[Samba] samba roaming profiles not working

Gary Dale garydale at rogers.com
Fri Sep 17 12:21:02 MDT 2010 

I've been at this for hours now and am still not getting it to work. 
I've been through the lists trying to find an answer and so far as I can 
tell, everything is configured OK. Obviously it's not, but I'm stuck.

I recently installed Squeeze on my home server, overwriting a Lenny 
installation. I've been able to add my NT (Windows XP/Pro) domain 
accounts back in and pdbedit shows the expected values - e.g.:

root at whenim64:/home/samba/profiles# pdbedit -Lv garydale
Unix username: garydale
NT username:
Account Flags: [U ]
User SID: S-1-5-21-832165970-4128531365-4003982369-1002
Primary Group SID: S-1-5-21-832165970-4128531365-4003982369-513
Full Name: Gary Dale
Home Directory: \\whenim64\home\garydale
HomeDir Drive: m:
Logon Script:
Profile Path: \\whenim64\home\samba\profiles\garydale
Domain: RAHIM-DALE
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: 9223372036854775807 seconds since the Epoch
Kickoff time: 9223372036854775807 seconds since the Epoch
Password last set: Wed, 15 Sep 2010 14:05:50 EDT
Password can change: Wed, 15 Sep 2010 14:05:50 EDT
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

However, although I can log on, I can't get the roaming profiles 
working. I get the "windows cannot locate the server copy of your 
roaming profile" message. Since my Unix account names/numbers are the 
same and the profiles are in the previously working /home folder that 
didn't get touched, I can't see how it''s a permissions problem. 
Noneheless, I removed an old profile which should have let WIndows 
create a new one. It didn't. I still got the same error.

I did have to reinstate the groupmaps (don't know why the samba install 
doesn't do this) but they seem OK.

root at whenim64:/home/samba/profiles# net groupmap list
Domain Admins (S-1-5-21-832165970-4128531365-4003982369-512) -> ntadmins
Domain Users (S-1-5-21-832165970-4128531365-4003982369-513) -> users
Domain Guests (S-1-5-21-832165970-4128531365-4003982369-514) -> nogroup
Domain Computers (S-1-5-21-832165970-4128531365-4003982369-515) -> machines

My smb.conf tests OK with testparm. SWAT reports all the daemons are 
running. I can map shares (with read/write) without needing extra 
authentication.

My smb.conf (minus the shares & printers) is:

[global]
workgroup = RAHIM-DALE
server string = %h server
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword$
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
add machine script = /usr/sbin/useradd -d /var/lib/nobody -g machines -$
logon path = \\%N\home\samba\profiles\%U
logon drive = m:
logon home = \\%N\home\%U
domain logons = Yes
domain master = Yes
dns proxy = No
wins support = Yes
panic action = /usr/share/samba/panic-action %d

[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = Yes
browseable = No
browsable = No

[Profiles]
profile acls = yes
create mode = 0600
directory mode = 0700
path = /home/samba/profiles
read only = no
browseable = no
writeable = yes
guest ok = yes

[homes]
comment = Home Directories
valid users = %S
create mask = 0700
directory mask = 0700
browseable = No
browsable = No


Any ideas?

More information about the samba mailing list