[Samba] samba roaming profiles not working
Gary Dale
garydale at rogers.com
Fri Sep 17 12:21:02 MDT 2010
I've been at this for hours now and am still not getting it to work.
I've been through the lists trying to find an answer and so far as I can
tell, everything is configured OK. Obviously it's not, but I'm stuck.
I recently installed Squeeze on my home server, overwriting a Lenny
installation. I've been able to add my NT (Windows XP/Pro) domain
accounts back in and pdbedit shows the expected values - e.g.:
root at whenim64:/home/samba/profiles# pdbedit -Lv garydale
Unix username: garydale
NT username:
Account Flags: [U ]
User SID: S-1-5-21-832165970-4128531365-4003982369-1002
Primary Group SID: S-1-5-21-832165970-4128531365-4003982369-513
Full Name: Gary Dale
Home Directory: \\whenim64\home\garydale
HomeDir Drive: m:
Logon Script:
Profile Path: \\whenim64\home\samba\profiles\garydale
Domain: RAHIM-DALE
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: 9223372036854775807 seconds since the Epoch
Kickoff time: 9223372036854775807 seconds since the Epoch
Password last set: Wed, 15 Sep 2010 14:05:50 EDT
Password can change: Wed, 15 Sep 2010 14:05:50 EDT
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
However, although I can log on, I can't get the roaming profiles
working. I get the "windows cannot locate the server copy of your
roaming profile" message. Since my Unix account names/numbers are the
same and the profiles are in the previously working /home folder that
didn't get touched, I can't see how it''s a permissions problem.
Noneheless, I removed an old profile which should have let WIndows
create a new one. It didn't. I still got the same error.
I did have to reinstate the groupmaps (don't know why the samba install
doesn't do this) but they seem OK.
root at whenim64:/home/samba/profiles# net groupmap list
Domain Admins (S-1-5-21-832165970-4128531365-4003982369-512) -> ntadmins
Domain Users (S-1-5-21-832165970-4128531365-4003982369-513) -> users
Domain Guests (S-1-5-21-832165970-4128531365-4003982369-514) -> nogroup
Domain Computers (S-1-5-21-832165970-4128531365-4003982369-515) -> machines
My smb.conf tests OK with testparm. SWAT reports all the daemons are
running. I can map shares (with read/write) without needing extra
authentication.
My smb.conf (minus the shares & printers) is:
[global]
workgroup = RAHIM-DALE
server string = %h server
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword$
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
add machine script = /usr/sbin/useradd -d /var/lib/nobody -g machines -$
logon path = \\%N\home\samba\profiles\%U
logon drive = m:
logon home = \\%N\home\%U
domain logons = Yes
domain master = Yes
dns proxy = No
wins support = Yes
panic action = /usr/share/samba/panic-action %d
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = Yes
browseable = No
browsable = No
[Profiles]
profile acls = yes
create mode = 0600
directory mode = 0700
path = /home/samba/profiles
read only = no
browseable = no
writeable = yes
guest ok = yes
[homes]
comment = Home Directories
valid users = %S
create mask = 0700
directory mask = 0700
browseable = No
browsable = No
Any ideas?
More information about the samba
mailing list