[Samba] Unable to re-connect to roaming profile in samba4

Fri Feb 8 18:22:59 MST 2013

Still can't figure this out.

The client-side logs show two entries:

1. The error in the first message "The processing of Group Policy failed."

2. A DNS processing failure:
"""The system failed to register host (A or AAAA) resource records
(RRs) for network adapter with settings ..."""

At debug level 5, Samba4 shows no DNS problems, and says "Got a dns
update request." "All updates allowed." http://pastebin.com/fYrd9F1W

- Nick

On Thu, Feb 7, 2013 at 8:59 PM, Nick Semenkovich <semenko at syndetics.net> wrote:
> I've just configured Samba4 on Ubuntu (4.0.0+dfsg1-1), and can't seem
> to get roaming profiles working (I followed the guide at
> https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO )
>
> 1. Logons work just fine.
> 2. DNS is configured and working, running through SAMBA_INTERNAL
> 3. Clients can talk to the server and see/access shares at
> \\server.corp.domain.com
> 4. Clients are all Windows 8 and NTP time synced
> 5. Permissions seem "OK" (the profiles directory is currently chmod
> 777 -- without that, only the Administrator seemed to be able to
> create their own profile ...)
> 6. General users can log in/out (which creates a profile, if profiles
> is chmod 777) but a subsequent login can't access it, with a generic
> Windows 8 roaming profile error.
>
> Not really sure where to go from here. I've tried:
> - Rebuilding the domain & re-joining machines
> - Ultra-lax permissions
> - Adding users via the samba-tool versus AD tools in Windows
>
> At client logon, the samba4 logs (with a debug level of 4) show a collection of:
>
> Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
> single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
>
> and a few
>
> Terminating connection - 'kdc_tcp_call_loop:
> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
> single_terminate: reason[kdc_tcp_call_loop:
> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
>
> (Not sure if they're related)
>
>
> Notably, the client machines (all on Win 8) show nearly nothing in the
> Event Log, except a Group Policy failure:
> """
> The processing of Group Policy failed. Windows attempted to read the
> file \\corp.domain.com\sysvol\corp.domain.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini
> from a domain controller and was not successful. Group Policy settings
> may not be applied until this event is resolved. This issue may be
> transient and could be caused by one or more of the following:
> a) Name Resolution/Network Connectivity to the current domain controller.
> b) File Replication Service Latency (a file created on another domain
> controller has not replicated to the current domain controller).
> c) The Distributed File System (DFS) client has been disabled.
> """
>
> (Manually connecting to that gpi.ini file works perfectly)
>
>
>
> Not really sure what's going on here. The only oddities I see are:
> * I can't get the old "add user script" function to work.
> As a result, client usernames seem to just have a UID on the linux
> side (their profiles show up as: drwxr-xr-x 14 3000015 users 4.0K Feb
> 7 20:34 test.V2)
> Any way around that?
> * When profiles are created, they're appended with ".V2" -- Do I need
> to add ".V2" to the profile path setting, e.g. %USERNAME%.V2? (I can't
> imagine that's the case ...)
>
>
> I've pasted my smb.conf to: http://pastebin.com/DQDkGxsv
>
> Any advice?
>
>
> Thanks!
> Nick