samba - Feb 2022 - Windows User Profile corruption on a member server

Hi!

This is a second but very bad issue we had after converting our
NT4-style domain to AD.

A small background: an AD DC server from classicupgrade, running
as domain controller. And a separate file server, joined to the
domain with fresh settings (nothing in /var/lib/samba/ etc).

At the time of testing we had mixed users - since historically
all our users were both local users and "samba users", we kept
local users in parallel with the AD users, keeping the same uids.
I *think* this should not matter in this context, but I'd mention
this just in case.

The problem is that once we joined the fileserver (actually it
was our old main server but we removed all samba data from it
before joining it to the domain) into AD, we started seeing
user profile corruptions - some files changed contents in
various ways when syncronising profile. I can't say if the
prob is specific to user profiles or general, so far we only
faced it with profiles only.

It doesn't happen on every login/logout, - one may perform
5-10 logins/logouts (with profile copying from/to server),
and everything will be normal (seemingly). And the next time
some files appear corrupt.

For some reason the most often corrupt file was one or two
files presenting applications pinned to the taskbar, - again,
I've no idea why this place specially, maybe it was just
because it's easy to see. For example, "windows explorer"
pinned to the user taskbar is a .lnk file in this location
in the profile:

AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User
Pinned\TaskBar\File Explorer.lnk

Usually it is a normal shortcut, but it becomes something
else entirely. An example of this file is attached to
this email (in .zip archive), - it is some binary file
83 bytes long. The archive contains both the original
file as it was and the corrupt file after profile
corruption (in good/ and bad/ subdirs).

We've seen other cases of corruption too, - for example
Thunderbird calendar database - which is also resides in
the user profile and is syncronized on logon/logoff.

The interesting thing is that this corruption has become
frequent only after converting this server from the single
NT4-style domain server to an AD member server (without
any old samba data on it). Before conversion to AD there
was no single case of file corruption observed in more
than 10 years.

I joined another freshly installed test server to the
same domain and configured a test user in the AD so that
his user profile is on this server. And starting with a
freshly created profile, after a few logins/logouts, I
see the same corruption again.

There's nothing related in the event log on windows as
far as I can see, and there are no errors on the samba
side too.

It *seems* like the corruption happens when copying the
profile from samba to windows, but I'm not 100% sure.
I *think* I've seen the case where this "File Explorer"
file was bad in the local copy but at the same time was
ok on server  (and become bad on server too after logout).

I plan to debug this further because it is a really serious
case and it is the first time in many years I see file
corruption on samba.  For now, due to this very issue,
I had to restore our NT4-style server to its original
pre-AD style (and profile corruption immediately stopped).

Thinking about the "duplicate users" thing again, - there
*should* be no difference here as long as windows accepts
this user profile as belonging to the right user, right?

Any hints about how to debug this further are greatly
apprecated.

Thanks!

/mjt

12.02.2022 13:16, Michael Tokarev via samba wrote:
..

I did some experiments here with user profiles. And it turned out
the prob is quite severe. Lots of files, when copied from the samba
server to windows10 machine, gets truncated. Small files can be truncated
by a few bytes, larger files loses some blocks (the resulting size is usually
dividable by 20480). Out of 104 total files in a freshly created win10
user profile, 40 gets corrupt. This is a huge number, this is 40% corruption
ratio, it is not some random very rare event.

And this is independent on the user presence in /etc/passwd - the same
(similar, since it is different each time) corruption happens if the user
in question exists as local linux user or not.

There are no errors reported on either side.

With this corruption samba is definitely not usable as a file server, at all.

Any idea where to go from here?

(samba is 4.13.13+dfsg-1~deb11u2, current on debian bullseye system).

Thanks,

/mjt