Background:
I've setup my server (name:firewall) to acts as a PDC, and to use roaming
profiles. I am using Windows XP with sp1 on the client machines.
Problem:
When I login to my domain (panacea) I get the following error-message:
--------------------------------------------------------------------------
Windows cannot locate the server copy of your roaming profile and is
attempting to log you on with your local profile. Changes to the profile
will not be copied to the server when you logoff. Possible causes of this
error include network problems or insufficient security rights. If this
problem persists, contact your network administrator.
DETAIL - The filename, directory name, or volume label syntax is incorrect.
--------------------------------------------------------------------------
I can manually mount \\firewall\profiles\alexander, and in that directory I
can create files etc. I have also enabled the "Do not check for user
ownership of Roaming Profiles Folders". I've attached all the relevant
information of my system...
Please help :)
Best regards Alexander
###########################################################################
##### Names #####
Domain: Panacea
Server: Firewall (192.168.0.1)
Host: Slave (192.168.0.3)
Linux: Debian (testing)
Samba: Version 3.0.0-Debian
###########################################################################
##### smb.conf #####
[global]
####### Browsing/Identification ########
workgroup = PANACEA
netbios name = FIREWALL
server string = %h
browseable = yes
guest account = samba
invalid users = @wheel, mail, daemon, adt
lock directory = /var/lock/samba/locks
wins support = yes
name resolve order = lmhosts bcast wins hosts
interfaces = eth1
bind interfaces only = yes
####### Logging #######
log file = /var/log/samba/log.%m
syslog = 2
max log size = 1000
panic action = /usr/share/samba/panic-action %d
############ Performance/Tuning ############
getwd cache = yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
keep alive = 60
dead time = 30
####### Authentication/Net Bios #######
security = user
encrypt passwords = true
domain logons = yes
os level = 34
local master = yes
preferred master = yes
domain master = yes
add user script = /usr/sbin/useradd -d /dev/null -g machines -s
/bin/false -M %u
####### Profiles #######
logon drive = h:
logon home = "\\%L\%U"
logon path = "\\%L\profiles\%u"
logon script = login.bat
profile acls = yes
####### Password #######
unix password sync = yes
pam password change = yes
obey pam restrictions = yes
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
passwd program = /usr/bin/passwd %u
passdb backend = tdbsam guest
########## Printing ##########
load printers = yes
printing = cups
printcap name = cups
#printcap name = /var/run/cups/printcap
printer admin = @ntadmin
[netlogon]
comment = Network Logon Service
path = /panacea/users/netlogon
guest ok = Yes
[profiles]
path = /panacea/users/profiles
read only = no
create mask = 0744
directory mask = 0744
writable = yes
browseable = yes
csc policy = disable
profile acls = yes
nt acl support = yes
[homes]
comment = "Home Directory for : %u "
path = /panacea/users/%u
guest ok = no
read only = no
create mask = 700
directory mask = 700
writable = yes
browseable = no
###########################################################################
##### User information #####
pdbedit -Lv -u alexander
Unix username: alexander
NT username:
Account Flags: [U ]
User SID: S-1-5-21-198119243-2907378319-2784864356-3000
Primary Group SID: S-1-5-21-198119243-2907378319-2784864356-3001
Full Name: Alexander Gustafsson
Home Directory: "\\firewall\alexander"
HomeDir Drive: h:
Logon Script: login.bat
Profile Path: "\\firewall\profiles\%u"
Domain: FIREWALL
# This is the user account
cat /etc/passwd | grep alexander
alexander:x:1001:100:Alexander Gustafsson,,,:/home/alexander:/bin/bash
# This is the Host account
cat /etc/passwd | grep slave
slave$:*:1000:100:Host slave,,,:/dev/null:/dev/null
###########################################################################
##### Directories/Permissions #####
I know that this system is "wide" open, but I thought the problem
could be
permission related, so that's why I used 1777.
root@firewall:/panacea/users# ls -la
drwxr-xr-x 7 root root 4096 Jan 21 22:04 .
drwxr-xr-x 4 root root 4096 Dec 28 16:42 ..
drwx------ 9 alexander users 4096 Jan 22 14:10 alexander
drwxrwxrwx 2 root users 4096 Dec 28 16:39 netlogon
drwxrwxrwt 5 root users 4096 Jan 22 15:20 profiles
root@firewall:/panacea/users/netlogon# ls -la
drwxrwxrwx 2 root users 4096 Dec 28 16:39 .
drwxr-xr-x 7 root root 4096 Jan 21 22:04 ..
root@firewall:/panacea/users/profiles# l
drwxrwxrwt 5 root users 4096 Jan 22 15:20 .
drwxr-xr-x 7 root root 4096 Jan 21 22:04 ..
drwxrwxrwt 13 root users 4096 Jan 22 15:20 alexander
root@firewall:/panacea/users/profiles/alexander# ls -la
total 1080
drwxrwxrwt 13 root users 4096 Jan 22 15:20 .
drwxrwxrwt 5 root users 4096 Jan 22 15:20 ..
drwxrwxrwt 6 root users 4096 Jan 22 15:20 Application Data
drwxrwxrwt 2 root users 4096 Jan 22 15:20 Cookies
drwxrwxrwt 2 root users 4096 Jan 22 15:20 Desktop
drwxrwxrwt 3 root users 4096 Jan 22 15:22 Favorites
drwxrwxrwt 5 root users 4096 Jan 22 15:20 My Documents
drwxrwxrwt 2 root users 4096 Jan 22 15:20 NetHood
drwxrwxrwt 2 root users 4096 Jan 22 15:20 PrintHood
drwxrwxrwt 2 root users 4096 Jan 22 15:20 Recent
drwxrwxrwt 2 root users 4096 Jan 22 15:20 SendTo
drwxrwxrwt 3 root users 4096 Jan 22 15:20 Start Menu
drwxrwxrwt 2 root users 4096 Jan 22 15:20 Templates
-rwxrwxrwt 1 root users 1048576 Jan 22 15:20 ntuser.dat
###########################################################################
##### #####
cat log.slave
[2004/01/22 16:00:11, 1] smbd/service.c:close_cnum(880)
slave (192.168.0.3) closed connection to service profiles
[2004/01/22 16:00:20, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1357)
failed to decode PDU
[2004/01/22 16:00:20, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
process_request_pdu: failed to do schannel processing.
[2004/01/22 16:00:36, 1] smbd/service.c:make_connection_snum(698)
slave (192.168.0.3) connect to service netlogon initially as user
alexander (uid=1001, gid=100) (pid 7540)
[2004/01/22 16:00:47, 1] smbd/service.c:close_cnum(880)
slave (192.168.0.3) closed connection to service netlogon
[2004/01/22 16:00:50, 0] rpc_server/srv_util.c:get_domain_user_groups(371)
get_domain_user_groups: primary gid of user [slave$] is not a Domain group
!
get_domain_user_groups: You should fix it, NT doesn't like that
[2004/01/22 16:00:50, 0] rpc_server/srv_util.c:get_alias_user_groups(219)
get_alias_user_groups: gid of user slave$ doesn't exist. Check your
/etc/passwd and /etc/group files
[2004/01/22 16:00:56, 1] smbd/service.c:close_cnum(880)
slave (192.168.0.3) closed connection to service alexander
[2004/01/22 16:00:56, 1] smbd/service.c:close_cnum(880)
cat log.smbd
[2004/01/22 16:01:00, 0] lib/util_sock.c:get_socket_addr(919)
getpeername failed. Error was Transport endpoint is not connected
