[Samba] samba 4.1 roaming profiles

Denis BUCHER dbucherml at hsolutions.ch
Mon Dec 15 15:08:37 MST 2014


 

Dear Mark, 

It looks like you are trying to do the same as I did. Did you read the
thread I had some days ago with subject "How to copy roaming profiles to
new server ? ("Group policy client service failed. The logon access is
denied")" ? 

This could help you. 

Other suggestions : 

Not sure if [profiles.V2] is still required but maybe you should try to
add it ? 

We also only had /data/shares/profiles as "path" on old server, but on
the new one we have this : 

path = /data/shares/profiles/%u.V2 

As I am not expert at all I hope this will not create more problems than
solutions, but maybe you will find a hint among these points ;-) 

And this may also help you : 

http://www.ber10thal.com/blog/samba-domain-migration-to-a-new-machine/ 

Denis 

Le 15.12.2014 22:38, Mark Nienberg a écrit : 

> I'm configuring a new samba 4.1 server with NT4 style domain. I've copied
> most of the configuration from our working 3.6 server, making some changes
> as needed for the newer samba version. So far, I have been unable to get
> roaming profiles to work. It seems like the users cannot write in the
> profiles directory, but I don't see why not.
> 
> Here is the relevant part of smb.cond
> 
> [global]
> 
> netbios name = gecko
> workgroup = MSD
> server string = FileServer
> hosts allow = 127. 10.0.0.
> 
> max protocol = SMB2
> 
> allow insecure wide links = yes
> 
> log file = /var/log/samba/log.%m
> max log size = 50
> 
> security = user
> passdb backend = tdbsam
> domain master = yes
> domain logons = yes
> 
> logon script = startup.vbs
> logon path = \%Lprofiles%U
> 
> local master = yes
> os level = 65
> preferred master = yes
> wins support = yes
> 
> map archive = no
> map hidden = no
> map read only = no
> map system = no
> store dos attributes = yes
> acl allow execute always = True
> 
> [homes]
> comment = Home Directories
> path = /mnt/share/homes/%u
> browseable = no
> writable = yes
> valid users = %S
> oplocks = No
> level2 oplocks = No
> 
> [netlogon]
> comment = Network Logon Service
> path = /mnt/share/netlogon
> browseable = no
> writable = no
> write list = +ntadmins
> wide links = yes
> 
> [profiles]
> comment = Roaming Profiles
> path = /mnt/share/ntprofiles
> admin users = +ntadmins
> writable = yes
> profile acls = yes
> csc policy = disable
> 
> And here is the directory structure:
> 
> [root at geckovm share]# ls -la /mnt/share/
> 
> drwxr-xr-x 11 root root 4096 Dec 15 12:24 homes
> drwxrwxrwx 2 root Everyone 4096 Nov 24 18:00 netlogon
> drwxrwxr-x 4 root Everyone 4096 Dec 15 12:24 ntprofiles
> 
> We do all of our administration from the linux side, so I refered to the
> section for
> "Profile Shares using POSIX ACLS" in this wiki article.
> 
> https://wiki.samba.org/index.php/Samba_%26_Windows_Profiles [1]
> 
> Thanks for any suggestions on how to proceed,
> 
> Mark
> 
> -- 
> Please update your records with my new email address.

 

Links:
------
[1] https://wiki.samba.org/index.php/Samba_%26_Windows_Profiles


More information about the samba mailing list