[Samba] Need help with roaming profiles

Anders Östling anders.ostling at gmail.com
Tue Jun 30 08:07:03 UTC 2020

Hi Rowland (and others)

On Mon, Jun 29, 2020 at 9:36 PM Rowland penny via samba
<samba at lists.samba.org> wrote:
> On 29/06/2020 20:00, Anders Östling via samba wrote:
> > I have a problem that I am unable to sort out. Maybe someone can
> > assist with advice and troubleshooting.
> >
> OK, you might as well remove these lines, they are defaults:
>          client max protocol = SMB3
>          client min protocol = SMB2
>          server min protocol = SMB2

Done. However, by removing options that are (now) default, would not
that risk to come back and cause problems in case you decide to change
the defaults (for any reason)? Is there a problem with being explicit?
Maybe I am just a bit conservative here :)

> I would also remove these:
>          acl group control = Yes
>          dos filemode = Yes
>          hide unreadable = Yes


> You should also remove this, it should only be in a DC smb.conf:
>          idmap_ldb:use rfc2307 = yes


> Now we come to what could be a couple of typo's:
> You have 'netbios name = HP-FSSRV' but you also posted
> 'administrator at hp-srv03:~$ cd /share2/'
> The 'netbios name' must be the same as the hostname.

Typo. The netbios name is in fact HP-SRV03 and HP-FSSRV is a CNAME
that points to the actual hostname. I prefer to have it this way in
case I need to migrate some services to other hosts. Do you think that
this could cause harm in any way?

> You also seem to be using 'administrator' as a Unix user, please do not
> do this, I know this happens with the 'rid' backend, but in this
> instance Administrator will just be a normal Unix user. You also have
> 'username map = /etc/samba/user.map' and 'root' should be mapped to
> 'Administrator' inside the user.map. Use 'root' (or sudo) on Unix and
> 'Administrator' on Windows, do not mix them.
The local admin account on the LInux box is called administrator and
is only used for ssh access into the virtual Samba host.I almost
always switch to root using sudo when doing admin tasks on the server.

The file user.map is correct and maps the root account from HPLTS\Administrator.

> You have 'workgroup = HPLTS' and 'idmap config dg11', again, they must match

This is a configuration error since day 0 when the test domain was
called DG11. I forgot to change that to HPLTS, but AFAIK see, there
have not been any visible problems. I figured that the IDMAP CONFIG *
would be used as a catch all, and id's in the 10000-range is used (as
specified for the wildcard domain). I must confess that I know way too
little about idmap to feel confident though...

Could ANYONE of these deficiencies be the reason for the issues with
the roaming profile? Another thing that hit me last night was that the
problematic laptop is nly used on wfi, while all others are using
wired networks. Maybe a timing problem when Windows tries to load the
profile before the network drives are ready? Just a thought...

> Rowland

Thank Rowlan for your tremendous effort in supporting us all!

> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

This signature contains 100% recyclable electrons as prescribed by Mother Nature

Anders Östling
+46 768 716 165 (Mobil)
+46 431 45 56 01  (Hem)

More information about the samba mailing list