samba - Oct 2004 - Roam Prof + F Redir: Logon/off merge deletes most of profile

First up, sorry for the lengthy post, but I've tried quite a lot.  I've
searched the mailing lists, Google, usenet, and IRC.  This post is a
last resort.

Thanks for any help.

Cheers,
Richard



I have verified my setup follows the samba doc:
http://us1.samba.org/samba/docs/man/Samba-Guide/happy.html#redirfold

Synopsis:
---------

When a user logs off XP, most of the server profile directory is
deleted, *except* files created (or modified) during the session being
ended (logoff).

For example, if I create a new file, then logoff and logon again, the
file will remain.  However, during the second logoff, the file will be
deleted because it was not modified.  The file remains remains in the
network profile after the first logoff because it is more recent than
the logon time.

The second logON copies the file from the network profile to the local
machine.  The second logOFF removes the network profile copy of the
file.

I believe this is happening because copying the server profile at logon
creates a *new* file in C:\Docs...  which now has a newer time stamp than
the server copy; at logoff existence of a newer C: version tells XP to
remove the server side copy.  Then, because the C:\Docs... folder is in
the *exclude list*, after the server side copy has been deleted, XP
obeys the exclude list and does *not* copy the C: version back to the
server.  (XP goes on the delete the local profile as per my Group
Policy.)

If I do not add my redirected folders to the exclude list, the problem
goes away.  However, this means I cannot redirect "Local Settings" or
any of the other *default* exclude folders (unless there is way to alter
XP's default exclude list).

After five or six successive logon/offs, the server side profile has
been completely pruned, except of the folders XP always uses (Local
Settings, Temp, etc.).

Note that folder redirection *is* working.  Examples: if I create a file
on the desktop, it appears on the server in [Profiles]\Desktop, *not* in
"C:\Docs & Settings\testuser\Desktop"; running Mozilla correctly
creates
a Moz profile in [Profiles]\Application Data\Mozilla\(...).  After a few
logon/off cycles, these files are deleted from the server.

Also, I have a [Netlogon]\Default User profile.  For new logons, this
profile is correctly copied down to the local system.  However, at
logoff, most of the content is NOT pushed back to the server because of
the Exclude Folders Group Policy.  This limits the usefulness of my
"Default User" configuration. :)


How are people using RPs + Folder Redirection w/ Exclude Folders AND a
network Default User profile?  This seems like a predictable problem;
the Default User settings are never copied *back* to the new user.



I am trying to debug XP's profile merge process and have turned on
detailed logging by setting:

HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon
  = [REG_DWORD] UserEnvDebugLevel = 0x30002

My userenv.log file indicates all the SyncItems, RecurseDir,
ReconcileFile calls, etc.  I just don't know what I can do to try and
*fix* it!

Using the Samba "profiles" command, I have verified that the user has
permission on their own NTUSER.DAT.

I have read the discussion of the merge algorithm:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/xpusrdat.mspx

I thought it was time sync issue.  I tried to insure synchronization by
syncing my clients to nmbd's time server, but the problem remained.  The
client and server are both in the same timezone, and adjusted for
Daylight Savings time.  (As far as I can tell, because Unix side files
have time stamps matching the XP desktop clock.)


Setup:

Samba 3.0.7 PDC and XP SP(1,2) clients.

XP:

Registry:

All entries in User Shell Folders (including Local Settings, Temporary Internet
Items, etc.) and point to the profile share:
e.g. "AppData" = "\\%LOGONSERVER%\Profiles\%USERNAME%"

Group Policy:

Delete the locally copy of the profile at logoff
Disable users moving My Documents
Disable offline files (system wide)
Disable ownership checking of profile directory



Samba configuration: 

"time server = yes"
  XP clients perform "net time \\server /set /yes" in a [netlogon] BAT
file
  at each user logon.

Other smb.conf settings:

[Profiles]
"profile acls = yes
"csc policy = disabled"

I can post more if it's relevant.  I have lots of logs. :)