[Samba] Roaming profiles

Mugo Martin mmuchira at gmail.com
Tue Aug 19 12:18:56 GMT 2008

Hi people. Im in need of help as far as roaming profiles are concerned.
Allow me as I know this issue has been discussed timelessly but let me just
ask it because I have been unable to get it to work.

My Samba + Ldap setup is fine and XP users can authenticate alright. Im
using samba 3.0.28. However when logging in for the first time, they get the

Windows cannot locate a server copy....    -Access is denied

When logging off,

Windows cannot update your roaming profile... -Access is denied

I copied the profiles across from another server, so the first error does
not come up except for new users and the old profiles are mapped onto the
users machines just fine.

I think I've done everything for roaming profiles to work including

mkdir -p /var/lib/samba/profiles
chown root:users /var/lib/samba/profiles
chmod 2775 /var/lib/samba/profiles

chown -R user /var/lib/samba/profiles/user/

The samba logs don't  show any errors.

Below is my smb.conf file
        workgroup = EXAMPLE
        netbios name = EXAMPLE_SERVER
        server string = Samba Server Version %v
        passdb backend = ldapsam:ldap://example.org/
        log file = /var/log/samba/%m.log
        max log size = 50
        add user script = /usr/sbin/adduser -m "%u"
        add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s
/bin/false -M %u
        logon script = %u.bat
        logon path = \\EXAMPLE_SERVER\profiles\%U
        logon home = \\EXAMPLE_SERVER\%U
        domain logons = Yes
        domain master = Yes
        ldap admin dn = "cn=config"
        ldap group suffix = ou=groups
        ldap machine suffix = ou=machines
        ldap passwd sync = Yes
        ldap suffix = dc=example,dc=org
        ldap user suffix = ou=people
        cups options = raw
        comment = Home Directories
        validusers = %S
        read only = No
        browseable = No
        writable = Yes
        create mask= 0700
        directory mask = 0700
        comment = Network Logon Service
        path = /var/lib/samba/netlogon
        share modes = No
        guest ok = Yes
        path = /var/lib/samba/profiles
        read only = No
        writable = Yes
        profile acls = Yes
        comment = User profiles
        create mask = 0600
        browsable = no
        directory mask = 0700

My searches on the web have not helped much. I am running on a Red Hat like
system (CentOS 5).

Someone please help. I will be eternally grateful.

