[Samba] temporary profiles problem - don't want roaming profiles
Jeff Dickens
jeff at seamanpaper.com
Fri Oct 5 15:42:17 MDT 2012
I have a Samba PDC (Ubuntu 12, OpenLDAP 2.4.28, Samba 3.6.3), and at two
remote sites, I have some Samba BDCs.
For now I've manually entered the DCs as WINS servers on the workstations
I'm using for testing. At the remote sites, I can log in with an account
that has no logon path or logon home specified, and it works perfectly.
But at the main site, when I try to log on to one of these accounts I get
first get the "can't find the server copy of the roaming profile" and then
"can't find the local profile logging you in with a temporary profile"
errors. I can't figure this one out. I'm using the same account, and the
samba setups are nearly identical - just one is a BDC and one a PDC.
This is smb.conf on the PDC:
[global]
workgroup = SEAMANPAPER
server string = %h server (Samba, Ubuntu)
map to guest = Bad User
obey pam restrictions = Yes
passdb backend = ldapsam:ldap://localhost
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
smb ports = 137 138 139 445
name resolve order = wins bcast hosts
load printers = No
printcap name = /dev/null
disable spoolss = Yes
rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold'
delete user script = /usr/sbin/smbldap-userdel '%u'
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u'
'%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -W '%u' -t 1
logon path =
logon home =
domain logons = Yes
os level = 65
domain master = Yes
dns proxy = No
wins support = Yes
ldap admin dn = cn=admin,dc=intranet,dc=seamanpaper,dc=com
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = yes
ldap suffix = dc=intranet,dc=seamanpaper,dc=com
ldap ssl = no
ldap user suffix = ou=People
panic action = /usr/share/samba/panic-action %d
idmap config * : range = 1000000-1999999
idmap config * : backend = ldap
printing = bsd
print command = lpr -r -P'%p' %s
lpq command = lpq -P'%p'
lprm command = lprm -P'%p' %j
[profiles]
comment = Windows Profiles
path = /home/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
store dos attributes = Yes
browseable = No
csc policy = disable
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = Yes
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
and on the BDC:
[global]
workgroup = SEAMANPAPER
server string = %h server (Samba, Ubuntu)
map to guest = Bad User
obey pam restrictions = Yes
passdb backend = ldapsam:ldap://localhost
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
smb ports = 137 138 139 445
name resolve order = wins bcast hosts
load printers = No
printcap name = /dev/null
disable spoolss = Yes
rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold'
delete user script = /usr/sbin/smbldap-userdel '%u'
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u'
'%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -W '%u' -t 1
logon path =
logon home =
domain logons = Yes
os level = 65
domain master = No
dns proxy = No
wins proxy = Yes
wins server = 192.168.10.127
ldap admin dn = cn=admin,dc=intranet,dc=seamanpaper,dc=com
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = yes
ldap suffix = dc=intranet,dc=seamanpaper,dc=com
ldap ssl = no
ldap user suffix = ou=People
panic action = /usr/share/samba/panic-action %d
idmap config * : range = 1000000-1999999
idmap config * : backend = ldap
printing = bsd
print command = lpr -r -P'%p' %s
lpq command = lpq -P'%p'
lprm command = lprm -P'%p' %j
[profiles]
comment = Windows Profiles
path = /home/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
store dos attributes = Yes
browseable = No
csc policy = disable
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = Yes
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
Also notice that my account (which has a roaming profile and works fine at
all sites) has a "sambaProfilePath" attribute and the boris and rpoole
accounts don't. This should make them no-roaming-profile accounts but it
doesn't work consistently. It works at the two satellite sites but not at
my main site.
root at grackle:~# ldapsearch -W -D cn=admin,dc=intranet,dc=seamanpaper,dc=com
-H ldap://grackle.intranet.seamanpaper.com -b
dc=intranet,dc=seamanpaper,dc=com "(uid=*jeff*)" | grep Path
Enter LDAP Password:
sambaHomePath: \\wilkins1\home
*sambaProfilePath: \\wilkins1\home\.winProfile*
root at grackle:~#
root at grackle:~# ldapsearch -W -D cn=admin,dc=intranet,dc=seamanpaper,dc=com
-H ldap://grackle.intranet.seamanpaper.com -b
dc=intranet,dc=seamanpaper,dc=com "(uid=*boris*)" | grep Path
Enter LDAP Password:
sambaHomePath: \\wilkins1\home
root at grackle:~# ldapsearch -W -D cn=admin,dc=intranet,dc=seamanpaper,dc=com
-H ldap://grackle.intranet.seamanpaper.com -b
dc=intranet,dc=seamanpaper,dc=com "(uid=*rpoole*)" | grep Path
Enter LDAP Password:
sambaHomePath: \\wilkins1\home
--
* Jeff Dickens*
IT Manager 978-632-1513
More information about the samba
mailing list