samba - Mar 2004 - Samba3 PDC + WinXP --> profile not found

Hi!

Sorry for asking that, because I think this error is very frequent, but
I can't solve it. I searched over the Google and mostly the samba
mailing list archives, but I couldn't find anything useful about it.

    Here is the situation: We are using A Samba3 server with LDAP
password backend, configured as WINS and PDC server. We're also using
roaming profiles. And here is the problem! Sometimes users got this
error message from WinXP below. The logon finishes correctly except
that the profile wasn't coped back to the server.

=====
Windows cannot locate the server copy of your roaming profile and is
attempting to log you on with your local profile. Changes to the profile
will not be copied to the server when you logoff. Possible causes of this
error include network problems or insufficient security rights. If this
problem persists, contact your network administrator.

 DETAIL - The network name cannot be found.
=========if I am right, the network name for Windows means NetBIOS name. But I
can resolve the NetBIOS name of the server every time it is needed. The other I
thought about is that the network name is the user name in the domain. So I
checked my config(below), but I think the logon parameters are OK. So I
don't know what happened, and this error is very annoying. Every help is
appreciated!

Thanks,
	Mark Tolmacs

Ps.: http://home.sch.bme.hu/~tolmika/samba  <== Here you can read a level 10
log when a user log in, and got that annoying message. And the -2.log file
contains the full log, with logging out and doing nothing else. Thanks again!
-----------------------------------------------------------------------------------
/etc/init.d/samba/smb.conf:
--------------------------
[global]
netbios name = SALETROM
workgroup = INTRANET
encrypt password = Yes
passdb backend = ldapsam:ldap://192.168.0.3
log file = /var/log/samba/log.%m
max log size = 100000
os level = 33
preferred master = yes
domain master = yes
local master = yes
security = user
log level = 10
domain logons = yes
logon path = \\%N\profiles\%U
logon drive = H:
wins support = Yes
ldap suffix = dc=intranet
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Users
ldap admin dn = cn=admin,dc=intranet
ldap ssl = no
ldap passwd sync = No
profile acls = Yes
nt acl support = Yes

[homes]
read only = No
browseable = No

[netlogon]
path = /var/lib/samba/netlogon
read only = yes
write list = ntadmin

[profiles]
path = /var/lib/samba/profiles
read only = no
create mask = 0600
directory mask = 0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tolmacs Mark ?rta:
| Hi!
|
| Sorry for asking that, because I think this error is very frequent, but
| I can't solve it. I searched over the Google and mostly the samba
| mailing list archives, but I couldn't find anything useful about it.
|
|    Here is the situation: We are using A Samba3 server with LDAP
| password backend, configured as WINS and PDC server. We're also using
| roaming profiles. And here is the problem! Sometimes users got this
| error message from WinXP below. The logon finishes correctly except
| that the profile wasn't coped back to the server.
|
| =====|
| Windows cannot locate the server copy of your roaming profile and is
| attempting to log you on with your local profile. Changes to the profile
| will not be copied to the server when you logoff. Possible causes of this
| error include network problems or insufficient security rights. If this
| problem persists, contact your network administrator.
|
| DETAIL - The network name cannot be found.
| =========| if I am right, the network name for Windows means NetBIOS name. But
I
| can resolve the NetBIOS name of the server every time it is needed. The
| other I thought about is that the network name is the user name in the
| domain. So I checked my config(below), but I think the logon parameters
| are OK. So I don't know what happened, and this error is very annoying.
| Every help is appreciated!
|
| Thanks,
|     Mark Tolmacs
|
| Ps.: http://home.sch.bme.hu/~tolmika/samba  <== Here you can read a
| level 10 log when a user log in, and got that annoying message. And the
| -2.log file contains the full log, with logging out and doing nothing
| else. Thanks again!
|
- 
-----------------------------------------------------------------------------------

|
| /etc/init.d/samba/smb.conf:
| --------------------------
| [global]
| netbios name = SALETROM
| workgroup = INTRANET
| encrypt password = Yes
| passdb backend = ldapsam:ldap://192.168.0.3
| log file = /var/log/samba/log.%m
| max log size = 100000
| os level = 33
| preferred master = yes
| domain master = yes
| local master = yes
| security = user
| log level = 10
| domain logons = yes
| logon path = \\%N\profiles\%U
| logon drive = H:
| wins support = Yes
| ldap suffix = dc=intranet
| ldap machine suffix = ou=Computers
| ldap user suffix = ou=Users
| ldap group suffix = ou=Groups
| ldap idmap suffix = ou=Users
| ldap admin dn = cn=admin,dc=intranet
| ldap ssl = no
| ldap passwd sync = No
| profile acls = Yes
| nt acl support = Yes
|
| [homes]
| read only = No
| browseable = No
|
| [netlogon]
| path = /var/lib/samba/netlogon
| read only = yes
| write list = ntadmin
|
| [profiles]
| path = /var/lib/samba/profiles
| read only = no
| create mask = 0600
| directory mask = 0700

Move your
profile acls = Yes
from the global section to the profiles share definition
It worked for me.

Cheers

Geza
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAYuyH/PxuIn+i1pIRApd+AJ4m+FXR4XpqffuZku+GB/Vovx5F/ACfbxZe
vj68famV5Zlx8ojgoD8DzR4=vjm/
-----END PGP SIGNATURE-----