samba - Nov 2012 - issues with Windows 7 roaming profiles

Hello,

I have a centOS 5.5 box acting as as a PDC with samba 3.4.9 and openldap 2.4.22.
Then I joined the domain with a centOS box (samba 3.4.17) which hosts the homes
and profiles.
I have no problem with XP clients.

I can join a windows 7 client to my domain but it is unable to load the profile
when logging in.
See below a level 2 log.smdb from the file server when I log in with a domain
account.

Is the "unable to create profs/lacoste.V2" the culprit ?
What do I have to do to make it work ?

Best regards,
Thierry Lacoste.

[2012/11/09 13:17:40,  2] smbd/sesssetup.c:1360(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old
resources.
[2012/11/09 13:17:40,  2] smbd/sesssetup.c:1360(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old
resources.
[2012/11/09 13:17:40,  2] libsmb/namequery.c:781(name_query)
  Got a positive name query response from 194.214.12.135 ( 194.214.12.135 )
[2012/11/09 13:17:40,  2] auth/auth.c:310(check_ntlm_password)
  check_ntlm_password:  authentication for user [lacoste] -> [lacoste] ->
[lacoste] succeeded
[2012/11/09 13:17:40,  2] lib/module.c:64(do_smb_load_module)
  Module '/usr/lib/samba/vfs/fake_perms.so' loaded
[2012/11/09 13:17:40,  1] smbd/service.c:1063(make_connection_snum)
  test-win7 (::ffff:194.214.12.186) connect to service Profiles initially as
user lacoste (uid=5001, gid=4000) (pid 27369)
[2012/11/09 13:17:40,  2] smbd/open.c:2415(open_directory)
  open_directory: unable to create profs/lacoste.V2. Error was
NT_STATUS_ACCESS_DENIED
[2012/11/09 13:17:41,  1] smbd/service.c:1063(make_connection_snum)
  test-win7 (::ffff:194.214.12.186) connect to service lacoste initially as user
lacoste (uid=5001, gid=4000) (pid 27369)
[2012/11/09 13:17:50,  1] smbd/service.c:1240(close_cnum)
  test-win7 (::ffff:194.214.12.186) closed connection to service Profiles

I made some modifications but still cannot use my Windows7 with a domain
account.

On 10 nov. 2012, at 12:27, Thierry Lacoste wrote:
> Hello,
> 
> I have a centOS 5.5 box acting as as a PDC with samba 3.4.9 and openldap
2.4.22.
> Then I joined the domain with a centOS box (samba 3.4.17) which hosts the
homes and profiles.
> I have no problem with XP clients.
> 
> I can join a windows 7 client to my domain but it is unable to load the
profile when logging in.
> See below a level 2 log.smdb from the file server when I log in with a
domain account.
> 
> Is the "unable to create profs/lacoste.V2" the culprit ?
I created a directory profs/lacoste.V2 and put an NTUSER.DAT
(build for a local user added to the windows 7 box) in it.
This box still won't let me in; it closes the session during the course of
opening the session.

Here are my settings.

- smb.conf on the PDC :

[global]
  workgroup = MIAGE
  netbios name = VCOS-CASTOR
  netbios aliases = ALDAP3

  passdb backend = ldapsam:ldap://localhost

  add machine script = /usr/sbin/smbldap-useradd -w '%u'

  loglevel = 2

  domain logons = Yes
  preferred master = Yes
  domain master = Yes
  wins support = Yes

  ldap suffix = o=miage
  ldap machine suffix = ou=Computers,ou=Accounts
  ldap user suffix = ou=Users,ou=Accounts
  ldap group suffix = ou=Groups
  ldap admin dn = cn=sambamgr,ou=Managers,o=miage
  ldap passwd sync = yes

  enable privileges = yes

  ssl = Off

[netlogon]
  comment = Network Logon Service
  path = /samba/netlogon
  admin users = root
  guest ok = Yes
  browseable = No

[public]
  path = /samba/public
  guest ok = Yes


- smb.conf on my file server :
[global]
workgroup = MIAGE
netbios name = VCOS-CAPELLA
security = DOMAIN
name resolve order = wins bcast
wins server = 194.214.12.135 # IP of my PDC
netbios aliases = AHOMES APROFILES
server string = %L
password server = ALDAP3

log level = 2

[homes]
  comment = Home Directories
  valid users = %S
  read only = No
  browseable = No

[Profiles]
  comment = Roaming Profile Share
  path = /export/profiles
  read only = No
  profile acls = Yes
  vfs object = fake_perms


- level 2 log.smdb from the file server :

[2012/11/12 12:47:30,  2] smbd/sesssetup.c:1360(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old
resources.
[2012/11/12 12:47:30,  2] smbd/sesssetup.c:1360(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old
resources.
[2012/11/12 12:47:30,  2] auth/auth.c:310(check_ntlm_password)
  check_ntlm_password:  authentication for user [lacoste] -> [lacoste] ->
[lacoste] succeeded
[2012/11/12 12:47:30,  2] lib/module.c:64(do_smb_load_module)
  Module '/usr/lib/samba/vfs/fake_perms.so' loaded
[2012/11/12 12:47:30,  1] smbd/service.c:1063(make_connection_snum)
  test-win7 (::ffff:194.214.12.168) connect to service Profiles initially as
user lacoste (uid=5001, gid=4000) (pid 8617)
[2012/11/12 12:47:30,  1] smbd/service.c:1063(make_connection_snum)
  test-win7 (::ffff:194.214.12.168) connect to service lacoste initially as user
lacoste (uid=5001, gid=4000) (pid 8617)
[2012/11/12 12:47:41,  1] smbd/service.c:1240(close_cnum)
  test-win7 (::ffff:194.214.12.168) closed connection to service Profiles
[2012/11/12 12:47:41,  1] smbd/service.c:1240(close_cnum)
  test-win7 (::ffff:194.214.12.168) closed connection to service lacoste

Best regards,
Thierry Lacoste.