Richard Basch
2010-Jan-24 16:40 UTC
[Samba] Roaming profile problems - XP profiles not being saved (Windows 7 profiles work)
Ever since I upgraded Samba from 3.0.x to 3.4.x, and reconfigured it to support Windows 7 clients, I am having issues with roaming profiles on my Windows XP clients. All the machines have been rejoined to the domain, domain authentication appears to be working fine, the home drive is mounted ok, and the profile information is even read, but never updated upon logout. A user with no profile will have an empty profile directory created. I used to have the profile under 'homes', which I changed after reading several articles about not configuring as such, but to no avail. I can't find any obvious errors in the Samba logs, using a variety of debugging levels, but I probably haven't configured logging correctly (so if Samba logs are requested, please let me know the logging I should enable). The key item is Windows 7 profiles DO WORK. It is annoying it requires a separate profile, but c'est le vie. Only my Windows XP clients are failing. I have suspected it may be a registry setting in Windows XP, but I can't seem to identify which parameter. I did change the setting using the Policy Editor of: Do not check for user ownership of Roaming Profile Folders = Enabled (on one computer), to no avail. In my smb.conf, you will see references to LDAP... all the users are configured with: SambaProfilePath = \\<samba-host-FQDN>\profiles\<username> (No variables are referenced.) /home/profiles is mode 1777, owned by root. Anyone can write there (and as I previously said, I have seen the profile directory being created, just not populated... and it is the same mountpoint that is also used for my Windows 7 (.V2) profiles, which work properly. Enclosed is my smb.conf... any suggestions would be welcome. This list is full of helpful people. My last issue to get Windows 7 domain joining was great... I had to set StrongKeys = Required in the client's registry (I never imagined Required would have been synonymous with if you don't do this, it won't bother to negotiate the stronger setting). smb.conf =======[global] ;include = /etc/samba/dhcp.conf workgroup = N2HA realm = INTERNAL.BRIGHT-PROSPECTS.COM security = user map to guest = Bad User usershare allow guests = Yes server string = %h (Samba %v) hosts allow = 192.168.0.0/16 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 smb ports = 445 139 ;os level = 65 local master = yes domain master = yes preferred master = yes domain logons = yes winbind use default domain = yes netbios aliases = SAMBA ;printing = cups ;printcap name = cups ;printcap cache time = 750 ;cups options = raw name resolve order = wins lmhosts bcast wins support = yes dns proxy = no ea support = yes enable asu support = yes time server = yes deadtime = 10 max log size = 4096 hide dot files = no hide special files = yes hide unreadable = yes template shell = /bin/false veto oplock files = /*.pst/*.nsf/*.doc/*.xls/*.mdb/ client lanman auth = no client ntlmv2 auth = yes client plaintext auth = no encrypt passwords = yes lanman auth = no ntlm auth = yes null passwords = yes server signing = auto server schannel = auto passdb backend = ldapsam:ldaps://ldap.internal.bright-prospects.com/ obey pam restrictions = no ldap ssl = no ldap admin dn = "uid=ntadmin,ou=User,dc=bright-prospects,dc=com" ldap suffix = dc=bright-prospects,dc=com ldap machine suffix = sambaDomainName=N2HA,ou=Network ldap user suffix = ou=User ldap group suffix = ou=Group ldap idmap suffix = ou=IdMap,ou=Network ldap passwd sync = yes ldap delete dn = no ;add user script = /home/admin/bin/smbldap-useradd -m %u ;delete user script = /home/admin/bin/smbldap-userdel %u ;add group script = /home/admin/bin/smbldap-groupadd -p %g ;delete group script = /home/admin/bin/smbldap-groupdel %g add machine script = /home/admin/bin/smbldap-useradd -w %u add user to group script = /home/admin/bin/smbldap-groupmod -m %u %g delete user from group script = /home/admin/bin/smbldap-groupmod -x %u %g set primary group script = /home/admin/bin/smbldap-usermod -g %g %u passwd program = /home/admin/bin/smbldap-passwd %u vfs objects = recycle recycle: directory_mode = 0770 recycle: keeptree = 1 recycle: touch = 1 recycle: minsize = 1 recycle: maxsize = 5000000 recycle: exclude = *.tmp *.temp ~$* *.obj *.~?? recycle: exclude_dir = /RealTimeBackup ;vscan-clamav: config-file = /etc/samba/vscan-clamav.conf ;log level = 3 auth:5 smb:10 [homes] comment = Home Directories ;valid users = %S, %D%w%S browseable = No read only = No inherit acls = Yes ; locking = no hide files = /.*/desktop.ini/thumbs.db/*.bitmap/NTUSER.*/ hide unreadable = no path = /home/%S [profiles] comment = Network Profiles Service ;path = %H read only = No store dos attributes = Yes create mask = 0600 directory mask = 0700 ; path = /home/profiles hide files guest ok = yes browseable = yes ;writeable = yes ;inherit acls = yes profile acls = yes csc policy = disable force user = %U [users] comment = All users path = /home read only = No inherit acls = Yes veto files = /aquota.user/groups/shares/ [groups] comment = All groups path = /home/groups read only = No inherit acls = Yes [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin root force group = ntadmin create mask = 0664 directory mask = 0775 [Profiles.V2] copy = profiles path = /home/profiles/%U.V2 [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes browseable = yes write list = root csc policy = disable