[Samba] Windows profile not syncing on logout
Simon Hakenes
simon.hakenes at ini.rub.de
Tue May 27 10:32:51 UTC 2025
Hi all,
I'm running into a puzzling issue with users' Windows profile not
syncing correctly. Here’s our setup:
*
Samba version 4.19.9-Debian-4.19.9+dfsg-1~mjt+deb12
*
One AD DC (Samba internal DNS)
*
Profile data located on a separate file server (member of the domain)
*
Clients are all Windows 11
*
We also run Linux clients, they all work fine
*
The share |\\usersfs\profiles\...|resolves correctly and is used by
all users successfully
All other users work fine. For the affected user:
*
She can login. I can see that in the logs and everything looks fine.
*
She works normally during the day (reads/writes files, Thunderbird
works, etc.).
*
On logout, *nothing is written back*to the file server. All
timestamps on the file server are old.
*
Windows event log shows no errors or warnings.
*
Logging out and back in still loads the old state.
We've verified:
*
Permissions on the profile directory on the file server
*
No event viewer messages during logout
*
Her authentication in the logs look fine
*
A new test user works fine, profile is created and synced normally
We also see this related issue:
*
Two other users report that files they delete from their profile
reappear after logout/login
*
Their profile directories on the file server *do*get new timestamps
at logout
I am trying to figure out how to further diagnose the root cause. I am
admittedly a bit inexperienced with samba/Windows. What places do I need
to check to find the cause of that issue?
Thanks a lot!
Simon
Here is our smb.conf from the dc:
------------------------------------------------------------------
# Global parameters
[global]
netbios name = DC1
realm = HOME.DOMAIN.DE
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = HOME
idmap_ldb:use rfc2307 = yes
log level = 1 auth_audit:5
ntp signd socket directory = /var/lib/samba/ntp_signd
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/home.domain.de/scripts
read only = No
------------------------------------------------------------------
And the smb.conf from the fileserver:
------------------------------------------------------------------
[global]
log file = /var/log/samba/%m.log
log level = 5
max log size = 50
realm = HOME.DOMAIN.DE
security = ADS
server role = member server
winbind cache time = 10
winbind enum groups = Yes
winbind enum users = Yes
winbind expand groups = 1
winbind nss info = rfc2307
winbind offline logon = Yes
winbind refresh tickets = Yes
winbind use default domain = Yes
workgroup = HOME
idmap config * : backend = tdb
idmap config * : range = 1000-1999
idmap config home : backend = ad
idmap config home : schema_mode = rfc2307
idmap config home : range = 10000-999999
idmap config home : unix_nss_info = yes
idmap config home : unix_primary_group = yes
map acl inherit = Yes
vfs objects = acl_xattr shadow_copy2
min domain uid = 0
kerberos method = secrets and keytab
##### Shares #####
[users]
path = /tank/homes/
read only no
writable = yes
[profiles]
browseable = No
comment = User profiles
csc policy = disable
path = /tank/profiles/
read only = No
------------------------------------------------------------------
More information about the samba
mailing list