samba - May 2006 - URGENT: Samba Won't Substitute %u In "Logon *" When LDAP Is Used

Version: 3.0.14a  (debian stable: 3sarge1)

I'm just about finished converting our company's network from NIS to 
LDAP.  Part of that involved updating Samba to use that same directory 
so all the information is maintained in one place.

Most everything is good, except that my roaming profiles won't work.  My 
smb.conf file is attached.

Upping the log level eventually showed messages like this:

[2006/05/22 15:16:29, 5] smbd/filename.c:unix_convert(108)
   unix_convert called on file "%u"
[2006/05/22 15:16:29, 10] smbd/statcache.c:stat_cache_lookup(210)
   stat_cache_lookup: lookup failed for name [%U]
[2006/05/22 15:16:29, 5] smbd/filename.c:unix_convert(175)
   unix_convert begin: name = %u, dirpath = , start = %u

I traced this to the "logon path" configuration item.  Samba is
choosing
the value from the smb.conf file because I don't have these values set 
within the LDAP directory; I just want to use the default generated one.

However, it semes that Samba is NOT substituting the "%u" in this case
even though it was when LDAP was not in use.  At least "logon path"
and
"logon home" are affected; maybe more.

To verify, I manually changed every "%u" in the smb.conf file to 
"bcwhite" and then I can log on with my profile and home directory
just
fine.  An okay solution for me, but the rest of my users might complain.

Since my users are expecting to return tomorrow (after a long weekend) 
and use their WinXP machines, I'd appreciate it if someone can shed some 
light on this problem asap.

Thanks much!!!

                                           Brian
                                  ( bcwhite@precidia.com )

-------------------------------------------------------------------------------
           Until we are first independent, we cannot be interdependent.
-------------- next part --------------
;
; $Id: smb.conf,v 1.7 2006/05/22 19:09:28 bcwhite Exp $
;

[global]
	printing = cups
	printcap = cups
	load printers = yes
	guest account = guest
	invalid users = root
	dont descend = /proc,/dev
	unix extensions = no
	bind interfaces only = no
	interfaces = eth1 eth2
	netbios aliases = titan share shell profiles

; don't risk problems with buggy dos programs (Visual C++) getting wrong
timestamp
	dos filetime resolution = yes

; "security = user" is always a good idea. This will require a Unix
account
; in this server for every user accessing the server.
	security = user

; Change this for the workgroup your Samba server will part of
	workgroup = precidia

	server string = %h Server (Samba %v)

; If you want Samba to log though syslog only then set the following
; parameter to 'yes'. Please note that logging through syslog in
; Samba is still experimental.
	syslog only = no

; We want Samba to log a minimum amount of information to syslog. Everything
; should go to /var/log/{smb,nmb} instead. If you want to log through
; syslog you should set the following parameter to something higher.
	syslog = 0;

; This socket options really speed up Samba under Linux, according to my
; own tests.
	socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096

; Passwords are encrypted by default. This way the latest Windows 95 and NT
; clients can connect to the Samba server with no problems.
	encrypt passwords = yes
	passdb backend = ldapsam:ldap://localhost

; It's always a good idea to use a WINS server. If you want this server
; to be the WINS server for your network change the following parameter
; to "yes". Otherwise leave it as "no" and specify your WINS
server
; 	below (note: only one Samba server can be the WINS server).
; Read BROWSING.txt for more details.
	wins support = yes

; If this server is not the WINS server then specify who is it and uncomment
; next line.
; wins server = 172.16.0.10

; Please read BROWSING.txt and set the next four parameters according
; to your network setup.
	os level = 99
	local master = yes
	preferred master = yes

; Domain stuff
	domain master = yes
	domain logons = yes
;;	domain group map = /etc/samba/domain-group.map
;;	domain user map = /etc/samba/domain-user.map
;;	local group map = /etc/samba/local-group.map
	logon path = \\profiles\profiles\%u
	logon home = \\shell\%u
	logon drive = u:
	logon script = logon.bat
;;	add user script = /etc/samba/addhost %u

