Benjamin.Oeltze@fujitsu-siemens.com
2005-Sep-23 06:52 UTC
AW: [Samba] Big problem with roaming profiles
I had the same problem. We used samba 3.0.14 and upgraded to 3.0.20 After that profile were not loaded anymore. Th problen you are discribing looks like Windows is loading the local copy of your profile and after you deleted it it tries to load the profile from samba and fails. I found out that we had problems with "profile acls = Yes" wich was needed by the earlier samba releases. Disable it (or #) and try again. Be sure to set the fitting access rights to the Profiles. ________________________________ Von: samba-bounces+benjamin.oeltze=fujitsu-siemens.com@lists.samba.org im Auftrag von S.Schaefer@ukmuenster.de Gesendet: Do 22.09.2005 16:22 An: samba@lists.samba.org Betreff: [Samba] Big problem with roaming profiles Hello everyone! I'm facing a big problem with the samba server I just set up: System: FreeBSD 5.4 Samba ver: 3.0.20 (previuosly 3.0.12) Client(s): Windows XP Professional I configured the server to make use of roaming profiles. I was able to copy local profiles to the server, to login and voila - got my desktop. Also after creating a new user, the new profile gets copied to the server, synchronized and reloaded after next login. So far so good. But when I delete the local copy of the profile (deleting the entire user.dom directory) it doesn't get copied back from the server. Instead Windows waits f?r about 10 minutes until I get a new desktop from some default profile, where I can't change most settings. No update to the server occurs after logout. The same happens when I try to login from a different client. No profile gets loaded. The log reveals no problems or errors. I'm pretty clueless now, since I've read many, many documentations and sample configurations. Below is my smb.conf: [global] display charset = ISO-8859-15 dos charset = 850 unix charset = ISO-8859-15 enable privileges = yes socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY map to guest = Bad User # smb passwd file = /etc/samba/smbpasswd time server = Yes encrypt passwords = yes veto files = /*.eml/*.nws/riched20.dll/*.{*} allow hosts = 128.176.52.0/255.255.255.128 192.168.0.0/24 unix extensions = Yes netbios name = PDC server string = Samba Domain Controller printing = CUPS path = /var/spool/samba workgroup = IZKF4 os level = 65 domain master = yes preferred master = yes local master = yes wins support = yes printcap name = CUPS cups options = "raw" use client driver = no security = user domain logons = yes logon script = STARTUP.CMD logon path = \\%L\profiles\%U logon drive = P: hide unreadable = yes hide dot files = yes log level = 2 log file = /var/log/samba/log.%m ldap passwd sync = Yes passdb backend = ldapsam:ldap://127.0.0.1/ ; SAMBA-LDAP declarations passdb backend = ldapsam:ldap://127.0.0.1/ # ldap filter = (&(objectclass=sambaSamAccount)(uid=%u)) ldap admin dn = cn=Manager,dc=mydomain,dc=com ldap suffix = dc=mydomain,dc=com ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers # ldap ssl = start_tls add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add user script = /usr/local/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes delete user script = /usr/local/sbin/smbldap-userdel "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" delete group script = /usr/local/sbin/smbldap-groupdel "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" [W] comment = Data browsable = yes path = /data/drivew create mask = 0664 directory mask = 0775 public = no writable = yes printable = no write list = @users [netlogon] path = /data/netlogon public = no writeable = no browseable = no [profiles] path=/data/ntprofiles browseable = no writeable = yes guest ok = Yes profile acls = Yes csc policy = disable force user = %U # hide files = /desktop.ini/ntuser.ini/NTUSER.*/ # write list = %U @"Domain Admins" valid users = %U @"Domain Admins" create mask = 0600 directory mask = 0700 # default case = lower preserve case = Yes case sensitive = no [homes] comment = Home Directories valid users = %S browseable = No read only = No create mask = 0640 directory mask = 0750 [printers] comment = All Printers path = /var/spool/samba printable = Yes create mask = 0600 browseable = No public = yes writable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers write list = root,"@Domain Admins" force group = "Domain Admins" create mask = 0664 directory mask = 0775 [hplj1300] comment = HP Laserjet 1300 printable = yes path = /var/spool/hplaserjet1300 public = no guest ok = no printer admin = "Domain Admins" Additionally I applied the following patch to the XP-Clients: ########### ; Windows XP Professional ; enable windows logon to samba server as domain controller (pdc) with roaming profile ; disable secure channel [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] "requiresignorseal"=dword:00000000 "signsecurechannel"=dword:00000000 ; disable check for user ownership of Roaming Profile Folders [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] "CompatibleRUPSecurity"=dword:00000001 ########### Does anybody have an idea? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba <https://pdbvpn1.fujitsu-siemens.com/https/0/lists.samba.org/mailman/listinfo/samba>