[Samba] Roaming profiles

Tue Aug 19 13:44:41 GMT 2008

On Tuesday 19 August 2008 07:18:56 Mugo Martin wrote:
> Hi people. Im in need of help as far as roaming profiles are concerned.
> Allow me as I know this issue has been discussed timelessly but let me just
> ask it because I have been unable to get it to work.
>
> My Samba + Ldap setup is fine and XP users can authenticate alright. Im
> using samba 3.0.28. However when logging in for the first time, they get
> the message;
>
> Windows cannot locate a server copy....    -Access is denied
>
> When logging off,
>
> Windows cannot update your roaming profile... -Access is denied
>
> I copied the profiles across from another server, so the first error does
> not come up except for new users and the old profiles are mapped onto the
> users machines just fine.

Did you copy the domain SID from the old server to the new one?

- John T.

> I think I've done everything for roaming profiles to work including
>
> mkdir -p /var/lib/samba/profiles
> chown root:users /var/lib/samba/profiles
> chmod 2775 /var/lib/samba/profiles
>
> chown -R user /var/lib/samba/profiles/user/
>
> The samba logs don't  show any errors.
>
> Below is my smb.conf file
> [global]
>         workgroup = EXAMPLE
>         netbios name = EXAMPLE_SERVER
>         server string = Samba Server Version %v
>         passdb backend = ldapsam:ldap://example.org/
>         log file = /var/log/samba/%m.log
>         max log size = 50
>         add user script = /usr/sbin/adduser -m "%u"
>         add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s
> /bin/false -M %u
>         logon script = %u.bat
>         logon path = \\EXAMPLE_SERVER\profiles\%U
>         logon home = \\EXAMPLE_SERVER\%U
>         domain logons = Yes
>         domain master = Yes
>         ldap admin dn = "cn=config"
>         ldap group suffix = ou=groups
>         ldap machine suffix = ou=machines
>         ldap passwd sync = Yes
>         ldap suffix = dc=example,dc=org
>         ldap user suffix = ou=people
>         cups options = raw
> [homes]
>         comment = Home Directories
>         validusers = %S
>         read only = No
>         browseable = No
>         writable = Yes
>         create mask= 0700
>         directory mask = 0700
> [netlogon]
>         comment = Network Logon Service
>         path = /var/lib/samba/netlogon
>         share modes = No
>         guest ok = Yes
> [profiles]
>         path = /var/lib/samba/profiles
>         read only = No
>         writable = Yes
>         profile acls = Yes
>         comment = User profiles
>         create mask = 0600
>         browsable = no
>         directory mask = 0700
>
> My searches on the web have not helped much. I am running on a Red Hat like
> system (CentOS 5).
>
> Someone please help. I will be eternally grateful.

-- 
John H Terpstra

"Don't do as I do; Show me better!" - Anonymous.