Hello,
I have installed since 6 months a PDC with samba and there is an endless
problem : the roaming profile synchronisation !!!
THE problem : Sometimes after the logout of a client, the roaming profile
is not synchronised on server. So when client connect on another clients, it
seems that some data have been loosed... After there is no later
synchronisation... So mails in profile are often lost!
( This is not a problem with time : The time is synchro with the netlogon
script so clients and server have same time.... )
My configuration :
server :
---------
- linux 2.4.18 with XFS filesystems
- Server samba 2.2.5
client :
-------
Windows 2000 workstation
Service Pack 3
My smb.conf : (some options are in this file for tests as "oplocks")
----------------
[global]
workgroup = TERA
netbios name = TERASERV
server string = Tera PDC
encrypt passwords = Yes
domain admin group = root linagora @admin @S_tera @S_omsyc @S_rom
add user script = /usr/sbin/useradd -n -g machines -c Machine -d /dev/null -s
/bin/false %m$
logon path = \\%N\profiles\%U
logon script = scripts\logon.bat
domain logons = Yes
domain master = Yes
preferred master = Yes
local master = yes
os level = 65
nt acl support = Yes
veto files = /Icon/.AppleDouble/.AppleDesktop/Network Trash
Folder/TheVolumeSettingsFolder/
log level = 5
security =user
log file = /var/log/%m.samba.log
time server = yes
[netlogon]
path = /opt/samba/netlogon
browseable = No
read only = No
[profiles]
csc policy = disable
path = /server/profiles
browseable = no
read only = no
create mask = 0700
directory mask = 0700
nt acl support = No
# preexec=/opt/samba/bin/preexec.sh %U
[homes]
read only = No
create mask = 0640
directory mask = 0750
browseable = Yes
best regards
----------------------------------
Laurent Mallet
mallet@linagora.com
----------------------------------
Hi,
I don't know if it is relative to your problem but I also use Samba 2.2.5
as a PDC for Nt4 clients and servers except I configured os level as 64 and
not 65.
You will find two articles on http://networking.earthweb.com/netos with a
very good explanation on how to configure Samba as a PDC.
vincent
----- Original Message -----
From: "Laurent Mallet" <mallet@linagora.com>
To: <samba@lists.samba.org>
Sent: Wednesday, August 28, 2002 12:14 PM
Subject: [Samba] Roaming profile problems
Hello,
I have installed since 6 months a PDC with samba and there is an endless
problem : the roaming profile synchronisation !!!
THE problem : Sometimes after the logout of a client, the roaming profile
is not synchronised on server. So when client connect on another clients, it
seems that some data have been loosed... After there is no later
synchronisation... So mails in profile are often lost!
( This is not a problem with time : The time is synchro with the netlogon
script so clients and server have same time.... )
My configuration :
server :
---------
- linux 2.4.18 with XFS filesystems
- Server samba 2.2.5
client :
-------
Windows 2000 workstation
Service Pack 3
My smb.conf : (some options are in this file for tests as "oplocks")
----------------
[global]
workgroup = TERA
netbios name = TERASERV
server string = Tera PDC
encrypt passwords = Yes
domain admin group = root linagora @admin @S_tera @S_omsyc @S_rom
add user script = /usr/sbin/useradd -n -g machines -c Machine -d
/dev/null -s
/bin/false %m$
logon path = \\%N\profiles\%U
logon script = scripts\logon.bat
domain logons = Yes
domain master = Yes
preferred master = Yes
local master = yes
os level = 65
nt acl support = Yes
veto files = /Icon/.AppleDouble/.AppleDesktop/Network Trash
Folder/TheVolumeSettingsFolder/
log level = 5
security =user
log file = /var/log/%m.samba.log
time server = yes
[netlogon]
path = /opt/samba/netlogon
browseable = No
read only = No
[profiles]
csc policy = disable
path = /server/profiles
browseable = no
read only = no
create mask = 0700
directory mask = 0700
nt acl support = No
# preexec=/opt/samba/bin/preexec.sh %U
[homes]
read only = No
create mask = 0640
directory mask = 0750
browseable = Yes
best regards
----------------------------------
Laurent Mallet
mallet@linagora.com
----------------------------------
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Hi Laurent. (a little late, had domain auth probs) Sorry to say no solution for you, you seem to have tried all I would have suggested. I am interested in seeing if you solve this, please let me know how it goes. One thing I noticed, is my machine was creating under c:\Documents and Settings\ numerous user.admin.000, user.admin.001, and so on. Is this happening to you too? The way I fixed it was, as you've already done, to set nt acl = no, but I did it in the global share, mainly because I don't fully understand what nt acl support is! Let me know how it goes. Chow, Trevor. ========================Stussy said:"Knowledge is King! ========================----- Original Message ----- From: "Laurent Mallet" <mallet@linagora.com> To: <samba@lists.samba.org> Sent: Wednesday, August 28, 2002 12:14 PM Subject: [Samba] Roaming profile problems> Hello, > > I have installed since 6 months a PDC with samba and there is an endless > problem : the roaming profile synchronisation !!! > > THE problem : Sometimes after the logout of a client, the roaming profile > is not synchronised on server. So when client connect on another clients,it> seems that some data have been loosed... After there is no later > synchronisation... So mails in profile are often lost! > > ( This is not a problem with time : The time is synchro with the