[Samba] URGENT: Samba Won't Substitute %u In "Logon *" When LDAP Is Used

Brian White bcwhite at precidia.com
Mon May 22 19:46:36 GMT 2006

Version: 3.0.14a  (debian stable: 3sarge1)

I'm just about finished converting our company's network from NIS to 
LDAP.  Part of that involved updating Samba to use that same directory 
so all the information is maintained in one place.

Most everything is good, except that my roaming profiles won't work.  My 
smb.conf file is attached.

Upping the log level eventually showed messages like this:

[2006/05/22 15:16:29, 5] smbd/filename.c:unix_convert(108)
   unix_convert called on file "%u"
[2006/05/22 15:16:29, 10] smbd/statcache.c:stat_cache_lookup(210)
   stat_cache_lookup: lookup failed for name [%U]
[2006/05/22 15:16:29, 5] smbd/filename.c:unix_convert(175)
   unix_convert begin: name = %u, dirpath = , start = %u

I traced this to the "logon path" configuration item.  Samba is choosing 
the value from the smb.conf file because I don't have these values set 
within the LDAP directory; I just want to use the default generated one.

However, it semes that Samba is NOT substituting the "%u" in this case 
even though it was when LDAP was not in use.  At least "logon path" and 
"logon home" are affected; maybe more.

To verify, I manually changed every "%u" in the smb.conf file to 
"bcwhite" and then I can log on with my profile and home directory just 
fine.  An okay solution for me, but the rest of my users might complain.

Since my users are expecting to return tomorrow (after a long weekend) 
and use their WinXP machines, I'd appreciate it if someone can shed some 
light on this problem asap.

Thanks much!!!

                                  ( bcwhite at precidia.com )

           Until we are first independent, we cannot be interdependent.
-------------- next part --------------
; $Id: smb.conf,v 1.7 2006/05/22 19:09:28 bcwhite Exp $

	printing = cups
	printcap = cups
	load printers = yes
	guest account = guest
	invalid users = root
	dont descend = /proc,/dev
	unix extensions = no
	bind interfaces only = no
	interfaces = eth1 eth2
	netbios aliases = titan share shell profiles

; don't risk problems with buggy dos programs (Visual C++) getting wrong timestamp
	dos filetime resolution = yes

; "security = user" is always a good idea. This will require a Unix account
; in this server for every user accessing the server.
	security = user

; Change this for the workgroup your Samba server will part of
	workgroup = precidia

	server string = %h Server (Samba %v)

; If you want Samba to log though syslog only then set the following
; parameter to 'yes'. Please note that logging through syslog in
; Samba is still experimental.
	syslog only = no

; We want Samba to log a minimum amount of information to syslog. Everything
; should go to /var/log/{smb,nmb} instead. If you want to log through
; syslog you should set the following parameter to something higher.
	syslog = 0;

; This socket options really speed up Samba under Linux, according to my
; own tests.

; Passwords are encrypted by default. This way the latest Windows 95 and NT
; clients can connect to the Samba server with no problems.
	encrypt passwords = yes
	passdb backend = ldapsam:ldap://localhost

; It's always a good idea to use a WINS server. If you want this server
; to be the WINS server for your network change the following parameter
; to "yes". Otherwise leave it as "no" and specify your WINS server
; 	below (note: only one Samba server can be the WINS server).
; Read BROWSING.txt for more details.
	wins support = yes

; If this server is not the WINS server then specify who is it and uncomment
; next line.
; wins server =

; Please read BROWSING.txt and set the next four parameters according
; to your network setup.
	os level = 99
	local master = yes
	preferred master = yes

; Domain stuff
	domain master = yes
	domain logons = yes
;;	domain group map = /etc/samba/domain-group.map
;;	domain user map = /etc/samba/domain-user.map
;;	local group map = /etc/samba/local-group.map
	logon path = \\profiles\profiles\%u
	logon home = \\shell\%u
	logon drive = u:
	logon script = logon.bat
;;	add user script = /etc/samba/addhost %u

; What naming service and in what order should we use to resolve host names
; to IP addresses
	name resolve order = host bcast

; This will enable nmbd to search for NetBIOS names through DNS.
	dns proxy = yes

; Name mangling options
	preserve case = yes
	short preserve case = yes
	mangled names = yes
	mangle prefix = 5
	mangling method = hash

; LDAP settings
	ldap admin dn = uid=samba,ou=Services,dc=precidia
	ldap suffix = dc=precidia
	ldap user suffix = ou=People
	ldap group suffix = ou=Groups
	ldap idmap suffix = ou=Idmap
	ldap machine suffix = ou=Hosts
	ldap replication sleep = 1000
	ldap password sync = true
	ldapsam:trusted = true

; For Unix password sync. to work on a Debian GNU/Linux system, the following
; parameters must be set (thanks to Culus for pointing this out):
	check password script = /usr/local/sbin/pwcheck
	unix password sync = false
;	passwd program = /usr/local/sbin/ldappasswd --unix %u
;	passwd chat = * %n\n

; The following parameter is useful only if you have the linpopup package
; installed. The samba maintainer and the linpopup maintainer are
; working to ease installation and configuration of linpopup and samba.
;	message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &

; The default maximum log file size is 5 MBytes. That's too big so this
; next parameter sets it to 1 MByte. Currently, Samba rotates log
; files (/var/log/{smb,nmb} in Debian) when these files reach 1000 KBytes.
; A better solution would be to have Samba rotate the log file upon
; reception of a signal, but for now on, we have to live with this.
	max log size = 1000
	log level = 0

	comment = Home Directory
	browseable = no
	read only = no
	create mask = 0664
	directory mask = 0775

	comment = Printers
	printer admin = root, @winadmin
	path = /var/spool/samba
	browseable = no
	printable = yes
	public = yes
	writable = no
	create mode = 0700

	comment = Printer Drivers
	path = /etc/samba/drivers
	browseable = yes
	guest ok = no
	read only = yes
	write list = root

	comment = Logon Scripts
	path = /usr/local/win32/netlogon
	read only = yes
	public = no
	browseable = no

	comment = User Profiles
	path = /var/data/profiles
	create mask = 0600
	directory mask = 0700
	read only = no
	public = yes
	browseable = no
	profile acls = yes

; A sample share for sharing your CD-ROM with others.

;	comment = CD-ROM Drive
;	writable = no
;	locking = no
;	path = /cdrom
;	public = yes
;	fake oplocks = yes
; The next two parameters show how to auto-mount a CD-ROM when the
; cdrom share is accesed. For this to work /etc/fstab must contain
; an entry like this:
;    /dev/scd0   /cdrom  iso9660 defaults,noauto,ro,user   0 0
; The CD-ROM gets unmounted automatically after the connection to the
; If you don't want to use auto-mounting/unmounting make sure the CD
; is mounted on /cdrom
;	preexec = /bin/mount /cdrom
;	postexec = /bin/umount /cdrom

	comment = Precidia Technologies, Inc.
	path = /home/tolkien/titan
	public = yes
	writable = no
	fake oplocks = yes
	locking = no

	comment = Temporary Files
	path = /usr/local/tmp
	create mode = 0666
	public = yes
	writable = yes

More information about the samba mailing list