samba - Apr 2003 - Re: PDC with roaming profiels

Hi All,

Hopefully someone knows the answer to this?  I have a RH 7.3 box running
Samba 2.3a as a PDC for over 1 1/2 years now.  Things are good for the most
part, except some minor annoyances with the way windows (2k) is handling the
roaming profiles.  Maybe I need to alter the permissions for the users
profile, any insight would be wonderful though.  The profiles copied to the
local box under "C:\Documents and Settings" are set with
Administrators (the
group) - full control, the user name (DOM\unix_user_name) - full control and
System - full control.  Now fairly frequently when the user logs on it
appears that windows doesn't like the copy of the profile that is on the box
already and creates another with a ".bak" extension, then
".DOM", then
".DOM01", ".DOM02" etc.. with multiple users on each box you
can imagine how
fast disk space is just consumed.  The problem is that I cannot always
delete the older profiles.  What can I do, attached is my smb.conf, I would
be thankful for any suggestions regarding this or anything else that may be
problematic in my cfg.

Thanks

Alex Genna
-------------- next part --------------
#/usr/local/samba/lib/smb.conf
#Omni Architects 
#Jan 29, 2002

######################################################################
#====================Global
Settings=================================######################################################################

[global]

netbios name=				Server
workgroup=				omni
server string=				Primary Domain Controller on Dell XPS D300

security=				user
status=					yes
hosts allow=				192.168.9. 127.
invalid users=				bin daemon adm sync shutdown halt mail news uucp operator
gopher Profile
;invalid users=				root
admin users=				@wheel
encrypt passwords=			yes
smb passwd file=			/usr/local/samba/private/smbpasswd

os level=				66
local master=				yes
preferred master=			yes
domain logons=				yes
domain master=				yes
username map=				/usr/local/samba/lib/user.mapping
domain admin group=			@wheel

logon script=				logon.bat
logon path=				\\%N\profile
logon drive=				z:				 				

wins support=				yes
name resolve order=			wins host bcast
dns proxy=				no

time server=				yes

;socket options=			TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 IPTOS_LOWDELAY
;socket options=			TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 IPTOS_LOWDELAY
socket options=				TCP_NODELAY SO_RCVBUF=32768 SO_SNDBUF=32768 IPTOS_LOWDELAY

log file=				/usr/local/samba/var/smb.%m.log
log level=				2
max log size=				10000

######################################################################
#====================Domain
Definitions==============================######################################################################

[netlogon]

comment=				Domain Logon Service
path=					/usr/local/samba/lib/netlogon
writable=				no
browseable=				no
writelist=				agenna, alex
fstype=					Samba

[profile]
	
path=					/home2/%u/profile 
comment=				%u Profile
writable=				yes
browseable=				no
fstype=					Samba


[homes]

comment=				%U Home Directory
path=					/home2/%u
writable=				yes
read only=				no
browseable=				no
fstype=					Samba
veto oplock files=			*.pst


############################################################
#			Share Definitions
############################################################

[tmp]

comment=				Directory
path=					/tmp
public=					yes
writable=				yes

[temp]

comment=				Server Temp Directory
path=					/tmp	
;path=					/home2/Temp
public=					yes
writable=				yes


[Projects]
comment =				Current Projects
path =					/projects
browsable=				yes
valid users=				@caduser
read only=				yes
force group=				caduser
write list=				@caduser
create mask=				0760
directory mask=				0770
hide files=				/.*/lost+found/
;public = 				yes

[Marketing]

comment=				Marketing Files
path=					/marketing
browsable=				yes
valid users=				@caduser
read only=				yes
force group=				caduser
write list=				@caduser
create mask=				0760
directory mask=				0770
hide files=				/.*/lost+found/
;public = 				yes

[Dead Projects]

comment=				Dead Projects to be Archived
path=					/dead/dead
browsable=				yes
valid users=				@caduser
read only=				yes
force group=				caduser
write list=				@cadmanager
force create mode=			0760
force directory mode=		0770
;public = 				yes

[Inactive]

comment=				Dead Projects to be Archived
path=					/dead/inactive
browsable=				yes
valid users=				@caduser
read only=				yes
force group=				caduser
write list=				@caduser
force create mode=			0760
force directory mode=		0770
;public = 				yes

