[Samba] samba roaming profiles not working
support at plecavalier.com
Thu Sep 23 06:51:05 MDT 2010
On Sun, 2010-09-19 at 23:11 -0400, Gary Dale wrote:
> On 19/09/10 07:55 PM, Philippe LeCavalier wrote:
> > Gary,
> > On Fri, 2010-09-17 at 14:21 -0400, Gary Dale wrote:
> > > I've been at this for hours now and am still not getting it to
> > > work. I've been through the lists trying to find an answer and so
> > > far as I can tell, everything is configured OK. Obviously it's not,
> > > but I'm stuck.
> > >
> > > I recently installed Squeeze on my home server, overwriting a Lenny
> > > installation. I've been able to add my NT (Windows XP/Pro) domain
> > > accounts back in and pdbedit shows the expected values - e.g.:
> > >
> > > root at whenim64:/home/samba/profiles# pdbedit -Lv garydale Unix
> > > username: garydale NT username: Account Flags: [U ] User SID:
> > > S-1-5-21-832165970-4128531365-4003982369-1002 Primary Group SID:
> > > S-1-5-21-832165970-4128531365-4003982369-513 Full Name: Gary Dale
> > > Home Directory: \\whenim64\home\garydale HomeDir Drive: m: Logon
> > > Script: Profile Path: \\whenim64\home\samba\profiles\garydale
> > > Domain: RAHIM-DALE Account desc: Workstations: Munged dial: Logon
> > > time: 0 Logoff time: 9223372036854775807 seconds since the Epoch
> > > Kickoff time: 9223372036854775807 seconds since the Epoch Password
> > > last set: Wed, 15 Sep 2010 14:05:50 EDT Password can change: Wed,
> > > 15 Sep 2010 14:05:50 EDT Password must change: never Last bad
> > > password : 0 Bad password count : 0 Logon hours :
> > > FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> > ^What's this?^
> That's the pdbedit output from the command at the start of the section
> > >
> > > However, although I can log on, I can't get the roaming profiles
> > > working. I get the "windows cannot locate the server copy of your
> > > roaming profile" message. Since my Unix account names/numbers are
> > > the same and the profiles are in the previously working /home
> > > folder that didn't get touched, I can't see how it''s a permissions
> > > problem. Noneheless, I removed an old profile which should have let
> > > WIndows create a new one. It didn't. I still got the same error.
> > >
> > > I did have to reinstate the groupmaps (don't know why the samba
> > > install doesn't do this) but they seem OK.
> > >
> > > root at whenim64:/home/samba/profiles# net groupmap list Domain Admins
> > > (S-1-5-21-832165970-4128531365-4003982369-512) -> ntadmins Domain
> > > Users (S-1-5-21-832165970-4128531365-4003982369-513) -> users
> > > Domain Guests (S-1-5-21-832165970-4128531365-4003982369-514) ->
> > > nogroup Domain Computers
> > > (S-1-5-21-832165970-4128531365-4003982369-515) -> machines
> > >
> > > My smb.conf tests OK with testparm. SWAT reports all the daemons
> > > are running. I can map shares (with read/write) without needing
> > > extra authentication.
> > >
> > > My smb.conf (minus the shares & printers) is:
> > [...]
> > > logon path = \\%N\home\samba\profiles\%U
> > In 'man smb.conf'
> > Windows clients can sometimes maintain a connection to the [homes]
> > share, even though there is no user logged in. Therefore, it is
> > vital that the logon path does not include a reference to the homes
> > share (i.e. setting this parameter to \\%N\homes \profile_path will
> > cause problems). [...] If you want profiles stored in the home dir
> > use the default setting ie \ \%N\%U\Profile
> > > [Profiles] profile acls = yes create mode = 0600 directory mode =
> > > 0700 path = /home/samba/profiles
> > Set this to \\%N\%U\Profile OR edit [global] to the reflect this.
> > Either way, it needs to be identical and fall within an allowable
> > setting.
> > May I also add that in my opinion you've gone a little overboard
> > with the settings in [global] I've been using Samba as a DC for many
> > years and have never needed to change so many settings. I would
> > suggest starting with defaults and editing as needed...Just a
> > thought.
> > Cheers, Phil
> Actually the [global] settings are pretty much the defaults. Possibly
> it's a Debian thing or the way SWAT leaves it. I added the add machine
> script and changed the logon path.
Didn't consider SWAT. You're right, SWAT does add allot.
> It turned out you were right about the duplication of the path between
> logon path and the profiles share. Removing the duplicated path from the
> logon path fixed it. I knew it was something stupid that I was missing. :)
More information about the samba