[Samba] How to debug not working Roaming profiles on Samba 4 AD setup?

Thomas DEBESSE thomas.debesse at diocese-frejus-toulon.com
Mon Jun 27 20:03:30 UTC 2016


Hi, some months before, I was serving files and profiles using a Samba 3
PDC server (I will name it PDCSERV), this is some abstracts fro smb.conf:

PDCSERV:/etc/samba/smb.conf

[general]
        logon path   = \\%N\profile
        logon drive  = U:
        logon home   = \\%N\%U
        logon script = "logon.cmd"
        valid users = %S

[homes]
        path = "/home/%U/userdisk"
        browseable = No
        read only = No
        writeable = Yes
        browseable = No
        public = No
        create mask = 2700
        directory mask = 0700
        valid users = %S

[profile]
        path = /home/%U/profile
        browsable = No
        writeable = Yes
        create mask = 0600
        directory mask = 0700
        profile acls = Yes
        csc policy = disable

[profile.v2]
        path = /home/%U/profile.v2
        browseable = No
        writeable = Yes
        create mask = 0600
        directory mask = 0700
        profile acls = Yes
        csc policy = disable

Roaming profiles was working fine, they were backed up at user logout.

Then I migrated my setup to a Samba 4 AD server (I will name it ADSERV) and
a Samba 4 File server (I will name it FILESERV), this is some abstracts
from smb.conf from ADSERV and FILESERV:

ADSERV:/etc/samba/smb.conf

[general]
        logon path   = \\FILESERV\profile
        logon drive  = U:
        logon home   = \\FILESERV\%U
        logon script = "logon.cmd"
        valid users = %S

FILESERV:/etc/samba/smb.conf

[homes]
        path = "/home/%U/userdisk"
        browseable = No
        read only = No
        writeable = Yes
        browseable = No
        public = No
        create mask = 2700
        directory mask = 0700
        valid users = %S

[profile]
        path = /home/%U/profile
        browsable = No
        writeable = Yes
        create mask = 0600
        directory mask = 0700
        profile acls = Yes
        csc policy = disable

[profile.v2]
        path = /home/%U/profile.v2
        browseable = No
        writeable = Yes
        create mask = 0600
        directory mask = 0700
        profile acls = Yes
        csc policy = disable

>From a logged-in client, I can successfully browse \\FILESERV\homes,
\\FILESERV\username (another view for \\FILESERV\homes), \\FILESERV\profile
and \\FILESERV\profile.v2.

But the Roaming profiles are not backed up at logout. At all. No one.

Since I have a logon.cmd that mount U: to \\FILESERV\homes plus some
registry key that redirect Desktop, and some files to U:\something, I never
lose any user data, but I lose any user configuration when the user's
computer gets replaced, since the user profile is never backed up to the
server at lougout. For stuff like desktop background image it's not a big
problem because users known how to set it and having it broken do not
prevent them to work, but it's very annoying when users lost some
configuration they need to do their job, like per-user option in printer
configuration.

For information, Samba assumes these options on my Samba 4 system (seen
using testparm -v):

[general]
        fstype = NTFS
        store dos attributes = No

I don't remember what were the default on Samba 3, I have no Samba3 servers
anymore.

My Domain is an AD Domain with Samba 4 servers (both AD and File servers)
and Windows 7/10 clients, there is no Windows servers at all.

So, unless I miss something, all the things above looks legit. So my
question is: how I can debug my setupÔÇ»? What are the things I must look for
to find what is not working?

-- 
Thomas DEBESSE


More information about the samba mailing list