samba - Oct 2003 - [Samba} Can't do roaming profiles (Solved)

Through much help from a guy in my local LUG I found the solution to 
making roaming profiles work on Win2000 (SP4).

1) You should have SP4 installed.
2) Two registry changes are needed:

    Use regedit and change the following two dword attributes to 0

    "requiresignorseal"
    "signsecurechannel"

3) Run the group policy editor "gpedit.msc" and enable the following 4
policies under:

  Computer Configuration->Administrative Templates->System->Logon

"Do not check for ownership of Roaming Profiles Folders"
"Add the Administrators security group to roaming users profiles"
"Wait for remote user profile"
"Delete cached copies of roaming profiles"

Create the Linux user. Create the Samba user.  Logon as the user on 
windows, it will fail, but create the users profile dir on the Samba 
PDC.  It will NOT create a full profile on the PDC, but will on the Win 
client.  Copy a "default" profile and all the associated directories
to
the users profile dir on the Samba PDC.  Reboot the Client to release 
the lock on the users local copy of ntuser.dat and login as 
administrator and delete the users local profile copy on the PC.  Log 
back in as the user and the remote profile will be copied down from the 
samba server to the client.  When logging out, the samba users profile 
will be updated to the PDC and then removed from the client PC.

This works for me I hope it does for everyone else...

Regards

Doug P

-----------------------------------------------------------------------
 >I need a little advice on finishing off a Samba PDC.  I have Samba 
 >3.0.0RC1 installed and working as a PDC on a Redhat AS 3.0 machine. 
It >authenticates users nicely but the "roaming" profiles don't
work.
 >Tailing the samba log, I see the an attempt to access the users 
 >ntuser.dat file, which doesn't exist before the first logon, when 
 >logging in. The profile directory (/home/profiles/<username> DOES get
 >created by samba when the user logs in.  When the user logs off, there 
 >is no reference, in the log that ntuser.dat is being written with the 
 >users updated profile.  In fact the ntuser.dat file is not created on 
 >the samba server.  If I "touch ntuser.dat" in the profile
directory on
 >the samba PDC, then log in on a Win2000 client PC, I get a message 
 >saying the ntuser.dat file is not the proper format, so I know the 
 >"profiles" share and "logon path" are correct.  But the
profile will
 >not update on the PDC.  My Win2000 is SP2, and I tried SP4 also.  I 
 >looked on the client PC and the profile is a "roaming" profile. 
Also
 >the "add user script" doesn't work, I have to add the users
by hand
 >(with the same script).  Here is my smb.conf file, any help is greatly 
 >appreciated...

 >Regards and thanks for a great program!

 >Doug P

---------------------------------------------------------------------
# Global parameters
[global]
         workgroup = TESTDOM
         server string = Samba Server
         update encrypted = Yes
         client lanman auth = No
         client plaintext auth = No
         log level = 4
         log file = /var/log/samba.log
         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
         add user script = /usr/sbin/useradd -d /dev/null -g machines -s 
/bin/false -M %u
         logon path = \\%L\profiles\%U
         logon drive = H:
         domain logons = Yes
         os level = 65
         preferred master = Yes
         domain master = Yes
         dns proxy = No
         ldap ssl = no
         preload = homes

[homes]
         comment = Home Directories
         path = /home/%S
         read only = No

[printers]
         comment = All Printers
         path = /var/spool/samba
         printable = Yes
         browseable = No

[software]
         path = /home/software
         read only = No

[netlogon]
         path = /home/scripts
         browseable = No

[profiles]
         path = /home/profiles
         read only = No
         writable = yes
         create mask = 0600
         directory mask = 0700
         profile acls = Yes
         browseable = No


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Hi,
 
I hope this isn't a sign of things to come when upgrading to Samba 3.  Using
2.2.7, I simply omit;
 
logon path
 
where you have
 
logon path = \\%L\profiles\%U
 
Before I omitted the logon path flag, I also couldn't get roaming profiles
to work.  The default is what ever is defined in /etc/passwd to be your home dir
location.
 
Would you mind trying this with a clean 2K box and my omission to see if it
works?  I don't like doing custom client configs due to complexities in
large scale client rollouts.  Cloning is cool but isn't always applicable.
 
-aurf



---------------------------------
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search