Hi people. Im in need of help as far as roaming profiles are concerned. Allow me as I know this issue has been discussed timelessly but let me just ask it because I have been unable to get it to work. My Samba + Ldap setup is fine and XP users can authenticate alright. Im using samba 3.0.28. However when logging in for the first time, they get the message; Windows cannot locate a server copy.... -Access is denied When logging off, Windows cannot update your roaming profile... -Access is denied I copied the profiles across from another server, so the first error does not come up except for new users and the old profiles are mapped onto the users machines just fine. I think I've done everything for roaming profiles to work including mkdir -p /var/lib/samba/profiles chown root:users /var/lib/samba/profiles chmod 2775 /var/lib/samba/profiles chown -R user /var/lib/samba/profiles/user/ The samba logs don't show any errors. Below is my smb.conf file [global] workgroup = EXAMPLE netbios name = EXAMPLE_SERVER server string = Samba Server Version %v passdb backend = ldapsam:ldap://example.org/ log file = /var/log/samba/%m.log max log size = 50 add user script = /usr/sbin/adduser -m "%u" add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s /bin/false -M %u logon script = %u.bat logon path = \\EXAMPLE_SERVER\profiles\%U logon home = \\EXAMPLE_SERVER\%U domain logons = Yes domain master = Yes ldap admin dn = "cn=config" ldap group suffix = ou=groups ldap machine suffix = ou=machines ldap passwd sync = Yes ldap suffix = dc=example,dc=org ldap user suffix = ou=people cups options = raw [homes] comment = Home Directories validusers = %S read only = No browseable = No writable = Yes create mask= 0700 directory mask = 0700 [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon share modes = No guest ok = Yes [profiles] path = /var/lib/samba/profiles read only = No writable = Yes profile acls = Yes comment = User profiles create mask = 0600 browsable = no directory mask = 0700 My searches on the web have not helped much. I am running on a Red Hat like system (CentOS 5). Someone please help. I will be eternally grateful.
Hi Remove the profile acls =yes and add: browseable = Yes csc policy = disable force user = %U valid users = %U @"Domain Admins" Louis>-----Oorspronkelijk bericht----- >Van: samba-bounces+belle=bazuin.nl@lists.samba.org >[mailto:samba-bounces+belle=bazuin.nl@lists.samba.org] Namens >Mugo Martin >Verzonden: dinsdag 19 augustus 2008 14:19 >Aan: samba@lists.samba.org >Onderwerp: [Samba] Roaming profiles > >Hi people. Im in need of help as far as roaming profiles are concerned. >Allow me as I know this issue has been discussed timelessly >but let me just >ask it because I have been unable to get it to work. > >My Samba + Ldap setup is fine and XP users can authenticate alright. Im >using samba 3.0.28. However when logging in for the first >time, they get the >message; > >Windows cannot locate a server copy.... -Access is denied > >When logging off, > >Windows cannot update your roaming profile... -Access is denied > >I copied the profiles across from another server, so the first >error does >not come up except for new users and the old profiles are >mapped onto the >users machines just fine. > >I think I've done everything for roaming profiles to work including > >mkdir -p /var/lib/samba/profiles >chown root:users /var/lib/samba/profiles >chmod 2775 /var/lib/samba/profiles > >chown -R user /var/lib/samba/profiles/user/ > >The samba logs don't show any errors. > >Below is my smb.conf file >[global] > workgroup = EXAMPLE > netbios name = EXAMPLE_SERVER > server string = Samba Server Version %v > passdb backend = ldapsam:ldap://example.org/ > log file = /var/log/samba/%m.log > max log size = 50 > add user script = /usr/sbin/adduser -m "%u" > add machine script = /usr/sbin/useradd -d >/var/lib/nobody -g 100 -s >/bin/false -M %u > logon script = %u.bat > logon path = \\EXAMPLE_SERVER\profiles\%U > logon home = \\EXAMPLE_SERVER\%U > domain logons = Yes > domain master = Yes > ldap admin dn = "cn=config" > ldap group suffix = ou=groups > ldap machine suffix = ou=machines > ldap passwd sync = Yes > ldap suffix = dc=example,dc=org > ldap user suffix = ou=people > cups options = raw >[homes] > comment = Home Directories > validusers = %S > read only = No > browseable = No > writable = Yes > create mask= 0700 > directory mask = 0700 >[netlogon] > comment = Network Logon Service > path = /var/lib/samba/netlogon > share modes = No > guest ok = Yes >[profiles] > path = /var/lib/samba/profiles > read only = No > writable = Yes > profile acls = Yes > comment = User profiles > create mask = 0600 > browsable = no > directory mask = 0700 > >My searches on the web have not helped much. I am running on a >Red Hat like >system (CentOS 5). > >Someone please help. I will be eternally grateful. >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba >
On Tuesday 19 August 2008 07:18:56 Mugo Martin wrote:> Hi people. Im in need of help as far as roaming profiles are concerned. > Allow me as I know this issue has been discussed timelessly but let me just > ask it because I have been unable to get it to work. > > My Samba + Ldap setup is fine and XP users can authenticate alright. Im > using samba 3.0.28. However when logging in for the first time, they get > the message; > > Windows cannot locate a server copy.... -Access is denied > > When logging off, > > Windows cannot update your roaming profile... -Access is denied > > I copied the profiles across from another server, so the first error does > not come up except for new users and the old profiles are mapped onto the > users machines just fine.Did you copy the domain SID from the old server to the new one? - John T.> I think I've done everything for roaming profiles to work including > > mkdir -p /var/lib/samba/profiles > chown root:users /var/lib/samba/profiles > chmod 2775 /var/lib/samba/profiles > > chown -R user /var/lib/samba/profiles/user/ > > The samba logs don't show any errors. > > Below is my smb.conf file > [global] > workgroup = EXAMPLE > netbios name = EXAMPLE_SERVER > server string = Samba Server Version %v > passdb backend = ldapsam:ldap://example.org/ > log file = /var/log/samba/%m.log > max log size = 50 > add user script = /usr/sbin/adduser -m "%u" > add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s > /bin/false -M %u > logon script = %u.bat > logon path = \\EXAMPLE_SERVER\profiles\%U > logon home = \\EXAMPLE_SERVER\%U > domain logons = Yes > domain master = Yes > ldap admin dn = "cn=config" > ldap group suffix = ou=groups > ldap machine suffix = ou=machines > ldap passwd sync = Yes > ldap suffix = dc=example,dc=org > ldap user suffix = ou=people > cups options = raw > [homes] > comment = Home Directories > validusers = %S > read only = No > browseable = No > writable = Yes > create mask= 0700 > directory mask = 0700 > [netlogon] > comment = Network Logon Service > path = /var/lib/samba/netlogon > share modes = No > guest ok = Yes > [profiles] > path = /var/lib/samba/profiles > read only = No > writable = Yes > profile acls = Yes > comment = User profiles > create mask = 0600 > browsable = no > directory mask = 0700 > > My searches on the web have not helped much. I am running on a Red Hat like > system (CentOS 5). > > Someone please help. I will be eternally grateful.-- John H Terpstra "Don't do as I do; Show me better!" - Anonymous.
