[Samba] Need help with roaming profiles

Anders Östling anders.ostling at gmail.com
Mon Jun 29 19:00:19 UTC 2020


I have a problem that I am unable to sort out. Maybe someone can
assist with advice and troubleshooting.

Client computer is Windows 10 Pro with latest updates as of today.
Servers are a Windows 2019 Standard (logon and AD server) and a Samba
4.11 running on Ubuntu (domain member.
AD account configured with account profile
\\hp-fssrv\profiles\<username>. Home directory is mapped to
\\hp-fssrv\Users\<username>.

Share permissions for Profiles are set in Windows following the Samba
Wiki to the letter.

The logon.cmd script contains

NET USE P: \\hp-fssrv\Programs
NET USE G: \\hp-fssrv\Dokument
NET USE F: \\hp-fssrv\SYS2

Now to the problem: This user have 2 computers. On the main desktop
computer, also Windows 10, the roaming profile seems to work fine and
the network drivers maps correctly.
On his new laptop there is a problem. After logging in, there is a
warning "Unable to map all network drives" and also "Could not load
server profile, using a local profile" (not verbatim).
Windows eventlog have the usual non-informative log entries stating
that there was a problem loading the profile.

The client has 10 more clients that works fine (although not using
roaming profiles, more stationary users), so the problem could very
well be outside of Samba. But maybe one of you has experienced the
same in the past and has some advice.
I have also copied the full smb.conf in case I have done somthing stupid there.

# Global parameters
[global]
        netbios name = HP-FSSRV
        bind interfaces only = Yes
        client max protocol = SMB3
        client min protocol = SMB2
        dedicated keytab file = /etc/krb5.keytab
        disable spoolss = Yes
        domain master = No
        host msdfs = No
        interfaces = lo ens3
        kerberos method = secrets and keytab
        load printers = No
        local master = No
        map to guest = Bad User
        preferred master = No
        printcap name = /dev/null
        realm = HOGANAS-PLATSLAGAREN.SE
        reset on zero vc = Yes
        restrict anonymous = 2
        security = ADS
        server min protocol = SMB2
        server role = member server
        unix extensions = No
        username map = /etc/samba/user.map
        winbind enum groups = Yes
        winbind enum users = Yes
        winbind offline logon = Yes
        winbind refresh tickets = Yes
        winbind use default domain = Yes
        workgroup = HPLTS
        idmap config dg11 : range = 30000-40000
        idmap config dg11 : backend = rid
        idmap config * : range = 10000-20000
        idmap_ldb:use rfc2307 = yes
        idmap config * : backend = tdb
        acl group control = Yes
        dos filemode = Yes
        hide unreadable = Yes
        map acl inherit = Yes
        printing = bsd
        strict allocate = Yes
        vfs objects = acl_xattr recycle

[Users]
        comment = "User home directories"
        path = /share2/Users
        read only = No
        vfs objects = recycle
        recycle:exclude = *.tmp
        recycle:touch = yes
        recycle:versions = yes
        recycle:keeptree = yes
        recycle:repository = %U/Papperskorg

[Profiles]
        comment = "Roaming profiles"
        path = /share2/profiles
        read only = No

[Dokument]
        comment = "Dokument"
        path = /share2/Dokument
        read only = No
        vfs objects = recycle
        recycle:versions = yes
        recycle:keeptree = yes
        recycle:repository = Papperskorg

[Program]
        comment = "Applikationer"
        path = /share2/Applikationer
        read only = No

[SYS]
        comment = "Orderprogram"
        path = /share2/SYS
        read only = No

[SYS2]
        comment = "Industriapplikationer"
        path = /share2/SYS2
        read only = No

Permissions on the samba share looks like this

administrator at hp-srv03:~$ cd /share2/
administrator at hp-srv03:/share2$ getfacl profiles/
# file: profiles/
# owner: administrator
# group: root
user::rwx
user:administrator:rwx
group::---
group:root:---
group:domain\040admins:rwx
group:NT\040Authority\\system:rwx
group:domain\040users:rwx
mask::rwx
other::---
default:user::rwx
default:user:administrator:rwx
default:group::---
default:group:root:---
default:group:domain\040admins:rwx
default:group:NT\040Authority\\system:rwx
default:mask::rwx
-- 
-----------------------------------------------------------------------------------------------------------------------
This signature contains 100% recyclable electrons as prescribed by Mother Nature

Anders Östling
+46 768 716 165 (Mobil)
+46 431 45 56 01  (Hem)



More information about the samba mailing list