[Samba] How to debug not working Roaming profiles on Samba 4 AD setup?
Thomas DEBESSE
thomas.debesse at diocese-frejus-toulon.com
Mon Jun 27 20:03:30 UTC 2016
Hi, some months before, I was serving files and profiles using a Samba 3
PDC server (I will name it PDCSERV), this is some abstracts fro smb.conf:
PDCSERV:/etc/samba/smb.conf
[general]
logon path = \\%N\profile
logon drive = U:
logon home = \\%N\%U
logon script = "logon.cmd"
valid users = %S
[homes]
path = "/home/%U/userdisk"
browseable = No
read only = No
writeable = Yes
browseable = No
public = No
create mask = 2700
directory mask = 0700
valid users = %S
[profile]
path = /home/%U/profile
browsable = No
writeable = Yes
create mask = 0600
directory mask = 0700
profile acls = Yes
csc policy = disable
[profile.v2]
path = /home/%U/profile.v2
browseable = No
writeable = Yes
create mask = 0600
directory mask = 0700
profile acls = Yes
csc policy = disable
Roaming profiles was working fine, they were backed up at user logout.
Then I migrated my setup to a Samba 4 AD server (I will name it ADSERV) and
a Samba 4 File server (I will name it FILESERV), this is some abstracts
from smb.conf from ADSERV and FILESERV:
ADSERV:/etc/samba/smb.conf
[general]
logon path = \\FILESERV\profile
logon drive = U:
logon home = \\FILESERV\%U
logon script = "logon.cmd"
valid users = %S
FILESERV:/etc/samba/smb.conf
[homes]
path = "/home/%U/userdisk"
browseable = No
read only = No
writeable = Yes
browseable = No
public = No
create mask = 2700
directory mask = 0700
valid users = %S
[profile]
path = /home/%U/profile
browsable = No
writeable = Yes
create mask = 0600
directory mask = 0700
profile acls = Yes
csc policy = disable
[profile.v2]
path = /home/%U/profile.v2
browseable = No
writeable = Yes
create mask = 0600
directory mask = 0700
profile acls = Yes
csc policy = disable
>From a logged-in client, I can successfully browse \\FILESERV\homes,
\\FILESERV\username (another view for \\FILESERV\homes), \\FILESERV\profile
and \\FILESERV\profile.v2.
But the Roaming profiles are not backed up at logout. At all. No one.
Since I have a logon.cmd that mount U: to \\FILESERV\homes plus some
registry key that redirect Desktop, and some files to U:\something, I never
lose any user data, but I lose any user configuration when the user's
computer gets replaced, since the user profile is never backed up to the
server at lougout. For stuff like desktop background image it's not a big
problem because users known how to set it and having it broken do not
prevent them to work, but it's very annoying when users lost some
configuration they need to do their job, like per-user option in printer
configuration.
For information, Samba assumes these options on my Samba 4 system (seen
using testparm -v):
[general]
fstype = NTFS
store dos attributes = No
I don't remember what were the default on Samba 3, I have no Samba3 servers
anymore.
My Domain is an AD Domain with Samba 4 servers (both AD and File servers)
and Windows 7/10 clients, there is no Windows servers at all.
So, unless I miss something, all the things above looks legit. So my
question is: how I can debug my setup ? What are the things I must look for
to find what is not working?
--
Thomas DEBESSE
More information about the samba
mailing list