samba - Jul 2003 - Profiles not working with W2K SP4, Samba 3.0.0beta2 (already posted but got no answer)

Hello,

I still have a problem with my Samba installation. Userprofiles don't work
under W2K SP4. They work fine with Windows NT 4. When loggin on for the first
time the user profile directory is created. After loggin off however no data is
written to the profile directory on the Samba PDC.


When logging on there ist the following activity in the logs (debug level = 1;
log.pc1):

=====>
[2003/07/22 14:11:41, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1351)
  failed to decode PDU
[2003/07/22 14:11:41, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
  process_request_pdu: failed to do schannel processing.
[2003/07/22 14:11:42, 1] smbd/service.c:make_connection_snum(692)
  pc1 (192.168.0.1) connect to service netlogon initially as user test
(uid=1006, gid=1006) (pid 823)
[2003/07/22 14:11:42, 1] smbd/service.c:make_connection_snum(692)
  pc1 (192.168.0.1) connect to service test initially as user test (uid=1006,
gid=1006) (pid 823)
[2003/07/22 14:11:43, 1] smbd/service.c:make_connection_snum(692)
  pc1 (192.168.0.1) connect to service test initially as user test (uid=1006,
gid=1006) (pid 823)
<====
When logging off there is just this:

[2003/07/22 14:13:50, 1] smbd/service.c:close_cnum(873)
  pc1 (192.168.0.1) closed connection to service test


If I log on at a Windows NT 4 Workstation the log is different (debug level = 1;
log.heu2):

======>
[2003/07/22 14:17:19, 1] smbd/service.c:make_connection_snum(692)
  heu2 (192.168.0.2) connect to service profiles initially as user test
(uid=1006, gid=1006) (pid 846)
[2003/07/22 14:17:20, 1] smbd/service.c:make_connection_snum(692)
  heu2 (192.168.0.2) connect to service netlogon initially as user test
(uid=1006, gid=1006) (pid 846)
[2003/07/22 14:17:20, 1] smbd/service.c:make_connection_snum(692)
  heu2 (192.168.0.2) connect to service test initially as user test (uid=1006,
gid=1006) (pid 846)
[2003/07/22 14:17:20, 0] smbd/nttrans.c:call_nt_transact_ioctl(1831)
  call_nt_transact_ioctl(0x90028): Currently not implemented.
<=====
In the logs I can see that W2K SP4 doesn't connect to the profiles share
instead there are some errors in the log (failed to do schannel processing,
failed to decode PDU).

When logging off, Samba is only logging that the connection to the home share
and other open shares (The profile share never occurs in the logs) are closed:


Logging off from the W2K workstation takes about 1 1/2 minutes. W2K writes the
following to the eventlog (german log):

=====>
Die Registrierungsdatei konnte nicht entfernt werden. Ihre Einstellungen werden
nicht repliziert, falls Sie ein servergspeichertes Profil haben. Wenden Sie sich
an den Administrator.

DETAIL - Zugriff verweigert , Buildnummer ((2195)). 
<====
I'm not sure about this message, because it also occurs when logging on and
off locally at the machine itself. The registry tweaks I found on google
didn't change anything about this message. Also logging off locally takes
about 1 1/2 minutes time.


Any help is welcome :-) and sorry for my last posting - I accidently hit the
"send" button before finishing my text.


Best Regards
Manfred



My smb.conf looks like this:

=====>
# Samba config file created using SWAT
# from 192.168.0.1 (192.168.0.1)
# Date: 2003/07/22 12:24:13

# Global parameters
[global]
        debug level = 4
        unix charset = ISO-8859-15
        workgroup = DVS
        server string = %h server (Samba %v)
        obey pam restrictions = Yes
        passdb backend = tdbsam, guest
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        logon path = \\samba\profiles\%u
        logon drive = h:
        logon home = \\samba\%u
        domain logons = Yes
        os level = 64
        preferred master = Yes
        domain master = Yes
        dns proxy = No
        ldap ssl = no
        panic action = /usr/share/samba/panic-action %d
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        invalid users = root
        admin users = administrator

[homes]
        comment = Home Directories
        read only = No
        create mask = 0700
        directory mask = 0700
        browseable = No

[netlogon]
        path = /var/exports/data/netlogon
        write list = domainadmins

[profiles]
        path = /var/exports/data/profiles
        read only = No
        create mask = 0600
        directory mask = 0700
        profile acls = yes

[gl]
        path = /var/exports/data/gl
        valid users = @gl, @domainadmins
        force group = @gl
        read only = No
        create mask = 0660
        directory mask = 0770

[ma]
        path = /var/exports/data/ma
        valid users = @ma, @domainadmins
        force group = @ma
        read only = No
        create mask = 0660
        directory mask = 0770
<====

the profile directory looks like this:

drwxrwxrwx    2 root     domainusers     4096 Jul 22 13:35 profiles
(777 permissions are for testing, they will become 770 again)



--

manfred heubach edv und neue medien
Hindenburgstr. 47
D-73728 Esslingen

Tel. +49 711 9315824
Fax  +49 711 9315825
www.heubach-edv.de


Informationstechnologie und Telekommunikation f?r Unternehmen

On Wed, 23 Jul 2003, MH - Entwicklung wrote:
> Hello,
>
> I still have a problem with my Samba installation. Userprofiles
> don't work under W2K SP4. They work fine with Windows NT 4.
> When loggin on for the first time the user profile directory is
> created. After loggin off however no data is written to the
> profile directory on the Samba PDC.
Just an idea: check if the user profiles are still set rwx for
the users. I think I have seen the permissions being changed
after the first login.

