Douglas Phillipson
2003-Oct-09 22:46 UTC
[Samba] [Samba} Can't do roaming profiles (Solved)
Through much help from a guy in my local LUG I found the solution to making roaming profiles work on Win2000 (SP4). 1) You should have SP4 installed. 2) Two registry changes are needed: Use regedit and change the following two dword attributes to 0 "requiresignorseal" "signsecurechannel" 3) Run the group policy editor "gpedit.msc" and enable the following 4 policies under: Computer Configuration->Administrative Templates->System->Logon "Do not check for ownership of Roaming Profiles Folders" "Add the Administrators security group to roaming users profiles" "Wait for remote user profile" "Delete cached copies of roaming profiles" Create the Linux user. Create the Samba user. Logon as the user on windows, it will fail, but create the users profile dir on the Samba PDC. It will NOT create a full profile on the PDC, but will on the Win client. Copy a "default" profile and all the associated directories to the users profile dir on the Samba PDC. Reboot the Client to release the lock on the users local copy of ntuser.dat and login as administrator and delete the users local profile copy on the PC. Log back in as the user and the remote profile will be copied down from the samba server to the client. When logging out, the samba users profile will be updated to the PDC and then removed from the client PC. This works for me I hope it does for everyone else... Regards Doug P ----------------------------------------------------------------------- >I need a little advice on finishing off a Samba PDC. I have Samba >3.0.0RC1 installed and working as a PDC on a Redhat AS 3.0 machine. It >authenticates users nicely but the "roaming" profiles don't work. >Tailing the samba log, I see the an attempt to access the users >ntuser.dat file, which doesn't exist before the first logon, when >logging in. The profile directory (/home/profiles/<username> DOES get >created by samba when the user logs in. When the user logs off, there >is no reference, in the log that ntuser.dat is being written with the >users updated profile. In fact the ntuser.dat file is not created on >the samba server. If I "touch ntuser.dat" in the profile directory on >the samba PDC, then log in on a Win2000 client PC, I get a message >saying the ntuser.dat file is not the proper format, so I know the >"profiles" share and "logon path" are correct. But the profile will >not update on the PDC. My Win2000 is SP2, and I tried SP4 also. I >looked on the client PC and the profile is a "roaming" profile. Also >the "add user script" doesn't work, I have to add the users by hand >(with the same script). Here is my smb.conf file, any help is greatly >appreciated... >Regards and thanks for a great program! >Doug P --------------------------------------------------------------------- # Global parameters [global] workgroup = TESTDOM server string = Samba Server update encrypted = Yes client lanman auth = No client plaintext auth = No log level = 4 log file = /var/log/samba.log socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false -M %u logon path = \\%L\profiles\%U logon drive = H: domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No ldap ssl = no preload = homes [homes] comment = Home Directories path = /home/%S read only = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [software] path = /home/software read only = No [netlogon] path = /home/scripts browseable = No [profiles] path = /home/profiles read only = No writable = yes create mask = 0600 directory mask = 0700 profile acls = Yes browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Hi, I hope this isn't a sign of things to come when upgrading to Samba 3. Using 2.2.7, I simply omit; logon path where you have logon path = \\%L\profiles\%U Before I omitted the logon path flag, I also couldn't get roaming profiles to work. The default is what ever is defined in /etc/passwd to be your home dir location. Would you mind trying this with a clean 2K box and my omission to see if it works? I don't like doing custom client configs due to complexities in large scale client rollouts. Cloning is cool but isn't always applicable. -aurf --------------------------------- Do you Yahoo!? The New Yahoo! Shopping - with improved product search