CentOS - Jun 2017 - Domain Logout, then domain login again, profile corrupt -> replaced by TEMP profile

Hi

I have had this problem for a while, but waited to post this until I upgraded to
see whether the upgrade would fix it.
I upgraded samba to the 4.2.X stream from 3.6.X stream, but it happens on both,
3.6.X and 4.2.10.

Whenever someone logs out, then in again the profile gets corrupted and a new
TEMP profile is created (the dreadful "creating new desktop"). Now I
do not know where this problem is - the desktop or the server.
It also happens if you wait 1/2 hour or so, never tried it longer.

I can quickly fix this by:

 - tell the user to log out
 - rsync -avHAX the profile with yesterdays profile
 - tell the user to log in again

Now if I log out on my workstation, then on the server I do a "smb
reload", then log in again this problem does not happen.

This morning a person logged out of his workstation, went over to the bigscreen
in one of our training rooms and logged in there, then logged out, went over to
his machine but got the dreadful "preparing desktop" on login ....

Anybody got any idea?

thanks
Jobst

Here is some info: 
~~~~~~~~~~~~~~~~~~
All latest patches installed on everything.

OS server: CentOS 6.X
OS Workstations: Windows 7 Prof
Samba: 4.2.10 (was 3.6.23)
Other: roaming profiles (as we log into other stations, e.g. training rooms)

smb.conf (important bits):
[global]
  workgroup = LALA
  server string = Domain Server
  netbios name = LALAMACHINE
  username map = /etc/samba/smbusers
  interfaces = eth0, lo
  bind interfaces only = yes
  # these flags were recommended.
  socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=131072
SO_SNDBUF=131072

  # Logging, what, how much, etc
  log level = 1
  syslog = 0
  log file = /var/log/samba/samba.log
  max log size = 10000000

  # Auditing
  vfs objects = full_audit
  full_audit:prefix = %u|%I|%m|%S
  full_audit:failure = none
  full_audit:facility = LOCAL4
  full_audit:priority = NOTICE
  full_audit:success = none
  full_audit:failure = none

  idmap config *: backend       = tdb
  idmap config *: range         = 1000000-1999999
  idmap config LALA : default = Yes
  idmap config LALA : backend = <idmap backend>
  idmap config LALA : range   = 500-999999

  winbind use default domain = Yes
  winbind nested groups = Yes
  winbind normalize names = no
      
  # domain stuff
  logon script = user.cmd
  logon path = \\lalamachine\profiles\%u
  logon drive = Z:
  logon home = \\lalamachine\%u\samba-homeshare
  domain logons = Yes
  os level = 200
  domain master = Yes
  dns proxy = No
  wins support = Yes
  security = user
  encrypt passwords = Yes
  hosts allow = 192.168.0., 127.
  guest account = nobody
  usershare allow guests = No

  # printer setup
  load printers = Yes
  printing = cups
  printcap name = cups
  printcap = cups
  printcap cache time = 750
  cups options = raw
  read raw = yes
  write raw = yes
  oplocks = yes
  max xmit = 65535
  dead time = 15
  getwd cache = yes

  # Samba implements the CIFS UNIX
  unix extensions = no

[netlogon]
  comment = Network Logon Service
  path = /samba/NetLogon
  browseable = Yes
  guest ok = yes
  admin users = root
  full_audit:success = none
  full_audit:failure = none
  # this is required for log files to be written to
  read only = No
  write list = @lalausers, @lalaadmins

[profiles]
  comment = Roaming Profile Share
  path = /samba/Profiles/
  read only = No
  create mask = 0600
  directory mask = 0700
  browseable = yes
  # you MUST disable caching on shares that have roaming profiles stored
  csc policy = disable
  guest ok = no
  valid users = @lalausers, @lalaadmins
  admin users = root
  store dos attributes = yes
  profile acls = yes
  full_audit:success = none
  full_audit:failure = none
                              

-- 
Keyboard not found - please clean up desktop!

  | |0| |   Jobst Schmalenbach, jobst at barrett.com.au, General Manager
  | | |0|   Barrett Consulting Group P/L & The Meditation Room P/L
  |0|0|0|   +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia

I am sorry, wrong list.
Jobst


On Wed, Jun 07, 2017 at 04:13:30PM +1000, Jobst Schmalenbach (jobst at
barrett.com.au) wrote:
> Hi
> 
> I have had this problem for a while, but waited to post this until I
upgraded to see whether the upgrade would fix it.
