[Samba] Fwd: Vista laptop in Samba 3.3.4 domain suddenly trying to use roaming profiles?

Paul Venzke venzkep at srt.com
Mon Nov 23 20:51:12 MST 2009

On Mon November 23 2009 15:27, David Whitney wrote:
>  Hi, and thanks for your interest!
> I am still using an smbpasswd backend because this is a very small
> home network I maintain for my own educational purposes, although I
> might migrate to LDAP at some point for the same reason.
> I have manually changed the troublesome profile type from roaming
> to local, but when I logged back in from that same profile, it
> switched back to roaming! The more I read about this bizarre
> behavior, the more I start to suspect the possibility of malware or
> virus, which is what I plan to investigate tonight.
> As far as the logon scripts go, the irony is that the script
> actually fired from my admin-prived logon, but could not
> access/load the "right" profile from the local box. They still
> don't fire from my desktop boxes. Per your question, I can access
> and execute the scripts from the desktop with no problem. Per other
> sources, it appears that the necessary privs to the netlogon
> directory should be 755, (rwxr-xr-x), which is what I have set and
> verified.
> Again, many thanks for your interest and suggestions.
> On Mon, Nov 23, 2009 at 1:16 PM, Gaiseric Vandal
> <gaiseric.vandal at gmail.com>wrote:
> > This happened to us when we switched from TDB to LDAP backend.  
> > (Samba 3.03x)   I suspect that for some users sambaProfilePath
> > may have had space character but wasn't actually  null.   For
> > some users we just deleted the sambaProfilePath attribute.
> >
> > You may need to change the profile type on the users computer
> > from roaming back to local.  (On XP, right-click My Computer->
> > Properties->Advanced->User Profiles.)
> >
> >
> > Login scripts could be several things
> >    -  share and file permissions for the netlogon directory
> > should probably allow everyone read-only.
> >    -  I usually add a "pause" command in the login script when
> > troubleshooting
> >    -  You need to specify the logon script as part of the user's
> > account. (In LDAP, SambaLogonScript attribute  I don't think you
> > can a default logon script.
> >
> >
> > From an XP session, can you go to the netlogon share and run the
> > logon script?
> >
> > On 11/23/09 10:03, David Whitney wrote:
> >> Grettings, all
> >>
> >> I have a bizarre problem on a laptop in my Samba 3.3.4 domain.
> >> This domain includes a mixture of XP Pro and Vista Ultimate
> >> clients.
> >>
> >> I had just completed a migration to this new domain (from a
> >> Samba 2.2.8a domain), and all seemed happy and well - machines
> >> had rebooted and were still active in the domain, users were
> >> logging in with no problem, shares were working perfectly - all
> >> over the span of a week or so - until last night.
> >>
> >> Trying to log into my wife's laptop (Vista Ultimate) under her
> >> account, I got an odd message that said "Your roaming profile
> >> was not completely synchronized. Please contact your
> >> administrator." The only problem is I am *not* using roaming
> >> profiles in my Samba domain! And this account had logged
> >> into the domain several times on this laptop with no problem
> >> after the migration.
> >>
> >> I looked on the home shares for the particular account, and
> >> surely enough there is the "profile.V2" folder indicating what I
> >> understand is the attempt
> >> by a Vista box to build a first-time Vista-style roaming profile
> >> on my Samba-defined user share. I logged in under a different
> >> account that has admin privs, and sure enough, it tried to load
> >> a roaming profile there, too.
> >> That told me, additionally, that Vista thought this was the
> >> first time this
> >> user had logged into that box/domain, which was obviously
> >> incorrect. The profiles for each user that had used until that
> >> point were on the machine, intact.
> >>
> >> I've changed the local policy on that box to disallow roaming
> >> profiles expressly, but now the local profiles that had been
> >> working just fine are no
> >> longer associated with their proper users, and I'm not sure how
> >> to restore the association (or even if I can). I can browse the
> >> machine remotely and copy the files from that local profile if I
> >> have to, but I'd like to avoid it.
> >> Could the learned folks here offer any suggestions on why this
> >> laptop would
> >> suddenly think it was supposed to use roaming profiles on my
> >> non-roaming-profile Samba domain? Is there some mystery setting
> >> in smb.conf
> >> I might possibly have set (or perhaps deleted??) that would
> >> leave Samba thinking was trying to use roaming profiles? Based
> >> on late-night research, I
> >> expressly set "logon path" to be blank in smb.conf, which is
> >> supposed to disable Samba roaming profiles. It had not been
> >> expressly set before. I have
> >> logged into a desktop box and it worked normally.
> >>
> >> Appreciate any thoughts or suggestions. The desktop boxes, so
> >> far, seem unaffected and are working normally. I'm thinking my
> >> next step is to copy the files from the particular profile in
> >> question, remove the machine from the domain, and then rejoin
> >> it, but I'm not sure I still won't have the same
> >> problem.
> >>
> >> The only other problem I've had in this migration was in getting
> >> logon scripts to work (which I never did), but I don't think
> >> this is related to that issue....and the fact that other than
> >> scripts the domain was working fine is what really has me
> >> puzzled.
> >>
> >> Any thoughts or suggestions appreciated.
> >> -David
> >
> > --
> > To unsubscribe from this list go to the following URL and read
> > the instructions:  https://lists.samba.org/mailman/options/samba
We have similar problems with Vista using the wrong profile. Although 
the situations that caused the problem are a bit different from yours 
the answer was to use "regedit" to adjust the profile path.  Before 
you do this BACK UP the registry just in case you need to roll back.

Use regedit to change this key:

users SID>/ 

Local user have no entry: CentralProfile, if this is present I think 
just removing it will keep the machine from looking on the server.  
Make sure the entries here conform with the other local users. Make 
sure the "ProfileImagePath" points to the local profile:

"We have met the enemy and he is us"; Pogo

More information about the samba mailing list