[Samba] Profile permissions issue? Samba and FDS problem

Robert Beaty robert.beaty at ipov.net
Wed Oct 18 18:30:39 GMT 2006

First some information on the system set up.
OS: CentOS 4.3
Samba 3.0.10
FDS 7.1

Samba is acting as a PDC for our network. We have both windows 2000 and
windows XP client machines. They are all joined to our domain. Everything
"seems" to be fine except that when a user logs into a machine they can not
make even simple changes to setting such as folder options (ie. view file
extensions). Our previous set up was using Samba 2 and OpenLDAP. Users whos
profiles and ldap entries were created uder that system do not have this
problem (these olders users where converted and imported into FDS). Only the
users which have been added since the switch have this problem. The uid's
are following the same path as previously and profiles are being copied from
a default windows profile directory. The users are members of the "Domain
Users" group with has sid 513 and maps to the unix group 2513 also "Domain
Users". The Domain Users group is under the users group on the windows
clients. Profile folder permissions are set to username:"Domain Users" and
they have wrx priveleges. Of course if the user is set to a local
administrator on the machine none of these problems arise. I have even tried
explicitely adding a single user to the users group in windows and still the
problem occurs. I've looked in gpedit.msc and have been unable to locate
anything to point to the problem there. Below is a copy of smb.conf with
certain information left out for security and such as well as a sample user
entry from FDS and a snippet of a windows login log from a windows 2000
client. I know it's a bit long but I wanted to try and get all possible
information in the email. Let me know if I left anything out.


<--------- Start smb.conf ------------>

   workgroup = IPOV
   security = user
passdb backend = ldapsam:ldap://example.ldap.server
ldap admin dn = cn=admin users
ldap suffix = dc=company,dc=com
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups

log file = /var/log/%m.log
log level = 1
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

os level = 65
domain logons = yes
domain master = yes
local master = yes
preferred master = yes

wins support = yes

logon home = \\%N\homes\%U
logon path = \\%N\profiles\%U
logon drive = H:

   template shell = /bin/false
   winbind use default domain = no

   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431

path = /mnt/data/netlogon
read only = yes
browsable = no

path = /mnt/data/profiles
read only = no
create mask = 0777
directory mask = 0777
writeable = yes
browsable = no
guest ok = no

browsable = no
writable = yes
create mask = 0764
directory mask = 0775

<---------- End smb.con ---------->

<---------- Start example ldap entry ------------->
dn: uid=test.user,ou=Users,dc=company ,dc=com
modifytimestamp: 20060922201729Z
modifiersname: admin dn
gidNumber: 2513
sambaPrimaryGroupSID: S- sid_here-513
passwordgraceusertime: 0
sambaNTPassword: removed
sambaLMPassword: removed
userPassword: removed
uid: test.user
uidNumber: 1400
homeDirectory: /home/test.user
loginShell: /bin/bash
objectClass: inetOrgPerson
objectClass: sambaSAMAccount
objectClass: posixAccount
objectClass: organizationalPerson
objectClass: top
objectClass: person
cn: Test User
sn: User
gecos: Test User
description: Test User
displayName: Test User
mail: test.user at ipov.net
sambaSID: S- sid_here-3814
sambaHomeDrive: H:
sambaHomePath: \\ server_name\homes
sambaProfilePath: \\server_name\profiles\test.user
sambaLogonScript: STARTUP.BAT
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdMustChange: 2147483647
sambaPwdCanChange: 1142535948
sambaPwdLastSet: 1142535948
sambaAcctFlags: [U          ]
creatorsname: cn=admin dn
createtimestamp: 20060914135759Z
nsuniqueid: removed
parentid: 24
entryid: 299
entrydn: uid=test.user,ou=users,dc=company,dc=com
numsubordinates: 0
subschemasubentry: cn=schema
hassubordinates: FALSE
<---------- End example ldap entry ------------>

<----------- Start Windows login log ---------------->
USERENV(bc.a4) 11:09:27:921 CopyProfileDirectoryEx: Setting Directory
TimeStamps all Directories
USERENV(bc.a4) 11:09:27:953 CopyProfileDirectoryEx: Set times on all
USERENV(bc.a4) 11:09:27:953 CopyProfileDirectoryEx: Leaving with a return
value of 1
USERENV(bc.a4) 11:09:28:000 MyRegLoadKey: Mutex released.  Returning 0.
USERENV(bc.a4) 11:09:28:015 MyRegLoadKey: Mutex released.  Returning 0.
USERENV(bc.a4) 11:09:28:015 CreateClassHive: existing user classes hive
USERENV(bc.a4) 11:09:28:015 RestoreUserProfile:  About to Leave.  Final
Information follows:
USERENV(bc.a4) 11:09:28:015 Profile was successfully loaded.
USERENV(bc.a4) 11:09:28:015 lpProfile->lpRoamingProfile = <\\server_name
USERENV(bc.a4) 11:09:28:015 lpProfile->lpLocalProfile = <C:\Documents and
USERENV(bc.a4) 11:09:28:015 lpProfile->dwInternalFlags = 0x10
USERENV(bc.a4) 11:09:28:015 RestoreUserProfile:  Leaving.
USERENV(bc.a4) 11:09:28:015 GetUserGuid: Failed to get user guid with 1355.
USERENV(bc.a4) 11:09:28:031 GetUserGuid: Failed to get user guid with 1355.
USERENV(bc.a4) 11:09:28:031 UpgradeProfile: Entering
USERENV(bc.a4) 11:09:28:031 UpgradeProfile: Build numbers match
USERENV(bc.a4) 11:09:28:031 UpgradeProfile: Leaving Successfully
USERENV(bc.a4) 11:09:28:031 LoadUserProfile: Releasing mutex.
USERENV(bc.a4) 11:09:28:031 LoadUserProfile: Leaving with a value of 1.
USERENV(bc.a4) 11:09:28:031 LoadUserProfile: hProfile = <0x300>
<----------- End Windows login log ---------------->

More information about the samba mailing list