netlogon > script so clients and server have same time.... ) > > > My configuration : > server : > --------- > - linux 2.4.18 with XFS filesystems > - Server samba 2.2.5 > > client : > ------- > Windows 2000 workstation > Service Pack 3 > > My smb.conf : (some options are in this file for tests as "oplocks") > ---------------- > [global] > workgroup = TERA > netbios name = TERASERV > server string = Tera PDC > encrypt passwords = Yes > domain admin group = root linagora @admin @S_tera @S_omsyc @S_rom > add user script = /usr/sbin/useradd -n -g machines -c Machine -d/dev/null -s> /bin/false %m$ > logon path = \\%N\profiles\%U > logon script = scripts\logon.bat > domain logons = Yes > domain master = Yes > preferred master = Yes > local master = yes > os level = 65 > nt acl support = Yes > veto files = /Icon/.AppleDouble/.AppleDesktop/Network Trash > Folder/TheVolumeSettingsFolder/ > log level = 5 > security =user > log file = /var/log/%m.samba.log > time server = yes > > [netlogon] > path = /opt/samba/netlogon > browseable = No > read only = No > > [profiles] > csc policy = disable > path = /server/profiles > browseable = no > read only = no > create mask = 0700 > directory mask = 0700 > nt acl support = No > # preexec=/opt/samba/bin/preexec.sh %U > > [homes] > read only = No > create mask = 0640 > directory mask = 0750 > browseable = Yes > > > best regards > ---------------------------------- > Laurent Mallet > mallet@linagora.com > ---------------------------------- > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba
We're putting together a setup using Samba 2.2.0 on Linux, SECURITY=DOMAIN, with authentication done by a Windows 2000 server. Everything works fine, except for Roaming Profiles. We're trying to store them on the Samba server where the users' home directory is. (Right now they're stored in the users' home directory on the NT/2k server.) I read the mention that I shouldn't use the HOMES share for storing profiles, so I set up a separate share, and the Windows administrator has pointed his logon path to it, along the lines of "\\lnxecssp\profiles\username.pds" but the user gets "Access Denied" on each file it tries to copy when it goes to download the profile. The administrator has tried deleting each of the "problem" files, but the error just moves to the next. All of the doc I can find on this talks about storing the profiles on a Samba server when it's a PDC. I don't recall anything special required for this when using a Windows PDC, other than one mention that the profiles share has to be browseable. We're trying that shortly. I also see a lot of mentions of the NETLOGON share, and "NET USE \HOME", but they're doing this differently here. Is this really required? Can anyone point me at some doc that I might have missed, or does anyone have any idea how to fix this? Thanks much.
Hello:
I am running RedHat 7.3 with Samba 2.2.3a. My clients are Windows
2kSP2. I am having problems where profiles seem to be getting corrupted.
I continually get errors for random users that say something to
the effect of, "Windows can't copy file-x, path not found". I
have
verified that the file is in the profile on the Samba server. This
results in the user having a temporary default profile loaded for
them.
Also, shortcuts in the profile being copied down and become invalid
so I have to continually go and fix them.
If this can't be fixed how can I disable Roaming Profiles? I tried
to take out the settings that I thought should be removed but I kept
getting similar file copy problems. If I remove Roaming Profiles
do I have to build the user accounts on the local machine as well
as the server?
My SMB.conf
[global]
;basic server settings
workgroup = CRHDOM
netbios name = CRHPDC
server string = Cushing PDC
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
;PDC and master browser settings
os level = 64
preferred master = yes
local master = yes
domain master = yes
;Security and Logging Settings
security = user
encrypt passwords = yes
domain logons = yes
log file = /var/log/samba/log.%m
log level = 2
max log size = 50
hosts allow = 127.0.0.1 172.29.56.0/255.255.252.0
;User profiles and home directory
logon home = \\%L\%U\.profile
logon drive = Q:
logon path = \\%L\profiles\%U
logon script = %U.bat
add user script = /usr/sbin/useradd -d /dev/null -g smbmachines -
s /bin/false -M
%u
domain admin group = @smbadmins
;Password Syncronization
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *Retype*new*Unix*password*
%n\n *Enter*ne
w*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *passwd: *all*authenticati
on*tokens*updated*successfully*
#==Shares=
[homes]
comment = Home Directories
browseable = no
browseable = no
writable = yes
admin users = @smbadmins
[profiles]
path = /home/samba/profiles
browseable = no
read only = no
create mask = 0600
directory mask = 0700
admin users = @smbadmins
[netlogon]
browseable = no
path = /home/netlogon
read only = yes
write list = bob bmyers acline
admin users = acline bob bmyers
[etime]
path = /home/samba/etime
browseable = no
read only = yes
create mask = 0660
directory mask = 0770
write list = @etime @smbadmins
admin users = acline bob bmyers
[financials]
path = /home/samba/financials
create mask = 0660
directory mask = 0770
browseable = no
read only = yes
write list = @financials @smbadmins
admin users = acline bob bmyers
[123work]
path = /home/samba/lotus
create mask = 0660
directory mask = 0770
browseable = no
read only = yes
write list = @lotus @smbadmins
admin users = @smbadmins
Thank you.