Regards,

Uli.
>
>
> When logging on there ist the following activity in the logs (debug level =
1; log.pc1):
>
> =====>
> [2003/07/22 14:11:41, 0]
rpc_server/srv_pipe.c:api_pipe_netsec_process(1351)
>   failed to decode PDU
> [2003/07/22 14:11:41, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
>   process_request_pdu: failed to do schannel processing.
> [2003/07/22 14:11:42, 1] smbd/service.c:make_connection_snum(692)
>   pc1 (192.168.0.1) connect to service netlogon initially as user test
(uid=1006, gid=1006) (pid 823)
> [2003/07/22 14:11:42, 1] smbd/service.c:make_connection_snum(692)
>   pc1 (192.168.0.1) connect to service test initially as user test
(uid=1006, gid=1006) (pid 823)
> [2003/07/22 14:11:43, 1] smbd/service.c:make_connection_snum(692)
>   pc1 (192.168.0.1) connect to service test initially as user test
(uid=1006, gid=1006) (pid 823)
> <====>
> When logging off there is just this:
>
> [2003/07/22 14:13:50, 1] smbd/service.c:close_cnum(873)
>   pc1 (192.168.0.1) closed connection to service test
>
>
> If I log on at a Windows NT 4 Workstation the log is different (debug level
= 1; log.heu2):
>
> ======>
> [2003/07/22 14:17:19, 1] smbd/service.c:make_connection_snum(692)
>   heu2 (192.168.0.2) connect to service profiles initially as user test
(uid=1006, gid=1006) (pid 846)
> [2003/07/22 14:17:20, 1] smbd/service.c:make_connection_snum(692)
>   heu2 (192.168.0.2) connect to service netlogon initially as user test
(uid=1006, gid=1006) (pid 846)
> [2003/07/22 14:17:20, 1] smbd/service.c:make_connection_snum(692)
>   heu2 (192.168.0.2) connect to service test initially as user test
(uid=1006, gid=1006) (pid 846)
> [2003/07/22 14:17:20, 0] smbd/nttrans.c:call_nt_transact_ioctl(1831)
>   call_nt_transact_ioctl(0x90028): Currently not implemented.
> <=====>
> In the logs I can see that W2K SP4 doesn't connect to the profiles
share instead there are some errors in the log (failed to do schannel
processing, failed to decode PDU).
>
> When logging off, Samba is only logging that the connection to the home
share and other open shares (The profile share never occurs in the logs) are
closed:
>
>
> Logging off from the W2K workstation takes about 1 1/2 minutes. W2K writes
the following to the eventlog (german log):
>
> =====>
> Die Registrierungsdatei konnte nicht entfernt werden. Ihre Einstellungen
werden nicht repliziert, falls Sie ein servergspeichertes Profil haben. Wenden
Sie sich an den Administrator.
>
> DETAIL - Zugriff verweigert , Buildnummer ((2195)).
> <====>
> I'm not sure about this message, because it also occurs when logging on
and off locally at the machine itself. The registry tweaks I found on google
didn't change anything about this message. Also logging off locally takes
about 1 1/2 minutes time.
>
>
> Any help is welcome :-) and sorry for my last posting - I accidently hit
the "send" button before finishing my text.
>
>
> Best Regards
> Manfred
>
>
>
> My smb.conf looks like this:
>
> =====>
> # Samba config file created using SWAT
> # from 192.168.0.1 (192.168.0.1)
> # Date: 2003/07/22 12:24:13
>
> # Global parameters
> [global]
>         debug level = 4
>         unix charset = ISO-8859-15
>         workgroup = DVS
>         server string = %h server (Samba %v)
>         obey pam restrictions = Yes
>         passdb backend = tdbsam, guest
>         passwd program = /usr/bin/passwd %u
>         passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
>         syslog = 0
>         log file = /var/log/samba/log.%m
>         max log size = 1000
>         logon path = \\samba\profiles\%u
>         logon drive = h:
>         logon home = \\samba\%u
>         domain logons = Yes
>         os level = 64
>         preferred master = Yes
>         domain master = Yes
>         dns proxy = No
>         ldap ssl = no
>         panic action = /usr/share/samba/panic-action %d
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
>         invalid users = root
>         admin users = administrator
>
> [homes]
>         comment = Home Directories
>         read only = No
>         create mask = 0700
>         directory mask = 0700
>         browseable = No
>
> [netlogon]
>         path = /var/exports/data/netlogon
>         write list = domainadmins
>
> [profiles]
>         path = /var/exports/data/profiles
>         read only = No
>         create mask = 0600
>         directory mask = 0700
>         profile acls = yes
>
> [gl]
>         path = /var/exports/data/gl
>         valid users = @gl, @domainadmins
>         force group = @gl
>         read only = No
>         create mask = 0660
>         directory mask = 0770
>
> [ma]
>         path = /var/exports/data/ma
>         valid users = @ma, @domainadmins
>         force group = @ma
>         read only = No
>         create mask = 0660
>         directory mask = 0770
> <====>
>
> the profile directory looks like this:
>
> drwxrwxrwx    2 root     domainusers     4096 Jul 22 13:35 profiles
> (777 permissions are for testing, they will become 770 again)
>
>
>
> --
>
> manfred heubach edv und neue medien
> Hindenburgstr. 47
> D-73728 Esslingen
>
> Tel. +49 711 9315824
> Fax  +49 711 9315825
> www.heubach-edv.de
>
>
> Informationstechnologie und Telekommunikation f?r Unternehmen
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
>
+-----------------------------------+
|        Peter Ulrich Kruppa        |
|          -  Wuppertal -           |
|              Germany              |
+-----------------------------------+