[Samba] Need help with roaming profiles
Anders Östling
anders.ostling at gmail.com
Mon Jun 29 19:00:19 UTC 2020
I have a problem that I am unable to sort out. Maybe someone can
assist with advice and troubleshooting.
Client computer is Windows 10 Pro with latest updates as of today.
Servers are a Windows 2019 Standard (logon and AD server) and a Samba
4.11 running on Ubuntu (domain member.
AD account configured with account profile
\\hp-fssrv\profiles\<username>. Home directory is mapped to
\\hp-fssrv\Users\<username>.
Share permissions for Profiles are set in Windows following the Samba
Wiki to the letter.
The logon.cmd script contains
NET USE P: \\hp-fssrv\Programs
NET USE G: \\hp-fssrv\Dokument
NET USE F: \\hp-fssrv\SYS2
Now to the problem: This user have 2 computers. On the main desktop
computer, also Windows 10, the roaming profile seems to work fine and
the network drivers maps correctly.
On his new laptop there is a problem. After logging in, there is a
warning "Unable to map all network drives" and also "Could not load
server profile, using a local profile" (not verbatim).
Windows eventlog have the usual non-informative log entries stating
that there was a problem loading the profile.
The client has 10 more clients that works fine (although not using
roaming profiles, more stationary users), so the problem could very
well be outside of Samba. But maybe one of you has experienced the
same in the past and has some advice.
I have also copied the full smb.conf in case I have done somthing stupid there.
# Global parameters
[global]
netbios name = HP-FSSRV
bind interfaces only = Yes
client max protocol = SMB3
client min protocol = SMB2
dedicated keytab file = /etc/krb5.keytab
disable spoolss = Yes
domain master = No
host msdfs = No
interfaces = lo ens3
kerberos method = secrets and keytab
load printers = No
local master = No
map to guest = Bad User
preferred master = No
printcap name = /dev/null
realm = HOGANAS-PLATSLAGAREN.SE
reset on zero vc = Yes
restrict anonymous = 2
security = ADS
server min protocol = SMB2
server role = member server
unix extensions = No
username map = /etc/samba/user.map
winbind enum groups = Yes
winbind enum users = Yes
winbind offline logon = Yes
winbind refresh tickets = Yes
winbind use default domain = Yes
workgroup = HPLTS
idmap config dg11 : range = 30000-40000
idmap config dg11 : backend = rid
idmap config * : range = 10000-20000
idmap_ldb:use rfc2307 = yes
idmap config * : backend = tdb
acl group control = Yes
dos filemode = Yes
hide unreadable = Yes
map acl inherit = Yes
printing = bsd
strict allocate = Yes
vfs objects = acl_xattr recycle
[Users]
comment = "User home directories"
path = /share2/Users
read only = No
vfs objects = recycle
recycle:exclude = *.tmp
recycle:touch = yes
recycle:versions = yes
recycle:keeptree = yes
recycle:repository = %U/Papperskorg
[Profiles]
comment = "Roaming profiles"
path = /share2/profiles
read only = No
[Dokument]
comment = "Dokument"
path = /share2/Dokument
read only = No
vfs objects = recycle
recycle:versions = yes
recycle:keeptree = yes
recycle:repository = Papperskorg
[Program]
comment = "Applikationer"
path = /share2/Applikationer
read only = No
[SYS]
comment = "Orderprogram"
path = /share2/SYS
read only = No
[SYS2]
comment = "Industriapplikationer"
path = /share2/SYS2
read only = No
Permissions on the samba share looks like this
administrator at hp-srv03:~$ cd /share2/
administrator at hp-srv03:/share2$ getfacl profiles/
# file: profiles/
# owner: administrator
# group: root
user::rwx
user:administrator:rwx
group::---
group:root:---
group:domain\040admins:rwx
group:NT\040Authority\\system:rwx
group:domain\040users:rwx
mask::rwx
other::---
default:user::rwx
default:user:administrator:rwx
default:group::---
default:group:root:---
default:group:domain\040admins:rwx
default:group:NT\040Authority\\system:rwx
default:mask::rwx
--
-----------------------------------------------------------------------------------------------------------------------
This signature contains 100% recyclable electrons as prescribed by Mother Nature
Anders Östling
+46 768 716 165 (Mobil)
+46 431 45 56 01 (Hem)
More information about the samba
mailing list