[Samba] samba roaming profiles not working

Philippe LeCavalier support at plecavalier.com
Sun Sep 19 17:55:04 MDT 2010


On Fri, 2010-09-17 at 14:21 -0400, Gary Dale wrote:

> I've been at this for hours now and am still not getting it to work. 
> I've been through the lists trying to find an answer and so far as I can 
> tell, everything is configured OK. Obviously it's not, but I'm stuck.
> I recently installed Squeeze on my home server, overwriting a Lenny 
> installation. I've been able to add my NT (Windows XP/Pro) domain 
> accounts back in and pdbedit shows the expected values - e.g.:
> root at whenim64:/home/samba/profiles# pdbedit -Lv garydale
> Unix username: garydale
> NT username:
> Account Flags: [U ]
> User SID: S-1-5-21-832165970-4128531365-4003982369-1002
> Primary Group SID: S-1-5-21-832165970-4128531365-4003982369-513
> Full Name: Gary Dale
> Home Directory: \\whenim64\home\garydale
> HomeDir Drive: m:
> Logon Script:
> Profile Path: \\whenim64\home\samba\profiles\garydale
> Domain: RAHIM-DALE
> Account desc:
> Workstations:
> Munged dial:
> Logon time: 0
> Logoff time: 9223372036854775807 seconds since the Epoch
> Kickoff time: 9223372036854775807 seconds since the Epoch
> Password last set: Wed, 15 Sep 2010 14:05:50 EDT
> Password can change: Wed, 15 Sep 2010 14:05:50 EDT
> Password must change: never
> Last bad password : 0
> Bad password count : 0

                                                ^What's this?^

> However, although I can log on, I can't get the roaming profiles 
> working. I get the "windows cannot locate the server copy of your 
> roaming profile" message. Since my Unix account names/numbers are the 
> same and the profiles are in the previously working /home folder that 
> didn't get touched, I can't see how it''s a permissions problem. 
> Noneheless, I removed an old profile which should have let WIndows 
> create a new one. It didn't. I still got the same error.
> I did have to reinstate the groupmaps (don't know why the samba install 
> doesn't do this) but they seem OK.
> root at whenim64:/home/samba/profiles# net groupmap list
> Domain Admins (S-1-5-21-832165970-4128531365-4003982369-512) -> ntadmins
> Domain Users (S-1-5-21-832165970-4128531365-4003982369-513) -> users
> Domain Guests (S-1-5-21-832165970-4128531365-4003982369-514) -> nogroup
> Domain Computers (S-1-5-21-832165970-4128531365-4003982369-515) -> machines
> My smb.conf tests OK with testparm. SWAT reports all the daemons are 
> running. I can map shares (with read/write) without needing extra 
> authentication.
> My smb.conf (minus the shares & printers) is:


> logon path = \\%N\home\samba\profiles\%U

In 'man smb.conf'

Windows clients can sometimes maintain a connection to the [homes]
share, even though there is no user logged in. Therefore, it is vital
that the logon path does not include a reference to
           the homes share (i.e. setting this parameter to \\%N\homes
\profile_path will cause problems).
If you want profiles stored in the home dir use the default setting ie \

> [Profiles]
> profile acls = yes
> create mode = 0600
> directory mode = 0700
> path = /home/samba/profiles

Set this to \\%N\%U\Profile OR edit [global] to the reflect this. Either
way, it needs to be identical and fall within an allowable setting.

May I also add that in my opinion you've gone a little overboard with
the settings in [global] I've been using Samba as a DC for many years
and have never needed to change so many settings. I would suggest
starting with defaults and editing as needed...Just a thought.


More information about the samba mailing list