[Lib]

comment=				Cad Library
path=					/standards/lib
browsable=				yes
valid users=				@caduser
read only=				yes
force group=				caduser
write list=				@cadstandards
inherit permissions=		yes
force create mode=			0760
force directory mode=		0770
;public = 				yes

[Add to Lib]

comment=				Cad Library
path=					/standards/addtolib
browsable=				yes
valid users=				@caduser
read only=				no
force group=				caduser
write list=				@caduser
;public =                                yes


[System]

comment=				Shared System Files
path=					/system
read only=				yes
inherit permissions=		yes
valid users=				@caduser
write list=				@caduser
#write list=				@cadstandards
force group=				caduser
force create mode=			0760

I am having the exact same problem. Sorry I can't help but you're not 
alone on this one.

Alex wrote:
> Hi All,
> 
> Hopefully someone knows the answer to this?  I have a RH 7.3 box running
> Samba 2.3a as a PDC for over 1 1/2 years now.  Things are good for the most
> part, except some minor annoyances with the way windows (2k) is handling
the
> roaming profiles.  Maybe I need to alter the permissions for the users
> profile, any insight would be wonderful though.  The profiles copied to the
> local box under "C:\Documents and Settings" are set with
Administrators (the
> group) - full control, the user name (DOM\unix_user_name) - full control
and
> System - full control.  Now fairly frequently when the user logs on it
> appears that windows doesn't like the copy of the profile that is on
the box
> already and creates another with a ".bak" extension, then
".DOM", then
> ".DOM01", ".DOM02" etc.. with multiple users on each
box you can imagine how
> fast disk space is just consumed.  The problem is that I cannot always
> delete the older profiles.  What can I do, attached is my smb.conf, I would
> be thankful for any suggestions regarding this or anything else that may be
> problematic in my cfg.
> 
> Thanks
> 
> Alex Genna
> 
> 
> ------------------------------------------------------------------------
> 
> #/usr/local/samba/lib/smb.conf
> #Omni Architects 
> #Jan 29, 2002
> 
> ######################################################################
> #====================Global Settings=================================>
######################################################################
> 
> [global]
> 
> netbios name=				Server
> workgroup=				omni
> server string=				Primary Domain Controller on Dell XPS D300
> 
> security=				user
> status=					yes
> hosts allow=				192.168.9. 127.
> invalid users=				bin daemon adm sync shutdown halt mail news uucp operator
gopher Profile
> ;invalid users=				root
> admin users=				@wheel
> encrypt passwords=			yes
> smb passwd file=			/usr/local/samba/private/smbpasswd
> 
> os level=				66
> local master=				yes
> preferred master=			yes
> domain logons=				yes
> domain master=				yes
> username map=				/usr/local/samba/lib/user.mapping
> domain admin group=			@wheel
> 
> logon script=				logon.bat
> logon path=				\\%N\profile
> logon drive=				z:				 				
> 
> wins support=				yes
> name resolve order=			wins host bcast
> dns proxy=				no
> 
> time server=				yes
> 
> ;socket options=			TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 IPTOS_LOWDELAY
> ;socket options=			TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
IPTOS_LOWDELAY
> socket options=				TCP_NODELAY SO_RCVBUF=32768 SO_SNDBUF=32768
IPTOS_LOWDELAY
> 
> log file=				/usr/local/samba/var/smb.%m.log
> log level=				2
> max log size=				10000
> 
> ######################################################################
> #====================Domain Definitions==============================>
######################################################################
> 
> [netlogon]
> 
> comment=				Domain Logon Service
> path=					/usr/local/samba/lib/netlogon
> writable=				no
> browseable=				no
> writelist=				agenna, alex
> fstype=					Samba
> 
> [profile]
> 	
> path=					/home2/%u/profile 
> comment=				%u Profile
> writable=				yes
> browseable=				no
> fstype=					Samba
> 
> 
> [homes]
> 
> comment=				%U Home Directory
> path=					/home2/%u
> writable=				yes
> read only=				no
> browseable=				no
> fstype=					Samba
> veto oplock files=			*.pst
> 
> 
> ############################################################
> #			Share Definitions
> ############################################################
> 
> [tmp]
> 
> comment=				Directory
> path=					/tmp
> public=					yes
> writable=				yes
> 
> [temp]
> 
> comment=				Server Temp Directory
> path=					/tmp	
> ;path=					/home2/Temp
> public=					yes
> writable=				yes
> 
> 
> [Projects]
> comment =				Current Projects
> path =					/projects
> browsable=				yes
> valid users=				@caduser
> read only=				yes
> force group=				caduser
> write list=				@caduser
> create mask=				0760
> directory mask=				0770
> hide files=				/.*/lost+found/
> ;public = 				yes
> 
> [Marketing]
> 
> comment=				Marketing Files
> path=					/marketing
> browsable=				yes
> valid users=				@caduser
> read only=				yes
> force group=				caduser
> write list=				@caduser
> create mask=				0760
> directory mask=				0770
> hide files=				/.*/lost+found/
> ;public = 				yes
> 
> [Dead Projects]
> 
> comment=				Dead Projects to be Archived
> path=					/dead/dead
> browsable=				yes
> valid users=				@caduser
> read only=				yes
> force group=				caduser
> write list=				@cadmanager
> force create mode=			0760
> force directory mode=		0770
> ;public = 				yes
> 
> [Inactive]
> 
> comment=				Dead Projects to be Archived
> path=					/dead/inactive
> browsable=				yes
> valid users=				@caduser
> read only=				yes
> force group=				caduser
> write list=				@caduser
> force create mode=			0760
> force directory mode=		0770
> ;public = 				yes
> 
> [Lib]
> 
> comment=				Cad Library
> path=					/standards/lib
> browsable=				yes
> valid users=				@caduser
> read only=				yes
> force group=				caduser
> write list=				@cadstandards
> inherit permissions=		yes
> force create mode=			0760
> force directory mode=		0770
> ;public = 				yes
> 
> [Add to Lib]
> 
> comment=				Cad Library
> path=					/standards/addtolib
> browsable=				yes
> valid users=				@caduser
> read only=				no
> force group=				caduser
> write list=				@caduser
> ;public =                                yes
> 
> 
> [System]
> 
> comment=				Shared System Files
> path=					/system
> read only=				yes
> inherit permissions=		yes
> valid users=				@caduser
> write list=				@caduser
> #write list=				@cadstandards
> force group=				caduser
> force create mode=			0760
> 
> 
>