; What naming service and in what order should we use to resolve host names
; to IP addresses
	name resolve order = host bcast

; This will enable nmbd to search for NetBIOS names through DNS.
	dns proxy = yes

; Name mangling options
	preserve case = yes
	short preserve case = yes
	mangled names = yes
	mangle prefix = 5
	mangling method = hash

; LDAP settings
	ldap admin dn = uid=samba,ou=Services,dc=precidia
	ldap suffix = dc=precidia
	ldap user suffix = ou=People
	ldap group suffix = ou=Groups
	ldap idmap suffix = ou=Idmap
	ldap machine suffix = ou=Hosts
	ldap replication sleep = 1000
	ldap password sync = true
	ldapsam:trusted = true

; For Unix password sync. to work on a Debian GNU/Linux system, the following
; parameters must be set (thanks to Culus for pointing this out):
	check password script = /usr/local/sbin/pwcheck
	unix password sync = false
;	passwd program = /usr/local/sbin/ldappasswd --unix %u
;	passwd chat = * %n\n

; The following parameter is useful only if you have the linpopup package
; installed. The samba maintainer and the linpopup maintainer are
; working to ease installation and configuration of linpopup and samba.
;	message command = /bin/sh -c '/usr/bin/linpopup "%f"
"%m" %s; rm %s' &

; The default maximum log file size is 5 MBytes. That's too big so this
; next parameter sets it to 1 MByte. Currently, Samba rotates log
; files (/var/log/{smb,nmb} in Debian) when these files reach 1000 KBytes.
; A better solution would be to have Samba rotate the log file upon
; reception of a signal, but for now on, we have to live with this.
	max log size = 1000
	log level = 0

[homes]
	comment = Home Directory
	browseable = no
	read only = no
	create mask = 0664
	directory mask = 0775

[printers]
	comment = Printers
	printer admin = root, @winadmin
	path = /var/spool/samba
	browseable = no
	printable = yes
	public = yes
	writable = no
	create mode = 0700

[print$]
	comment = Printer Drivers
	path = /etc/samba/drivers
	browseable = yes
	guest ok = no
	read only = yes
	write list = root

[netlogon]
	comment = Logon Scripts
	path = /usr/local/win32/netlogon
	read only = yes
	public = no
	browseable = no

[profiles]
	comment = User Profiles
	path = /var/data/profiles
	create mask = 0600
	directory mask = 0700
	read only = no
	public = yes
	browseable = no
	profile acls = yes

; A sample share for sharing your CD-ROM with others.

;[cdrom]
;	comment = CD-ROM Drive
;	writable = no
;	locking = no
;	path = /cdrom
;	public = yes
;	fake oplocks = yes
;
; The next two parameters show how to auto-mount a CD-ROM when the
; cdrom share is accesed. For this to work /etc/fstab must contain
; an entry like this:
;
;    /dev/scd0   /cdrom  iso9660 defaults,noauto,ro,user   0 0
;
; The CD-ROM gets unmounted automatically after the connection to the
;
; If you don't want to use auto-mounting/unmounting make sure the CD
; is mounted on /cdrom
;
;	preexec = /bin/mount /cdrom
;	postexec = /bin/umount /cdrom

[titan]
	comment = Precidia Technologies, Inc.
	path = /home/tolkien/titan
	public = yes
	writable = no
	fake oplocks = yes
	locking = no

[tmp]
	comment = Temporary Files
	path = /usr/local/tmp
	create mode = 0666
	public = yes
	writable = yes

> Version: 3.0.14a  (debian stable: 3sarge1)
I just upgraded to 3.0.22 (debian "testing") and have the same
problem.
  I could really use some help on this one!!!

> I'm just about finished converting our company's network from NIS
to
> LDAP.  Part of that involved updating Samba to use that same directory 
> so all the information is maintained in one place.
> 
> Most everything is good, except that my roaming profiles won't work. 
My
> smb.conf file is attached.
> 
> Upping the log level eventually showed messages like this:
> 
> [2006/05/22 15:16:29, 5] smbd/filename.c:unix_convert(108)
>   unix_convert called on file "%u"
> [2006/05/22 15:16:29, 10] smbd/statcache.c:stat_cache_lookup(210)
>   stat_cache_lookup: lookup failed for name [%U]
> [2006/05/22 15:16:29, 5] smbd/filename.c:unix_convert(175)
>   unix_convert begin: name = %u, dirpath = , start = %u
> 
> I traced this to the "logon path" configuration item.  Samba is
choosing
> the value from the smb.conf file because I don't have these values set 
> within the LDAP directory; I just want to use the default generated one.
> 
> However, it semes that Samba is NOT substituting the "%u" in this
case
> even though it was when LDAP was not in use.  At least "logon
path" and
> "logon home" are affected; maybe more.
> 
> To verify, I manually changed every "%u" in the smb.conf file to 
> "bcwhite" and then I can log on with my profile and home
directory just
> fine.  An okay solution for me, but the rest of my users might complain.
> 
> Since my users are expecting to return tomorrow (after a long weekend) 
> and use their WinXP machines, I'd appreciate it if someone can shed
some
> light on this problem asap.
> 
> Thanks much!!!
> 
> ------------------------------------------------------------------------
> 
> ;
> ; $Id: smb.conf,v 1.7 2006/05/22 19:09:28 bcwhite Exp $
> ;
> 
> [global]
> 	printing = cups
> 	printcap = cups
> 	load printers = yes
> 	guest account = guest
> 	invalid users = root
> 	dont descend = /proc,/dev
> 	unix extensions = no
> 	bind interfaces only = no
> 	interfaces = eth1 eth2
> 	netbios aliases = titan share shell profiles
> 
> ; don't risk problems with buggy dos programs (Visual C++) getting
wrong timestamp
> 	dos filetime resolution = yes
> 
> ; "security = user" is always a good idea. This will require a
Unix account
> ; in this server for every user accessing the server.
> 	security = user
> 
> ; Change this for the workgroup your Samba server will part of
> 	workgroup = precidia
> 
> 	server string = %h Server (Samba %v)
> 
> ; If you want Samba to log though syslog only then set the following
> ; parameter to 'yes'. Please note that logging through syslog in
> ; Samba is still experimental.
> 	syslog only = no
> 
> ; We want Samba to log a minimum amount of information to syslog.
Everything
> ; should go to /var/log/{smb,nmb} instead. If you want to log through
> ; syslog you should set the following parameter to something higher.
> 	syslog = 0;
> 
> ; This socket options really speed up Samba under Linux, according to my
> ; own tests.
> 	socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096
> 
> ; Passwords are encrypted by default. This way the latest Windows 95 and NT
> ; clients can connect to the Samba server with no problems.
> 	encrypt passwords = yes
> 	passdb backend = ldapsam:ldap://localhost
> 
> ; It's always a good idea to use a WINS server. If you want this server
> ; to be the WINS server for your network change the following parameter
> ; to "yes". Otherwise leave it as "no" and specify your
WINS server
> ; 	below (note: only one Samba server can be the WINS server).
> ; Read BROWSING.txt for more details.
> 	wins support = yes
> 
> ; If this server is not the WINS server then specify who is it and
uncomment
> ; next line.
> ; wins server = 172.16.0.10
> 
> ; Please read BROWSING.txt and set the next four parameters according
> ; to your network setup.
> 	os level = 99
> 	local master = yes
> 	preferred master = yes
> 
> ; Domain stuff
> 	domain master = yes
> 	domain logons = yes
> ;;	domain group map = /etc/samba/domain-group.map
> ;;	domain user map = /etc/samba/domain-user.map
> ;;	local group map = /etc/samba/local-group.map
> 	logon path = \\profiles\profiles\%u
> 	logon home = \\shell\%u
> 	logon drive = u:
> 	logon script = logon.bat
> ;;	add user script = /etc/samba/addhost %u
> 
> ; What naming service and in what order should we use to resolve host names
> ; to IP addresses
> 	name resolve order = host bcast
> 
> ; This will enable nmbd to search for NetBIOS names through DNS.
> 	dns proxy = yes
> 
> ; Name mangling options
> 	preserve case = yes
> 	short preserve case = yes
> 	mangled names = yes
> 	mangle prefix = 5
> 	mangling method = hash
> 
> ; LDAP settings
> 	ldap admin dn = uid=samba,ou=Services,dc=precidia
> 	ldap suffix = dc=precidia
> 	ldap user suffix = ou=People
> 	ldap group suffix = ou=Groups
> 	ldap idmap suffix = ou=Idmap
> 	ldap machine suffix = ou=Hosts
> 	ldap replication sleep = 1000
> 	ldap password sync = true
> 	ldapsam:trusted = true
> 
> ; For Unix password sync. to work on a Debian GNU/Linux system, the
following
> ; parameters must be set (thanks to Culus for pointing this out):
> 	check password script = /usr/local/sbin/pwcheck
> 	unix password sync = false
> ;	passwd program = /usr/local/sbin/ldappasswd --unix %u
> ;	passwd chat = * %n\n
> 
> ; The following parameter is useful only if you have the linpopup package
> ; installed. The samba maintainer and the linpopup maintainer are
> ; working to ease installation and configuration of linpopup and samba.
> ;	message command = /bin/sh -c '/usr/bin/linpopup "%f"
"%m" %s; rm %s' &
> 
> ; The default maximum log file size is 5 MBytes. That's too big so this
> ; next parameter sets it to 1 MByte. Currently, Samba rotates log
> ; files (/var/log/{smb,nmb} in Debian) when these files reach 1000 KBytes.
> ; A better solution would be to have Samba rotate the log file upon
> ; reception of a signal, but for now on, we have to live with this.
> 	max log size = 1000
> 	log level = 0
> 
> [homes]
> 	comment = Home Directory
> 	browseable = no
> 	read only = no
> 	create mask = 0664
> 	directory mask = 0775
> 
> [printers]
> 	comment = Printers
> 	printer admin = root, @winadmin
> 	path = /var/spool/samba
> 	browseable = no
> 	printable = yes
> 	public = yes
> 	writable = no
> 	create mode = 0700
> 
> [print$]
> 	comment = Printer Drivers
> 	path = /etc/samba/drivers
> 	browseable = yes
> 	guest ok = no
> 	read only = yes
> 	write list = root
> 
> [netlogon]
> 	comment = Logon Scripts
> 	path = /usr/local/win32/netlogon
> 	read only = yes
> 	public = no
> 	browseable = no
> 
> [profiles]
> 	comment = User Profiles
> 	path = /var/data/profiles
> 	create mask = 0600
> 	directory mask = 0700
> 	read only = no
> 	public = yes
> 	browseable = no
> 	profile acls = yes
> 
> ; A sample share for sharing your CD-ROM with others.
> 
> ;[cdrom]
> ;	comment = CD-ROM Drive
> ;	writable = no
> ;	locking = no
> ;	path = /cdrom
> ;	public = yes
> ;	fake oplocks = yes
> ;
> ; The next two parameters show how to auto-mount a CD-ROM when the
> ; cdrom share is accesed. For this to work /etc/fstab must contain
> ; an entry like this:
> ;
> ;    /dev/scd0   /cdrom  iso9660 defaults,noauto,ro,user   0 0
> ;
> ; The CD-ROM gets unmounted automatically after the connection to the
> ;
> ; If you don't want to use auto-mounting/unmounting make sure the CD
> ; is mounted on /cdrom
> ;
> ;	preexec = /bin/mount /cdrom
> ;	postexec = /bin/umount /cdrom
> 
> [titan]
> 	comment = Precidia Technologies, Inc.
> 	path = /home/tolkien/titan
> 	public = yes
> 	writable = no
> 	fake oplocks = yes
> 	locking = no
> 
> [tmp]
> 	comment = Temporary Files
> 	path = /usr/local/tmp
> 	create mode = 0666
> 	public = yes
> 	writable = yes
> 
> 
                                           Brian
                                  ( bcwhite@precidia.com )

-------------------------------------------------------------------------------
           Until we are first independent, we cannot be interdependent.