Aaron Cline
===================================================================EASY and FREE
access to your email anywhere: http://kralweb.com/mail
===================================================================Need cheap
webhosting? Visit: http://genialt.no
====================================================================
RE: [SAMBA] Roaming Profile Problems
Thanks for the info Holger. I only want to disable them a...
resort though. I pulled the following from the log of one...
users who had the profile problem
[2002/10/30 08:29:25, 2] lib/access.c:check_access(319)
Allowed connection from (172.29.57.97)
[2002/10/30 08:29:25, 2] lib/access.c:check_access(319)
Allowed connection from (172.29.57.97)
[2002/10/30 08:29:50, 2] lib/access.c:check_access(319)
Allowed connection from (172.29.57.97)
[2002/10/30 08:29:56, 2] lib/access.c:check_access(319)
Allowed connection from (172.29.57.97)
[2002/10/30 08:29:56, 1] smbd/service.c:make_connection(615)
bo-15 (172.29.57.97) connect to service netlogon as user vberry
(uid=507, gid=507) (pid 22174)
[2002/10/30 08:29:57, 2] lib/access.c:check_access(319)
Allowed connection from (172.29.57.97)
[2002/10/30 08:29:57, 1] smbd/service.c:make_connection(615)
bo-15 (172.29.57.97) connect to service profiles as user vberry
(uid=507, gid=507) (pid 22174)
[2002/10/30 08:29:57, 2] lib/access.c:check_access(319)
Allowed connection from (172.29.57.97)
[2002/10/30 08:29:57, 2] smbd/service.c:make_connection(328)
Invalid username/password for profiles [nobody]
[2002/10/30 08:29:57, 2] lib/access.c:check_access(319)
Allowed connection from (172.29.57.97)
[2002/10/30 08:29:57, 2] smbd/service.c:make_connection(328)
Invalid username/password for profiles [nobody]
[2002/10/30 08:29:57, 2] lib/access.c:check_access(319)
Allowed connection from (172.29.57.97)
[2002/10/30 08:29:57, 2] smbd/service.c:make_connection(328)
Are the lines where it says Invalid username/password for profiles
[nobody] normal? It goes on to do that about 20 more times.
Thanks.
Aaron Cline
>> >> At Wednesday, 30 October 2002, you wrote:
>> >>
>> >> >Aaron Cline schrieb:
>> >> >
>> >> >I don't know if your problem can be fixed on the samba
server,
>> but you
>> >> >can easly change a roaming profile to a local profile in
Control
>> >> >Panel/System/User Profiles.
>> >> >The profile on the server remains, but no updates are
done.
>> >> >
>> >> >> If this can't be fixed how can I disable Roaming
Profiles?
>> I tried
>> >> >> to take out the settings that I thought should be
removed but
>> I kept
>> >> >> getting similar file copy problems. If I remove
Roaming
Profiles >> >> >> do I have to build the user accounts on the local
machine
as well >> >> >> as the server?
>> >> >
>> >>
>> >>
>> >>
>> >> Aaron Cline
>> >>
>> >>
>> >>
>> >>
>> >>
===================================================================>>
>> EASY and FREE access to your email anywhere: http://kralweb.
com/mail>> >>
===================================================================>>
>> Need cheap webhosting? Visit: http://genialt.no
>> >>
===================================================================>>
>>
>> >>
>> >>
>> >
>>
>>
>>
>> Aaron Cline
>>
>>
>>
>>
>>
===================================================================>> EASY
and FREE access to your email anywhere: http://kralweb.com/mail
>>
===================================================================>> Need
cheap webhosting? Visit: http://genialt.no
>>
===================================================================>>
>>
>>
>
Aaron Cline
===================================================================EASY and FREE
access to your email anywhere: http://kralweb.com/mail
===================================================================Need cheap
webhosting? Visit: http://genialt.no
====================================================================
On Wed, 2002-10-30 at 04:54, Aaron Cline wrote:> Are the lines where it says Invalid username/password for profiles > [nobody] normal? It goes on to do that about 20 more times. > > Thanks.no that is not normal it seems strange to me that your profiles share sees nobody while the netlogon sees vberry. what is the smb.conf definition of your profiles share? mine looks like this [profiles] path = /home/xp_profiles read only = No create mask = 0600 directory mask = 0700 csc policy = disable share modes = No brad