[Samba] profile terror after passdb loss

Thomas Gutzler thomas.gutzler at gmail.com
Wed Mar 17 06:19:46 MDT 2010


I'm running samba 3.4.0 as PDC with a bunch of Windows boxes (XP, Vista,
7) on the domain. Unfortunately, I lost my passdb.tdb and secrets.tdb
files and had to create the domain again on a new setup. Consequently,
all domain computers had to be rejoined and all users had to re-enter
their passwords.

This must have caused major confusion on the clients / controller (I
don't know which one) when trying to load the user profiles created
under the old domain (when they login to the domain). Windows 7
complains about Group Policies that deny access. Windows XP just quietly
loads a fresh profile and doesn't allow any changes to it. I found out
that deleting the profile AND recreating the user in the samba database
at the same time solves the problem but that's not acceptable.
I tried deleting the user profile on a Win7 machine with the result that
it logs in with a temp profile, which isn't saved back to the server.
Even deleting the profile on the PDC AND the client at the same time has
the same result. For that case the event log on that computer contains
several messages but none of them seem very helpful to me:
Event Viewer / Windows Logs:
- Application / Error:
* Windows has backed up this user profile. Windows will automatically
try to use the backup profile the next time this user logs on.
* Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when
you log off.
- Security / Audit Success:
* A logon was attempted using explicit credentials.
* An account was successfully logged on.
- System / Information:
* The Group Policy settings for the user were processed successfully.
New settings from 1 Group Policy objects were detected and applied.

Strangely, after logging in/out with the TEMP profile, a profile.V2
directory is created on the PDC if it didn't already exist. Logging in
after this was created still results in a temp profile.

Now, before I delete all user profiles, and completely setup everything
from scratch I thought I should ask if there's a less painful way of
getting everything back to work.



More information about the samba mailing list