[Samba] Unable to re-connect to roaming profile in samba4

Nick Semenkovich semenko at syndetics.net
Thu Feb 7 19:59:44 MST 2013 

I've just configured Samba4 on Ubuntu (4.0.0+dfsg1-1), and can't seem
to get roaming profiles working (I followed the guide at
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO )

1. Logons work just fine.
2. DNS is configured and working, running through SAMBA_INTERNAL
3. Clients can talk to the server and see/access shares at
\\server.corp.domain.com
4. Clients are all Windows 8 and NTP time synced
5. Permissions seem "OK" (the profiles directory is currently chmod
777 -- without that, only the Administrator seemed to be able to
create their own profile ...)
6. General users can log in/out (which creates a profile, if profiles
is chmod 777) but a subsequent login can't access it, with a generic
Windows 8 roaming profile error.

Not really sure where to go from here. I've tried:
- Rebuilding the domain & re-joining machines
- Ultra-lax permissions
- Adding users via the samba-tool versus AD tools in Windows

At client logon, the samba4 logs (with a debug level of 4) show a collection of:

Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]

and a few

Terminating connection - 'kdc_tcp_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[kdc_tcp_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]

(Not sure if they're related)


Notably, the client machines (all on Win 8) show nearly nothing in the
Event Log, except a Group Policy failure:
"""
The processing of Group Policy failed. Windows attempted to read the
file \\corp.domain.com\sysvol\corp.domain.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini
from a domain controller and was not successful. Group Policy settings
may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain
controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
"""

(Manually connecting to that gpi.ini file works perfectly)



Not really sure what's going on here. The only oddities I see are:
* I can't get the old "add user script" function to work.
As a result, client usernames seem to just have a UID on the linux
side (their profiles show up as: drwxr-xr-x 14 3000015 users 4.0K Feb
7 20:34 test.V2)
Any way around that?
* When profiles are created, they're appended with ".V2" -- Do I need
to add ".V2" to the profile path setting, e.g. %USERNAME%.V2? (I can't
imagine that's the case ...)


I've pasted my smb.conf to: http://pastebin.com/DQDkGxsv

Any advice?


Thanks!
Nick

More information about the samba mailing list