[Samba] samba roaming profiles not working

Philippe LeCavalier support at plecavalier.com
Thu Sep 23 06:51:05 MDT 2010 

On Sun, 2010-09-19 at 23:11 -0400, Gary Dale wrote:

> On 19/09/10 07:55 PM, Philippe LeCavalier wrote:
> >  Gary,
> >
> >  On Fri, 2010-09-17 at 14:21 -0400, Gary Dale wrote:
> >
> > > I've been at this for hours now and am still not getting it to
> > > work. I've been through the lists trying to find an answer and so
> > > far as I can tell, everything is configured OK. Obviously it's not,
> > > but I'm stuck.
> > >
> > > I recently installed Squeeze on my home server, overwriting a Lenny
> > >  installation. I've been able to add my NT (Windows XP/Pro) domain
> > >  accounts back in and pdbedit shows the expected values - e.g.:
> > >
> > > root at whenim64:/home/samba/profiles# pdbedit -Lv garydale Unix
> > > username: garydale NT username: Account Flags: [U ] User SID:
> > > S-1-5-21-832165970-4128531365-4003982369-1002 Primary Group SID:
> > > S-1-5-21-832165970-4128531365-4003982369-513 Full Name: Gary Dale
> > > Home Directory: \\whenim64\home\garydale HomeDir Drive: m: Logon
> > > Script: Profile Path: \\whenim64\home\samba\profiles\garydale
> > > Domain: RAHIM-DALE Account desc: Workstations: Munged dial: Logon
> > > time: 0 Logoff time: 9223372036854775807 seconds since the Epoch
> > > Kickoff time: 9223372036854775807 seconds since the Epoch Password
> > > last set: Wed, 15 Sep 2010 14:05:50 EDT Password can change: Wed,
> > > 15 Sep 2010 14:05:50 EDT Password must change: never Last bad
> > > password : 0 Bad password count : 0 Logon hours :
> > > FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> >
> >  ^What's this?^
> That's the pdbedit output from the command at the start of the section

Gotcha.

> 
> >
> > >
> > > However, although I can log on, I can't get the roaming profiles
> > > working. I get the "windows cannot locate the server copy of your
> > > roaming profile" message. Since my Unix account names/numbers are
> > > the same and the profiles are in the previously working /home
> > > folder that didn't get touched, I can't see how it''s a permissions
> > > problem. Noneheless, I removed an old profile which should have let
> > > WIndows create a new one. It didn't. I still got the same error.
> > >
> > > I did have to reinstate the groupmaps (don't know why the samba
> > > install doesn't do this) but they seem OK.
> > >
> > > root at whenim64:/home/samba/profiles# net groupmap list Domain Admins
> > > (S-1-5-21-832165970-4128531365-4003982369-512) -> ntadmins Domain
> > > Users (S-1-5-21-832165970-4128531365-4003982369-513) -> users
> > > Domain Guests (S-1-5-21-832165970-4128531365-4003982369-514) ->
> > > nogroup Domain Computers
> > > (S-1-5-21-832165970-4128531365-4003982369-515) -> machines
> > >
> > > My smb.conf tests OK with testparm. SWAT reports all the daemons
> > > are running. I can map shares (with read/write) without needing
> > > extra authentication.
> > >
> > > My smb.conf (minus the shares & printers) is:
> >
> >  [...]
> >
> > > logon path = \\%N\home\samba\profiles\%U
> >
> >  In 'man smb.conf'
> >
> >  Windows clients can sometimes maintain a connection to the [homes]
> >  share, even though there is no user logged in. Therefore, it is
> >  vital that the logon path does not include a reference to the homes
> >  share (i.e. setting this parameter to \\%N\homes \profile_path will
> >  cause problems). [...] If you want profiles stored in the home dir
> >  use the default setting ie \ \%N\%U\Profile
> 
> >
> > > [Profiles] profile acls = yes create mode = 0600 directory mode =
> > > 0700 path = /home/samba/profiles
> >
> >  Set this to \\%N\%U\Profile OR edit [global] to the reflect this.
> >  Either way, it needs to be identical and fall within an allowable
> >  setting.
> >
> >  May I also add that in my opinion you've gone a little overboard
> >  with the settings in [global] I've been using Samba as a DC for many
> >  years and have never needed to change so many settings. I would
> >  suggest starting with defaults and editing as needed...Just a
> >  thought.
> >
> >  Cheers, Phil
> 
> Actually the [global] settings are pretty much the defaults. Possibly 
> it's a Debian thing or the way SWAT leaves it. I added the add machine 
> script and changed the logon path.

Didn't consider SWAT. You're right, SWAT does add allot.

> 
> It turned out you were right about the duplication of the path between 
> logon path and the profiles share. Removing the duplicated path from the 
> logon path fixed it. I knew it was something stupid that I was missing.  :)
> 
> Thanks.

You're welcome.


Phil

More information about the samba mailing list