samba - Jul 2007 - Profile in use

I am migrating our office from a Windows 2003 Active Directory domain 
to a Samba domain with an LDAP backend.

All users in the domain had local profiles only, so I went to each of 
their machines and migrated the profiles to the new domain.  Everything 
seemed to work fine with the new domain except that occasionally (not 
all the time) when a user has logged out of their machine and goes to 
log back in, they get an error that their profile is in use and that 
they will be logged in with a temporary profile.  The only way to stop 
this error is to reboot the machine, at which point they can log in 
successfully and their profile is working again.

I never had this problem under Active Directory but I don't see how 
Samba could be causing the problem since we're still using local 
profiles.  Does anyone have any thoughts about what could be causing 
this?

> I never had this problem under Active Directory but I don't see how
> Samba could be causing the problem since we're still using local
> profiles.  Does anyone have any thoughts about what could be causing
> this?
>
I am not sure. What version of samba are you using? Do you have
profile acls = yes in your smb.conf? Could you post that if it is not
too large?

John

On 2007-07-11 08:32:56 -0700, "John Drescher"
<drescherjm@gmail.com> said:
> I am not sure. What version of samba are you using? Do you have
> profile acls = yes in your smb.conf? Could you post that if it is not
> too large?
I do not have "profile acls = yes" set.  According to the smb.conf man
page, that setting is for when the profiles are stored on a samba 
share.  My profiles are local to the workstations.

Here is my smb.conf file:

[global]
   workgroup = foo
   netbios name = foodc1
   server string = %h server (Samba, Ubuntu)
   wins support = yes
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   security = user
   encrypt passwords = yes
   passdb backend = ldapsam:ldap://localhost/
   obey pam restrictions = yes
   ldap admin dn = uid=Administrator,ou=People,dc=foo,dc=com
   ldap suffix = dc=foo, dc=com
   ldap group suffix = ou=Group
   ldap user suffix = ou=People
   ldap machine suffix = ou=Computers
   ldap idmap suffix = ou=People
   ldap passwd sync = Yes
   passwd program = /usr/sbin/smbldap-passwd %u
   passwd chat = *New*password* %n\n *Retype*new*password* %n\n
   unix password sync = no
   domain logons = yes
   logon path    logon drive    logon home    logon script = logon.cmd
   add user script = /usr/sbin/smbldap-useradd -m "%u"
   ldap delete dn = Yes
   delete user script = /usr/sbin/smbldap-userdel "%u"
   add machine script = /usr/sbin/smbldap-useradd -w "%u"
   add group script = /usr/sbin/smbldap-groupadd -p "%g"
   delete group script = /usr/sbin/smbldap-groupdel "%g"
   add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
   delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
   set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
   enable privileges = yes
   load printers = yes
   printing = cups
   printcap name = cups
   printer admin = @lpadmin
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   domain master = yes
[homes]
   comment = Home Directories
   browseable = no
   valid users = %S
   writable = yes
   create mask = 0600
   directory mask = 0700
[netlogon]
   comment = Network Logon Service
   path = /home/samba/netlogon
   guest ok = yes
   writable = no
   share modes = no
[printers]
   comment = All Printers
   browseable = no
   path = /tmp
   printable = yes
   public = no
   writable = no
   create mode = 0700
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no
   write list = administrator, @ntadmin