[Samba] Roaming profiles not being loaded

Simon Matthews simon.d.matthews at gmail.com
Sat Mar 24 20:42:31 MDT 2012 

I tried to build a setup to model and hence learn how to configure samba
servers for the setup that I described below.

However, a user login in which the profile is defined to be on a samba
server that is not the PDC never gets a roaming profile -- instead the user
always gets a temporary profile. Looking at the Windows logs, it is
complaining about a permissions issue. However, once logged in (with the
temporary profile), that user can create and modify files in the profile
directory. I have turned logging level to 3, but I don't see anything
useful.

The PDC is running SAMBA 3.5.11, while the other server (modeling the
fileserver in the proposed network) is running SAMBA 3.5.10.

The usernames exist in the /etc/passwd files on both machines (although I
think that I should not need this if I can get winbindd working properly).
Home directories for the suers exist on both machines.

Some specifics:
1. smb.conf from the "fileserver" (Not the PDC, but the machine where the
profile directories are found):
[global]

    workgroup = MATTHEWS
    server string = Samba Server Version %v
    netbios name = sambatest
     log file = /var/log/samba/log.%m
    max log size = 50
    log level = 3
     security = domain
    passdb backend = tdbsam
    password server = firewall
    idmap backend = tdb
    idmap uid = 9000-9999
    idmap gid = 9000-9999

    local master = no
    load printers = yes
    cups options = raw

[homes]
    comment = Home Directories
    browseable = no
    writable = yes

[printers]
    comment = All Printers
    path = /var/spool/samba
    browseable = no
    guest ok = no
    writable = no
    printable = yes

[profiles]
    comment = profiles
    path = /export/profiles
    browseable = yes
    guest ok = yes

smb.conf from the PDC:
[global]
    workgroup = MATTHEWS
    netbios aliases = SERVER, firewall, newfirewall
    server string = Samba Server %v
    interfaces = 192.168.89.1, 127.0.0.1, 192.168.89.2, 192.168.89.6,
10.9.0.1
    bind interfaces only = Yes
    security = user
    log file = /var/log/samba3/log.%m
    max log size = 50
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    printcap name = /etc/printcap
    os level = 90
    preferred master = Yes
    domain master = Yes
    domain logons = yes
    dns proxy = No
    wins server = 192.168.89.1
    wins support = Yes
    admin users = root, simon, @wheel
    hosts allow = 192.168.0.0/255.255.0.0, 10.8.0.0/24
    hosts deny = 0.0.0.0/0
    passdb backend = tdbsam
        logon path = \\%N\profiles\%U
    logon home = \\firewall\%U\winprofile
[profiles]
    comment = profiles
    path = /export/profiles
    read only = No
[homes]
    comment = Home Directories
    path = /home/%u
    read only = No
[allhomes]
    comment = Home Directories
    path = /home
    guest ok = Yes
[print$]
    path = /var/lib/samba/printers
    guest ok = Yes

[CD]
    path = /mnt/cdrom/
    guest ok = Yes
[certs]
    path = /home/certs
    guest ok = Yes
[pub]
    path = /home/pub
    read only = No
    guest ok = Yes
[HP]
    comment = HP Printer
    path = /tmp
    guest ok = Yes
    printable = Yes
    print command = lpr -P HP -oraw -r -l  %s
    lpq command = lpq -P'HP'
    lprm command = lprm -P'HP' %j
    use client driver = Yes
[Laser]
    path = /tmp
    printable = Yes

pdb data for user that cannot get a profile:

 pdbedit -v simontest
Unix username:        simontest
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-812011073-3920078087-27638135-1004
Primary Group SID:    S-1-5-21-812011073-3920078087-27638135-513
Full Name:
Home Directory:       \\firewall\simontest\winprofile
HomeDir Drive:
Logon Script:
Profile Path:         \\sambatest\profiles\simontest
Domain:               MATTHEWS
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Wed, 06 Feb 2036 07:06:39 PST
Kickoff time:         Wed, 06 Feb 2036 07:06:39 PST
Password last set:    Sat, 24 Mar 2012 15:09:20 PDT
Password can change:  Sat, 24 Mar 2012 15:09:20 PDT
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

Does anyone have any suggestions on what might be wrong? If it needs
entries from the log files, I can add these.

Simon

On Sat, Mar 24, 2012 at 12:09 PM, Simon Matthews <simon.d.matthews at gmail.com
> wrote:

> I currently have a server which is both the PDC for my domain and the file
> server for the network.
>
> I need to split these functions and move the PDC function to another box,
> while leaving the original server as the file server on which home
> directories and roaming profiles are stored. User credentials are stored in
> a tdbsam database and I am running Samba 3.5.
>
> Does anyone have any pointers on what to move and any potential pitfalls
> in the process? I have always used the same machine for both the PDC and
> file server, so this is somewhat unknown territory for me. I assume that
> the file server will still run samba, and I will change the "domain master
> = " and "domain logins = " to no in both cases. Also "security =" should be
> set to "security = domain" and add set up a machine account on the file
> server which is then joined to the domain?
>
> What files need to be moved to the new samba server? I see that there are
> files in /var/cache/samba (it's a Gentoo system) which I assume also have
> to be put into the proper place on the new server. Is there anything else I
> need to look for.
>
> Many thanks for any suggestions.
>
> Simon
>

More information about the samba mailing list