[Samba] W10 Pro 1903 and Samba with Roaming Profiles: "We can't sign in to your account"

L.P.H. van Belle belle at bazuin.nl
Tue Jun 25 14:49:57 UTC 2019 

.. Retry, oliver knows .. 

Have you seen:  
https://4sysops.com/archives/new-gpo-settings-in-windows-10-1903-enforce-updates-storage-sense-and-logon/ 
 
https://www.bleepingcomputer.com/news/microsoft/windows-10-version-1903-drops-password-expiration-policies/ 

https://www.windowscentral.com/whats-new-sign-experience-windows-10-may-2019-update 

Hmm, and the more i see the more i dislike..  :-/ 

But you problem , most probely, the single domain settings, did you config these in the GPO to allow these? 
Use FQDN in you \\server\share so its \\hostname.domain\share 

And read : 
https://docs.microsoft.com/en-us/windows-server/storage/folder-redirection/deploy-roaming-user-profiles 

My guess, using FQDN in the shares changes NTLM to Kerberos in the backgroup. 
And even MS Docs is not consistant. 
First they show this :  For example:  \\fs1.corp.contoso.com\User Profiles$\%username% 

Then in the table below 
Windows 10, version 1703 and version 1607	\\<servername>\<fileshare>\<username>.V6
I say, use FQDN\share only these days, it helps..


Greetz, 

Louis




> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Oliver Doll via samba
> Verzonden: dinsdag 25 juni 2019 15:26
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] W10 Pro 1903 and Samba with Roaming 
> Profiles: "We can't sign in to your account"
> 
> [see also my thread started here
> https://social.technet.microsoft.com/Forums/en-US/b653e756-f96
> 6-4f8f-9d13-f19a88d4cc5e/w10-pro-1903-and-samba-with-roaming-p
> rofiles-quotwe-cant-sign-in-to-your-accountquot?forum=win10itp
> rogeneral]
> 
> Hello,
> 
> since the upgrade from W10 pro 1809 to 1903 roaming users can still
> logon, but they are 'greeted' with the message: "We can't sign in to
> your account", letting them know, that they are working with 
> a temporary
> user profile only, and that their work will get lost, if they don't
> sign-off.
> 
> The user profiles are handled by a samba server running in an 
> NT4-Style
> DC Mode with "Single Label DNS Domain" on a Debian system.
> 
> When the user's logged on to the 1903 machine with the temp 
> profile, his
> home directory on the samba server is mapped (as usually) 
> locally on to
> the network drive with the letter Z: [e.g. shown as "zurbel (\\share)
> (Z:)"] and he also has access to all other shares and it's data on the
> samba server.
> 
> I had a look into the registry for ".bak" profiles, but there aren't
> any. so I think this is not the problem.
> 
> As a test I created the new and clean empty user profile 
> "zurbel" on the
> samba, however also this new user gets the same warning.
> 
> The login with this user on to a 1809 system works flawlessly.
> 
> A profile.V6 gets created and also the user's data get properly synced
> (back) to its directory on the samba server.
> 
> zurbel# ls -al profile.V6/
> total 836
> drwxr-xr-x 16 zurbel root    4096 Jun  4 19:27 .
> drwxr-xr-x  3 zurbel root    4096 Jun  4 19:12 ..
> drwxrwxr-x  2 zurbel guest   4096 Jun  4 19:24 3D Objects
> drwxrwxr-x  3 zurbel guest   4096 Jun  4 19:24 AppData
> drwxrwxr-x  2 zurbel guest   4096 Jun  4 19:24 Contacts
> drwxrwxr-x  2 zurbel guest   4096 Jun  4 19:24 Desktop
> drwxrwxr-x  2 zurbel guest   4096 Jun  4 19:24 Documents
> drwxrwxr-x  2 zurbel guest   4096 Jun  4 19:24 Downloads
> drwxrwxr-x  3 zurbel guest   4096 Jun  4 19:24 Favorites
> drwxrwxr-x  2 zurbel guest   4096 Jun  4 19:24 IntelGraphicsProfiles
> drwxrwxr-x  2 zurbel guest   4096 Jun  4 19:24 Links
> drwxrwxr-x  2 zurbel guest   4096 Jun  4 19:24 Music
> -rwxrwxr-x  1 zurbel guest 786432 Jun  4 19:27 NTUSER.DAT
> -rwxrwxr-x  1 zurbel guest    294 Jun  4 19:27 ntuser.ini
> drwxrwxr-x  4 zurbel guest   4096 Jun  4 19:24 Pictures
> drwxrwxr-x  2 zurbel guest   4096 Jun  4 19:24 Saved Games
> drwxrwxr-x  2 zurbel guest   4096 Jun  4 19:24 Searches
> drwxrwxr-x  2 zurbel guest   4096 Jun  4 19:24 Videos
> 
> Does anybody have a hint how to fix this issue, pls.
> -- 
> Thx & cheers
> Oliver
> 
> PS: In the meantime in the hope to make this issue obsolete I 
> made three
> attemps to "Classic Upgrade" my NT4 Style Domain, but without success,
> which is another story though ...
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list