[Samba] Storing Profile remote on Samba PDC only works for one user

Konstantin Kletschke kk at trackitsystems.de
Fri Sep 24 08:19:11 MDT 2010 

Hello,

actually I am trying to implement a samba PDC server with a LDAP backend
where user are authenticated with. Additionally the users' profiles
should be stored on it, whicht only works for one user, not the 3
other. The point is, I don't see the difference between them so it
should work for all or none.

This is what I have in my smb.conf regarding this:

[global]

        logon script = logon.cmd
        logon path = \\%L\profiles\%U\%a
        logon drive = H:
        domain logons = Yes

[profiles]
# Provide a specific roving profile share
# the default is to use the user's home directory
# The permissions on the profiles directory should be
# chmod 1757 /exports/home/samba/profiles
# drwxr-xrwt    5 root     root         4096 May  1 08:43 profiles
[profiles]
   comment = Users profile
   path = /exports/home/samba/profiles
   valid users = "@Domain Admins" "@Domain Users" "@Domain Guests" "@smbusers"
   read only = no
   create mask = 0660
   directory mask = 0770
   nt acl support = yes
   browseable = no
   guest ok = yes
   printable = no
   hide files = /desktop.ini/outlook*.lnk/*Briefcase*/
   guest ok = yes
   profile acls = yes
   locking = No

For one user, XXXXXXX_admin, this works fine. But the funny thing is,
its profile comes to /exports/home/samba/profiles/XXXXXXX_admin NOT
/exports/home/samba/profiles/XXXXXXX_admin/Win2K when accessed with
windows2000. Why is the %a ignored (debian samba package 3.5.5)? Despite
of that, it basically works.

This is an LDAP output for the working user:

ldapsearch -x -b "dc=XXXXXXXsystems,dc=de"
"(&(|(objectClass=sambaAccount)(objectClass=sambaSamAccount))(objectClass=posixAccount)(uid=XXXXXXX_admin))"

# extended LDIF
#
# LDAPv3
# base <dc=XXXXXXXsystems,dc=de> with scope subtree
# filter: (&(|(objectClass=sambaAccount)(objectClass=sambaSamAccount))(objectClass=posixAccount)(uid=XXXXXXX_admin))
# requesting: ALL
#

# XXXXXXX_admin, Users, XXXXXXXsystems.de
dn: uid=XXXXXXX_admin,ou=Users,dc=XXXXXXXsystems,dc=de
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: XXXXXXX_admin
sn: XXXXXXX_admin
givenName: XXXXXXX_admin
uid: XXXXXXX_admin
uidNumber: 1007
gidNumber: 512
homeDirectory: /exports/home/XXXXXXX_admin
loginShell: /bin/bash
gecos: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: XXXXXXX_admin
sambaSID: S-1-5-21-3833919196-1227853012-1360384830-3014
sambaPrimaryGroupSID: S-1-5-21-3833919196-1227853012-1360384830-512
sambaProfilePath: \\pferdekopfnebel\profiles\XXXXXXX_admin
sambaHomePath: \\pferdekopfnebel\XXXXXXX_admin
sambaHomeDrive: H:
sambaAcctFlags: [U]
sambaPwdLastSet: 1281971080
sambaPwdMustChange: 1285859080
shadowMax: 45

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

For all other users, when they log in the profile directory is
successfully created /exports/home/samba/profiles/XXXXXXX_user, but
there never one file is put to. Windows puts no errors out or claims
about not finding/accessing/exisiting profile. I can put files into the
samba share being the profile with no problem.

This is an LDAP output for such a user:

~/ > ldapsearch -x -b "dc=XXXXXXXsystems,dc=de" "(&(|(objectClass=sambaAccount)(objectClass=sambaSamAccount))(objectClass=posixAccount)(uid=XXXXXXX_user))"
# extended LDIF
#
# LDAPv3
# base <dc=XXXXXXXsystems,dc=de> with scope subtree
# filter: (&(|(objectClass=sambaAccount)(objectClass=sambaSamAccount))(objectClass=posixAccount)(uid=XXXXXXX_user))
# requesting: ALL
#

# XXXXXXX_user, Users, XXXXXXXsystems.de
dn: uid=XXXXXXX_user,ou=Users,dc=XXXXXXXsystems,dc=de
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: XXXXXXX_user
sn: XXXXXXX_user
givenName: XXXXXXX_user
uid: XXXXXXX_user
uidNumber: 1008
gidNumber: 513
homeDirectory: /exports/home/XXXXXXX_user
loginShell: /bin/bash
gecos: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: XXXXXXX_user
sambaSID: S-1-5-21-3833919196-1227853012-1360384830-3016
sambaPrimaryGroupSID: S-1-5-21-3833919196-1227853012-1360384830-513
sambaProfilePath: \\pferdekopfnebel\profiles\XXXXXXX_user
sambaHomePath: \\pferdekopfnebel\XXXXXXX_user
sambaHomeDrive: H:
sambaAcctFlags: [U]
sambaPwdLastSet: 1281972169
sambaPwdMustChange: 1285860169
shadowMax: 45

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Well, what at any chance could yield to such an error, where should I
start to search further? ATM I have no clue what to debug next.

Kind regards, Konsti

More information about the samba mailing list