karine
drwx------  2 laura   domain_users 4096 Dec  6 19:45 laura
drwx------  2 lucy    domain_users 4096 Dec  6 19:45 lucy
drwxr-xr-x  2 root    domain_users 4096 Dec  6 19:47 netlogon
drwxr-xr-x  6 root    domain_users 4096 Dec  7 18:32 profiles
drwx------  2 stacey  domain_users 4096 Dec  6 19:45 stacey
drwx------  2 tanya   domain_users 4096 Dec  6 19:45 tanya

And the profiles directory:

[root at isis profiles]# ll -a
total 36
drwxr-xr-x   5 root  domain_users 4096 Dec  7 19:18 .
drwxr-xr-x  13 root  root         4096 Dec  6 19:47 ..
drwx------+  2 alex  domain_users 4096 Dec  7 16:24 alex
drwx------+  7 laura domain_users 4096 Dec  7 18:34 laura
drwx------+  2 tanya domain_users 4096 Dec  7 17:55 tanya


One thing I noticed that's different this time is that the samba is using 
ACLs. The three directories listed above were created automatically when 
those users first signed on. They stay empty, but they should contain the 
users' profiles. Here is what the ACLs look like:

[root at isis profiles]# getfacl laura
# file: laura
# owner: laura
# group: domain_users
user::rwx
group::---
other::---
default:user::rwx
default:group::---
default:other::---

I'm using the samba that comes with Fedora Core 6. I think this is the 
version:

[root at isis profiles]# smbcontrol -V
Version 3.0.23c-2

Thanks for any help you can give.

_________________________________________________________________
Download now! Visit http://www.telusmobility.com/msnxbox/ to enter and see 
how cool it is to get Messenger with you on your cell phone.  
http://www.telusmobility.com/msnxbox/

More information about the samba mailing list