Dear Mark,
It looks like you are trying to do the same as I did. Did you read the
thread I had some days ago with subject "How to copy roaming profiles to
new server ? ("Group policy client service failed. The logon access is
denied")" ?
This could help you.
Other suggestions :
Not sure if [profiles.V2] is still required but maybe you should try to
add it ?
We also only had /data/shares/profiles as "path" on old server, but on
the new one we have this :
path = /data/shares/profiles/%u.V2
As I am not expert at all I hope this will not create more problems than
solutions, but maybe you will find a hint among these points ;-)
And this may also help you :
http://www.ber10thal.com/blog/samba-domain-migration-to-a-new-machine/
Denis
Le 15.12.2014 22:38, Mark Nienberg a ?crit :
> I'm configuring a new samba 4.1 server with NT4 style domain. I've
copied
> most of the configuration from our working 3.6 server, making some changes
> as needed for the newer samba version. So far, I have been unable to get
> roaming profiles to work. It seems like the users cannot write in the
> profiles directory, but I don't see why not.
>
> Here is the relevant part of smb.cond
>
> [global]
>
> netbios name = gecko
> workgroup = MSD
> server string = FileServer
> hosts allow = 127. 10.0.0.
>
> max protocol = SMB2
>
> allow insecure wide links = yes
>
> log file = /var/log/samba/log.%m
> max log size = 50
>
> security = user
> passdb backend = tdbsam
> domain master = yes
> domain logons = yes
>
> logon script = startup.vbs
> logon path = \%Lprofiles%U
>
> local master = yes
> os level = 65
> preferred master = yes
> wins support = yes
>
> map archive = no
> map hidden = no
> map read only = no
> map system = no
> store dos attributes = yes
> acl allow execute always = True
>
> [homes]
> comment = Home Directories
> path = /mnt/share/homes/%u
> browseable = no
> writable = yes
> valid users = %S
> oplocks = No
> level2 oplocks = No
>
> [netlogon]
> comment = Network Logon Service
> path = /mnt/share/netlogon
> browseable = no
> writable = no
> write list = +ntadmins
> wide links = yes
>
> [profiles]
> comment = Roaming Profiles
> path = /mnt/share/ntprofiles
> admin users = +ntadmins
> writable = yes
> profile acls = yes
> csc policy = disable
>
> And here is the directory structure:
>
> [root at geckovm share]# ls -la /mnt/share/
>
> drwxr-xr-x 11 root root 4096 Dec 15 12:24 homes
> drwxrwxrwx 2 root Everyone 4096 Nov 24 18:00 netlogon
> drwxrwxr-x 4 root Everyone 4096 Dec 15 12:24 ntprofiles
>
> We do all of our administration from the linux side, so I refered to the
> section for
> "Profile Shares using POSIX ACLS" in this wiki article.
>
> https://wiki.samba.org/index.php/Samba_%26_Windows_Profiles [1]
>
> Thanks for any suggestions on how to proceed,
>
> Mark
>
> --
> Please update your records with my new email address.
Links:
------
[1] https://wiki.samba.org/index.php/Samba_%26_Windows_Profiles