Maybe you could provide a level 10 log of when the first error happens (for a new user). Are all your users member of the group "users" ? Are all the underlying directories (/var /var/lib /var/lib/samba ...) set with at least the o+x permission on the file system ? Fran?ois> Hi people. Im in need of help as far as roaming profiles are concerned. > Allow me as I know this issue has been discussed timelessly but let me > just > ask it because I have been unable to get it to work. > > My Samba + Ldap setup is fine and XP users can authenticate alright. Im > using samba 3.0.28. However when logging in for the first time, they get > the > message; > > Windows cannot locate a server copy.... -Access is denied > > When logging off, > > Windows cannot update your roaming profile... -Access is denied > > I copied the profiles across from another server, so the first error does > not come up except for new users and the old profiles are mapped onto the > users machines just fine. > > I think I've done everything for roaming profiles to work including > > mkdir -p /var/lib/samba/profiles > chown root:users /var/lib/samba/profiles > chmod 2775 /var/lib/samba/profiles > > chown -R user /var/lib/samba/profiles/user/ > > The samba logs don't show any errors. > > Below is my smb.conf file > [global] > workgroup = EXAMPLE > netbios name = EXAMPLE_SERVER > server string = Samba Server Version %v > passdb backend = ldapsam:ldap://example.org/ > log file = /var/log/samba/%m.log > max log size = 50 > add user script = /usr/sbin/adduser -m "%u" > add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 > -s > /bin/false -M %u > logon script = %u.bat > logon path = \\EXAMPLE_SERVER\profiles\%U > logon home = \\EXAMPLE_SERVER\%U > domain logons = Yes > domain master = Yes > ldap admin dn = "cn=config" > ldap group suffix = ou=groups > ldap machine suffix = ou=machines > ldap passwd sync = Yes > ldap suffix = dc=example,dc=org > ldap user suffix = ou=people > cups options = raw > [homes] > comment = Home Directories > validusers = %S > read only = No > browseable = No > writable = Yes > create mask= 0700 > directory mask = 0700 > [netlogon] > comment = Network Logon Service > path = /var/lib/samba/netlogon > share modes = No > guest ok = Yes > [profiles] > path = /var/lib/samba/profiles > read only = No > writable = Yes > profile acls = Yes > comment = User profiles > create mask = 0600 > browsable = no > directory mask = 0700 > > My searches on the web have not helped much. I am running on a Red Hat > like > system (CentOS 5). > > Someone please help. I will be eternally grateful. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >--
First, read the man smb.conf there you will see DEFAULT profile acls = no second if you setup your rights correctly, like for example how i have it. /home/samba/profiles ( 777) and remember to set /home/samba at least 755 ( the last 5 is needed !! ) autocreated bij user at logoff /home/samba/profiles/USERNAME (700) if a profile exist in test enviroment, logon, set everything in windows. delete the profile from the server and logoff the profile is new created again with correct rights. when used force user = %U its always the user. but dont forget !! create mask = 0600 directory mask = 0700 when profiles are setup this way its just how xp sp1 and higher checks its rights. with this setup you dont have to change any thing in xp policies for the profiles. this is how i have my profles in smb.conf [profiles] path = /home/samba/profiles comment = Profile enviroment. read only = no create mask = 0600 directory mask = 0700 browseable = Yes guest ok = Yes csc policy = disable force user = %U valid users = %U @"Domain Admins" Sorry if i didnt reply your message, i didnt see that. Louis>-----Oorspronkelijk bericht----- >Van: Charles Marcus [mailto:CMarcus@media-brokers.com] >Verzonden: vrijdag 22 augustus 2008 16:53 >Aan: L.P.H. van Belle >CC: samba@lists.samba.org >Onderwerp: Re: [Samba] Roaming profiles > >On 8/22/2008, L.P.H. van Belle (belle@bazuin.nl) wrote: >> yes, turn off Pofile acls, > >This is the second time you have said this, but never answered my >request for WHY would you suggest this, when the samba devs say it is >REQUIRED? > >Please, either provide an answer/rationale for why you are telling >someone to try something non-standard, or stop pulling things >out of the >air. > >-- > >Best regards, > >Charles >