> I upgraded samba to the 4.2.X stream from 3.6.X stream, but it happens on
both, 3.6.X and 4.2.10.
> 
> Whenever someone logs out, then in again the profile gets corrupted and a
new TEMP profile is created (the dreadful "creating new desktop"). Now
I do not know where this problem is - the desktop or the server.
> It also happens if you wait 1/2 hour or so, never tried it longer.
> 
> I can quickly fix this by:
> 
>  - tell the user to log out
>  - rsync -avHAX the profile with yesterdays profile
>  - tell the user to log in again
> 
> Now if I log out on my workstation, then on the server I do a "smb
reload", then log in again this problem does not happen.
> 
> This morning a person logged out of his workstation, went over to the
bigscreen in one of our training rooms and logged in there, then logged out,
went over to his machine but got the dreadful "preparing desktop" on
login ....
> 
> Anybody got any idea?
> 
> thanks
> Jobst
> 
> Here is some info: 
> ~~~~~~~~~~~~~~~~~~
> All latest patches installed on everything.
> 
> OS server: CentOS 6.X
> OS Workstations: Windows 7 Prof
> Samba: 4.2.10 (was 3.6.23)
> Other: roaming profiles (as we log into other stations, e.g. training
rooms)
> 
> smb.conf (important bits):
> [global]
>   workgroup = LALA
>   server string = Domain Server
>   netbios name = LALAMACHINE
>   username map = /etc/samba/smbusers
>   interfaces = eth0, lo
>   bind interfaces only = yes
>   # these flags were recommended.
>   socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=131072
SO_SNDBUF=131072
> 
>   # Logging, what, how much, etc
>   log level = 1
>   syslog = 0
>   log file = /var/log/samba/samba.log
>   max log size = 10000000
> 
>   # Auditing
>   vfs objects = full_audit
>   full_audit:prefix = %u|%I|%m|%S
>   full_audit:failure = none
>   full_audit:facility = LOCAL4
>   full_audit:priority = NOTICE
>   full_audit:success = none
>   full_audit:failure = none
> 
>   idmap config *: backend       = tdb
>   idmap config *: range         = 1000000-1999999
>   idmap config LALA : default = Yes
>   idmap config LALA : backend = <idmap backend>
>   idmap config LALA : range   = 500-999999
> 
>   winbind use default domain = Yes
>   winbind nested groups = Yes
>   winbind normalize names = no
>       
>   # domain stuff
>   logon script = user.cmd
>   logon path = \\lalamachine\profiles\%u
>   logon drive = Z:
>   logon home = \\lalamachine\%u\samba-homeshare
>   domain logons = Yes
>   os level = 200
>   domain master = Yes
>   dns proxy = No
>   wins support = Yes
>   security = user
>   encrypt passwords = Yes
>   hosts allow = 192.168.0., 127.
>   guest account = nobody
>   usershare allow guests = No
> 
>   # printer setup
>   load printers = Yes
>   printing = cups
>   printcap name = cups
>   printcap = cups
>   printcap cache time = 750
>   cups options = raw
>   read raw = yes
>   write raw = yes
>   oplocks = yes
>   max xmit = 65535
>   dead time = 15
>   getwd cache = yes
> 
>   # Samba implements the CIFS UNIX
>   unix extensions = no
> 
> [netlogon]
>   comment = Network Logon Service
>   path = /samba/NetLogon
>   browseable = Yes
>   guest ok = yes
>   admin users = root
>   full_audit:success = none
>   full_audit:failure = none
>   # this is required for log files to be written to
>   read only = No
>   write list = @lalausers, @lalaadmins
> 
> [profiles]
>   comment = Roaming Profile Share
>   path = /samba/Profiles/
>   read only = No
>   create mask = 0600
>   directory mask = 0700
>   browseable = yes
>   # you MUST disable caching on shares that have roaming profiles stored
>   csc policy = disable
>   guest ok = no
>   valid users = @lalausers, @lalaadmins
>   admin users = root
>   store dos attributes = yes
>   profile acls = yes
>   full_audit:success = none
>   full_audit:failure = none
>                               
> 
> -- 
> Keyboard not found - please clean up desktop!
> 
>   | |0| |   Jobst Schmalenbach, jobst at barrett.com.au, General Manager
>   | | |0|   Barrett Consulting Group P/L & The Meditation Room P/L
>   |0|0|0|   +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
-- 
This message represents the official view of the voices in my head!

  | |0| |   Jobst Schmalenbach, jobst at barrett.com.au, General Manager
  | | |0|   Barrett Consulting Group P/L & The Meditation Room P/L
  |0|0|0|   +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia