samba - Aug 2006 - profile-portability doesn't work

Hello!

I'm using Samba as PDC in a small company (~40 computers), the 
environment is the following:
Gentoo linux 2.6.14-hardened-r5, Samba 3.0.22-r2, OpenLDAP 2.3.24-r1, 
nss_ldap 2.49, Windows XP clients

The problem is that profile-portability doesn't work. A user first logs 
into a machine, then he can't use his profile on another one.

The samba log says:
[2006/08/27 20:20:37, 1] smbd/service.c:make_connection_snum(693)
   mgrtpc211 (192.168.2.211) connect to service profiles initially as 
user csap.geza (uid=1125, gid=513) (pid 23613)
[2006/08/27 20:20:37, 1] smbd/service.c:make_connection_snum(693)
   mgrtpc211 (192.168.2.211) connect to service profiles initially as 
user csap.geza (uid=1125, gid=513) (pid 23613)
[2006/08/27 20:26:38, 1] smbd/service.c:close_cnum(885)
   mgrtpc211 (192.168.2.211) closed connection to service profiles
[2006/08/27 20:26:38, 1] smbd/service.c:close_cnum(885)
   mgrtpc211 (192.168.2.211) closed connection to service profiles
[2006/08/27 20:26:38, 1] smbd/service.c:make_connection_snum(693)
   mgrtpc211 (192.168.2.211) connect to service netlogon initially as 
user csap.geza (uid=1125, gid=513) (pid 23639)
[2006/08/27 20:26:39, 1] smbd/service.c:make_connection_snum(693)
   mgrtpc211 (192.168.2.211) connect to service csap.geza initially as 
user csap.geza (uid=1125, gid=513) (pid 23639)

It takes 6 minutes to connect to profiles share but finally fails. 
Although it mounts the netlogon and home shares.

Did anybody meet a problem like this?

Thx,
Imre

PS: My smb.conf:
[global]
workgroup = JASZAPATIMGZRT
netbios name = MIERDA
server string = Domain Controller
hosts allow = 192.168.2.0/24 127.0.0.0/8
security = user

# some tuning options
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = eth1 192.168.2.0/24 lo
bind interfaces only = yes
dos charset = cp852
unix charset = utf8
display charset = utf8

# to make your Samba server act as a PDC, you need these lines:
os level = 65
local master = yes
domain master = yes
preferred master = yes

# security
null passwords = no
hide unreadable = yes
hide dot files = yes

# domain settings
domain logons = yes
logon script = %U.cmd
logon path = \\MIERDA\profiles\%U
logon drive = H:
logon home = \\MIERDA\%U
wins support = yes
name resolve order = wins lmhosts host bcast
dns proxy = no
time server = yes
log file = /var/log/samba/%m.log
log level = 2
idmap uid = 1000-20000
idmap gid = 512-560

# scripts
add user script = /usr/sbin/smbldap-useradd -m "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"

# ldap settings
ldap delete dn = yes
ldap ssl = no
passdb backend = ldapsam:ldap://mierda
ldap suffix = dc=jaszapatimgzrt,dc=hu
ldap admin dn = cn=Manager,dc=jaszapatimgzrt,dc=hu
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=People
ldap password sync = yes

# printing section
printing = cups
printcap name = cups
load printers = yes

[netlogon]
path = /home/samba/netlogon
guest ok = yes
browseable = no
#write list = root

[profiles]
path = /home/samba/profiles
writable = yes
profile acls = yes
browseable = no
create mask = 0600
directory mask = 0700
guest ok = yes
csc policy = disable
force user = %U
valid users = @"Domain Users" @"Domain Admins"

[homes]
comment = Home directories
path = /home/%U
browseable = no
valid users = %U
read only = no
create mask = 0664
directory mask = 0775
hide dot files = yes

Anybody with a similar problem? Or profile-portability would be so easy 
and only for me doesn't work? :(

Imre

Bolya Imre wrote:
> Hello!
> 
> I'm using Samba as PDC in a small company (~40 computers), the 
> environment is the following:
> Gentoo linux 2.6.14-hardened-r5, Samba 3.0.22-r2, OpenLDAP 2.3.24-r1, 
> nss_ldap 2.49, Windows XP clients
> 
> The problem is that profile-portability doesn't work. A user first logs
> into a machine, then he can't use his profile on another one.
> 
> The samba log says:
> [2006/08/27 20:20:37, 1] smbd/service.c:make_connection_snum(693)
>   mgrtpc211 (192.168.2.211) connect to service profiles initially as 
> user csap.geza (uid=1125, gid=513) (pid 23613)
> [2006/08/27 20:20:37, 1] smbd/service.c:make_connection_snum(693)
>   mgrtpc211 (192.168.2.211) connect to service profiles initially as 
> user csap.geza (uid=1125, gid=513) (pid 23613)
> [2006/08/27 20:26:38, 1] smbd/service.c:close_cnum(885)
>   mgrtpc211 (192.168.2.211) closed connection to service profiles
> [2006/08/27 20:26:38, 1] smbd/service.c:close_cnum(885)
>   mgrtpc211 (192.168.2.211) closed connection to service profiles
> [2006/08/27 20:26:38, 1] smbd/service.c:make_connection_snum(693)
>   mgrtpc211 (192.168.2.211) connect to service netlogon initially as 
> user csap.geza (uid=1125, gid=513) (pid 23639)
> [2006/08/27 20:26:39, 1] smbd/service.c:make_connection_snum(693)
>   mgrtpc211 (192.168.2.211) connect to service csap.geza initially as 
> user csap.geza (uid=1125, gid=513) (pid 23639)
> 
> It takes 6 minutes to connect to profiles share but finally fails. 
> Although it mounts the netlogon and home shares.
> 
> Did anybody meet a problem like this?
> 
> Thx,
> Imre
> 
> PS: My smb.conf:
> [global]
> workgroup = JASZAPATIMGZRT
> netbios name = MIERDA
> server string = Domain Controller
> hosts allow = 192.168.2.0/24 127.0.0.0/8
> security = user
> 
> # some tuning options
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> interfaces = eth1 192.168.2.0/24 lo
> bind interfaces only = yes
> dos charset = cp852
> unix charset = utf8
> display charset = utf8
> 
> # to make your Samba server act as a PDC, you need these lines:
> os level = 65
> local master = yes
> domain master = yes
> preferred master = yes
> 
> # security
> null passwords = no
> hide unreadable = yes
> hide dot files = yes
> 
> # domain settings
> domain logons = yes
> logon script = %U.cmd
> logon path = \\MIERDA\profiles\%U
> logon drive = H:
> logon home = \\MIERDA\%U
> wins support = yes
> name resolve order = wins lmhosts host bcast
> dns proxy = no
> time server = yes
> log file = /var/log/samba/%m.log
> log level = 2
> idmap uid = 1000-20000
> idmap gid = 512-560
> 
> # scripts
> add user script = /usr/sbin/smbldap-useradd -m "%u"
> add machine script = /usr/sbin/smbldap-useradd -w "%u"
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u" "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
> 
> # ldap settings
> ldap delete dn = yes
> ldap ssl = no
> passdb backend = ldapsam:ldap://mierda
> ldap suffix = dc=jaszapatimgzrt,dc=hu
> ldap admin dn = cn=Manager,dc=jaszapatimgzrt,dc=hu
> ldap group suffix = ou=Groups
> ldap user suffix = ou=People
> ldap machine suffix = ou=Computers
> ldap idmap suffix = ou=People
> ldap password sync = yes
> 
> # printing section
> printing = cups
> printcap name = cups
> load printers = yes
> 
> [netlogon]
> path = /home/samba/netlogon
> guest ok = yes
> browseable = no
> #write list = root
> 
> [profiles]
> path = /home/samba/profiles
> writable = yes
> profile acls = yes
> browseable = no
> create mask = 0600
> directory mask = 0700
> guest ok = yes
> csc policy = disable
> force user = %U
> valid users = @"Domain Users" @"Domain Admins"
> 
> [homes]
> comment = Home directories
> path = /home/%U
> browseable = no
> valid users = %U
> read only = no
> create mask = 0664
> directory mask = 0775
> hide dot files = yes
>