I also had this problem:  First a little about it's cause, and then my 
solution.

In my case my users were going to foreign language websites (primarily 
chinese and portuguese) that were leaving temp files that were 
undeletable.  The file names on the temp files had either too many odd 
characters or were too long, never found out for sure.  These files 
ended up in two places. one was Documents and 
Settings\users-name\application data\Microsoft\office\recent files (if 
they opened a word document from the web site);  the other was 
Documents and Settings\users-name\local settings\...\(directory for temp 
IE files, [sorry doing this from memory]).  In both cases the files were 
undeletable even as administrator from gui, cmd line, even safe mode.

    HOWEVER if you mount the administrative share of the drive 
(\\machinename\c$) on a linux box you can delete it there.  The key to 
preventing was applying the registry settings on the machines 
HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft \Windows 
NT\CurrentVersion\Winlogon\DeleteRoamingCache to 1. (check out 
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/tips/regtweak.asp)
This somehow hard deleted everything when the users logged out 
preventing the problem from occuring.

-Barry

Alex wrote:
> Hi All,
> 
> Hopefully someone knows the answer to this?  I have a RH 7.3 box running
> Samba 2.3a as a PDC for over 1 1/2 years now.  Things are good for the most
> part, except some minor annoyances with the way windows (2k) is handling
the
> roaming profiles.  Maybe I need to alter the permissions for the users
> profile, any insight would be wonderful though.  The profiles copied to the
> local box under "C:\Documents and Settings" are set with
Administrators (the
> group) - full control, the user name (DOM\unix_user_name) - full control
and
> System - full control.  Now fairly frequently when the user logs on it
> appears that windows doesn't like the copy of the profile that is on
the box
> already and creates another with a ".bak" extension, then
".DOM", then
> ".DOM01", ".DOM02" etc.. with multiple users on each
box you can imagine how
> fast disk space is just consumed.  The problem is that I cannot always
> delete the older profiles.  What can I do, attached is my smb.conf, I would
> be thankful for any suggestions regarding this or anything else that may be
> problematic in my cfg.
> 
> Thanks
> 
> Alex Genna
> 
>