[Samba] Fwd: Vista laptop in Samba 3.3.4 domain suddenly trying to use roaming profiles?

David Whitney soonerdew at gmail.com
Mon Nov 23 14:27:41 MST 2009

 Hi, and thanks for your interest!

I am still using an smbpasswd backend because this is a very small home
network I maintain for my own educational purposes, although I might migrate
to LDAP at some point for the same reason.

I have manually changed the troublesome profile type from roaming to local,
but when I logged back in from that same profile, it switched back to
roaming! The more I read about this bizarre behavior, the more I start to
suspect the possibility of malware or virus, which is what I plan to
investigate tonight.

As far as the logon scripts go, the irony is that the script actually fired
from my admin-prived logon, but could not access/load the "right" profile
from the local box. They still don't fire from my desktop boxes. Per your
question, I can access and execute the scripts from the desktop with no
problem. Per other sources, it appears that the necessary privs to the
netlogon directory should be 755, (rwxr-xr-x), which is what I have set and

Again, many thanks for your interest and suggestions.

On Mon, Nov 23, 2009 at 1:16 PM, Gaiseric Vandal
<gaiseric.vandal at gmail.com>wrote:

> This happened to us when we switched from TDB to LDAP backend.   (Samba
> 3.03x)   I suspect that for some users sambaProfilePath may have had space
>  character but wasn't actually  null.   For some users we just deleted the
> sambaProfilePath attribute.
> You may need to change the profile type on the users computer from roaming
> back to local.  (On XP, right-click My Computer-> Properties->Advanced->User
> Profiles.)
> Login scripts could be several things
>    -  share and file permissions for the netlogon directory should probably
> allow everyone read-only.
>    -  I usually add a "pause" command in the login script when
> troubleshooting
>    -  You need to specify the logon script as part of the user's account.
>  (In LDAP, SambaLogonScript attribute  I don't think you can a default logon
> script.
> From an XP session, can you go to the netlogon share and run the logon
> script?
> On 11/23/09 10:03, David Whitney wrote:
>> Grettings, all
>> I have a bizarre problem on a laptop in my Samba 3.3.4 domain. This domain
>> includes a mixture of XP Pro and Vista Ultimate clients.
>> I had just completed a migration to this new domain (from a Samba 2.2.8a
>> domain), and all seemed happy and well - machines had rebooted and were
>> still active in the domain, users were logging in with no problem, shares
>> were working perfectly - all over the span of a week or so - until last
>> night.
>> Trying to log into my wife's laptop (Vista Ultimate) under her account, I
>> got an odd message that said "Your roaming profile was not completely
>> synchronized. Please contact your administrator." The only problem is I am
>> *not* using roaming profiles in my Samba domain! And this account had
>> logged
>> into the domain several times on this laptop with no problem after the
>> migration.
>> I looked on the home shares for the particular account, and surely enough
>> there is the "profile.V2" folder indicating what I understand is the
>> attempt
>> by a Vista box to build a first-time Vista-style roaming profile on my
>> Samba-defined user share. I logged in under a different account that has
>> admin privs, and sure enough, it tried to load a roaming profile there,
>> too.
>> That told me, additionally, that Vista thought this was the first time
>> this
>> user had logged into that box/domain, which was obviously incorrect. The
>> profiles for each user that had used until that point were on the machine,
>> intact.
>> I've changed the local policy on that box to disallow roaming profiles
>> expressly, but now the local profiles that had been working just fine are
>> no
>> longer associated with their proper users, and I'm not sure how to restore
>> the association (or even if I can). I can browse the machine remotely and
>> copy the files from that local profile if I have to, but I'd like to avoid
>> it.
>> Could the learned folks here offer any suggestions on why this laptop
>> would
>> suddenly think it was supposed to use roaming profiles on my
>> non-roaming-profile Samba domain? Is there some mystery setting in
>> smb.conf
>> I might possibly have set (or perhaps deleted??) that would leave Samba
>> thinking was trying to use roaming profiles? Based on late-night research,
>> I
>> expressly set "logon path" to be blank in smb.conf, which is supposed to
>> disable Samba roaming profiles. It had not been expressly set before. I
>> have
>> logged into a desktop box and it worked normally.
>> Appreciate any thoughts or suggestions. The desktop boxes, so far, seem
>> unaffected and are working normally. I'm thinking my next step is to copy
>> the files from the particular profile in question, remove the machine from
>> the domain, and then rejoin it, but I'm not sure I still won't have the
>> same
>> problem.
>> The only other problem I've had in this migration was in getting logon
>> scripts to work (which I never did), but I don't think this is related to
>> that issue....and the fact that other than scripts the domain was working
>> fine is what really has me puzzled.
>> Any thoughts or suggestions appreciated.
>> -David
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list