samba - Mar 2004 - Roaming Profiles with WinXP and Samba PDC

Hello,

After a great deal of tweaking, I finally got the Samba server
working, so that it would accept domain logins. However, the problem I
now have regards roaming profiles, which refuse to function. After
successfully authenticating the user, the following 2 messages appear:

Message 1:
----------
Windows cannot locate the server copy of your roaming profile and is
attempting to log you on with your local profile. Changes to the
profile will not be copied to the server when you logoff. Possible
causes of this error include network problems or insufficient security
rights. If this problem persists, contact your network administrator.

DETAIL - The network path was not found. 


Message 2:
----------
Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when
you log off.


I have included the smb.conf below for reference, in case there is a
mistake there. I have already applied the "sign or seal" registry
patch and have changed the following setting in gpedit:

"Do not check for user ownership of roaming profiles folders"
[Enabled]

The server is running Mandrake 9.2 (kernel version 2.4.22-10) and Samba 2.2.8.


smb.conf
--------

# /etc/samba/smb.conf
# samba configuration file
# last updated 23/03/04 by KMM

[global]

        ;basic server settings
        workgroup = home
        netbios name = host
        server string = Samba PDC running %v
        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
SO_RCVBUF=8192

        ;PDC and master browser settings
        os level = 64
        preferred master = yes
        local master = yes
        domain master = yes

        ;security and logging settings
        security = user
        encrypt passwords = yes
        domain logons = yes
        log file = /var/log/samba/log.%m
        log level = 2
        max log size = 50
        hosts allow = 127.0.0.1 192.168.0.0/255.255.255.0

        ;user profiles and home directory
        logon home = \\%L\%U\
        logon drive = H:
        logon path = \\L%\profiles\%U
        logon script = netlogon.bat
        add user script = /usr/sbin/useradd -d /dev/null -g machines
-s /bin/false -M %u

        ;sync UNIX passwords
        unix password sync = yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *New*UNIX*password* %n\n
*Retype*new*UNIX*password* %n\n *Enter*new*UNIX*password* %n\n
*Retype*new*UNIX*password* %n\n *passwd:
*all*authentication*tokens*updated*successfully*

#---Shares---

[homes]

        comment = Home Directories
        browseable = no
        writeable = yes

[profiles]

        path = /home/samba/profiles
        writeable = yes
        browseable = no
        create mask = 0600
        directory mask = 0700
        nt acl support = yes
        profile acls = yes

[netlogon]
        path = /home/netlogon
        browseable = no
        write list = graham
        comment = Network Logon Service

Hi,

Am 25 Mar 2004 um 14:02 hat kgmm@kgmm.co.uk geschrieben:
> Message 1:
> ----------
> Windows cannot locate the server copy of your roaming profile and is
> Message 2:
> ----------
> Windows cannot find the local profile and is logging you on with a
Did you install the signorseal - regpatch on the XP-Boxes?

Here ist the content of my signseal.reg-file:

----------- start ------------

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Paramet
ers]
"requiresignorseal"=dword:00000000
"sealsecurechannel"=dword:00000000
"signsecurechannel"=dword:00000000

------------stop --------------

cheers
Uwe


mit freundlichen Grüßen

Uwe Bering

IT Services des LWV Hessen in Friedberg
c/o Johannes-Vatter-Schule
Homburger Str. 20
61169 Friedberg

fon 0 60 31 / 608 - 616
fax 0 60 31 / 608 - 705
mobil 01 77 / 82 85 108

On Thu, Mar 25, 2004 at 02:02:52PM +0000, kgmm@kgmm.co.uk
wrote:
> After a great deal of tweaking, I finally got the Samba server
> working, so that it would accept domain logins. However, the problem I
> now have regards roaming profiles, which refuse to function. After
> successfully authenticating the user, the following 2 messages appear:
> 
> Message 1:
> ----------
> Windows cannot locate the server copy of your roaming profile and is
> attempting to log you on with your local profile. Changes to the
> profile will not be copied to the server when you logoff. Possible
> causes of this error include network problems or insufficient security
> rights. If this problem persists, contact your network administrator.
> 
> DETAIL - The network path was not found. 
The "network path" in this instance means the path for the remote
profile supplied by the PDC.  I see that your logon path is:
>         logon path = \\L%\profiles\%U
Have you tested access to that path, with substitutions for %L and
%U, with smbclient and by testing from the client computer?
> Message 2:
> ----------
> Windows cannot find the local profile and is logging you on with a
> temporary profile. Changes you make to this profile will be lost when
> you log off.
Sounds like the SID of the user after login isn't the same as the one
stored in the local profile.  Are these new users in the domain or
did you migrate them from somewhere?

Unless I'm mistaken this is just a typo:

        logon path = \\L%\profiles\%U

Surely 'L%' should be '%L'?

Would testparm pick this up? Probably not

Hope this helps

Alex Forrow