[Samba] Roaming Profiles under Linux clients

steve steve at steve-ss.com
Fri Oct 5 05:14:54 MDT 2012

On 05/10/12 09:44, Denis Cardon wrote:
> Hi Mario,
>> As I configured the Roaming profiles under linux, it more or less
>> generate
>> an abnormal operation (in less than 2 mins) if I add/copy some files
>> to the
>> home directory. But for Windows XP and Windows 7 is running smoothly
>> and it
>> generates folders at the Samba4 server location with corresponding users.
>> e.g. Administrator (for XP), and Administrator.V2 (for Win7/2008)
>> based on
>> my observations.
> I'm interested in the way you configured the roaming profile on the
> linux side. Did you use csync for the synchronisation? I've looked at it
> in the past and didn't found any straight away solution. Anyway, I guess
> there should be some kind of Administrator.linux profile directory on
> the server side since the ubuntu profile won't be compatible from
> windows to linux (those profiles are not even compatible between winxp
> and win7...)
> Cheers,
> Denis
>> I was confused on roaming under linux (or maybe it was not yet
>> supported),
>> because once I login as the administrator (one account in Samba4 - AD
>> user)
>> in linux, adding (files to the desktop) or modifying (I used to move
>> to the
>> home directory). Then login to the Windows 7 and WinXP, it will NOT login
>> when I see the logs of the server using -d3
>> Kerberos: Client sent patypes: encrypted-timestamp, 128
>> Kerberos: Looking for PKINIT pa-data -- administrator at UCHIHA
>> Kerberos: Looking for ENC-TS pa-data -- administrator at UCHIHA
>> Kerberos: Failed to decrypt PA-DATA -- administrator at UCHIHA (enctype
>> arcfour-hmac-md5) error Decrypt integrity check failed
>> Kerberos: Failed to decrypt PA-DATA -- administrator at UCHIHA
>> Kerberos: AS-REQ administrator at UCHIHA from ipv4:
>> for krbtgt/UCHIHA at UCHIHA
>> But for a few minutes, you can login again and this time it will
>> display at
>> the system tray (a dialog box) "User Profile Service There was a problem
>> with your roaming profile. You have been logged on with your previously
>> saved local profile. Please see the event logs for details or contact
>> your
>> administrator", but those files are just only few bytes (less than 1MB)
>> just the pam.d files. The saved files are not located either of
>> Windows XP
>> or 7.
>> auth_check_password_send: Checking password for unmapped user
>> [UCHIHA]\[administrator]@[\\AMBOT-LINUX]
>> auth_check_password_send: mapped user is:
>> [UCHIHA]\[administrator]@[\\AMBOT-LINUX]
>> ntlm_password_check: NTLMv2 password check failed
>> ntlm_password_check: Lanman passwords NOT PERMITTED for user
>> administrator
>> ntlm_password_check: LM password, NT MD4 password in LM field and LMv2
>> failed for user administrator
>> auth_check_password_recv: sam_ignoredomain authentication for user
>> [UCHIHA\administrator] FAILED with error NT_STATUS_WRONG_PASSWORD
>> schannel_fetch_session_key_tdb: restored schannel info key
>> auth_check_password_send: Checking password for unmapped user
>> [UCHIHA]\[administrator]@[\\AMBOT-LINUX]
>> auth_check_password_send: mapped user is:
>> [UCHIHA]\[administrator]@[\\AMBOT-LINUX]
>> Got a dns update request.
>> Update not allowed for unsigned packet.
>> Tkey handshake completed
>> Terminating connection - 'dns_tcp_call_loop:
>> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
>> single_terminate: reason[dns_tcp_call_loop:
>> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
>> But after a 20mins, coz I went somewhere. It goes to normal again. I
>> conclude that Linux (Ubuntu 12.04) roaming profiles is not yet
>> implemented
>> in Samba4 RC2 - Centos 6.3. Other observation, Windows7 machine is not
>> detected in the network, but WinXp and Ubuntu machines are visible.
>> Any ideas how to implement roaming profile under Linux as the clients?
>> Cheers,
>> Mario
It's working here with Version 4.0.0rc3-GIT-56ffe75

All we do to set up the roaming profile on Linux is to add the attribute:
profilePath: \\server\profiles\steve2
to the user DN entry in LDAP.

and whilst we're there we also map his windows home directory to his 
Linux home directory:
homeDrive: Z:
homeDirectory: \\server\home\steve2

Make sure that the profiles share is writeable by the users. We chmod 
1777'd it.


More information about the samba mailing list