Gary,
On Fri, 2010-09-17 at 14:21 -0400, Gary Dale wrote:
> I've been at this for hours now and am still not getting it to work.
> I've been through the lists trying to find an answer and so far as I
can
> tell, everything is configured OK. Obviously it's not, but I'm
stuck.
>
> I recently installed Squeeze on my home server, overwriting a Lenny
> installation. I've been able to add my NT (Windows XP/Pro) domain
> accounts back in and pdbedit shows the expected values - e.g.:
>
> root at whenim64:/home/samba/profiles# pdbedit -Lv garydale
> Unix username: garydale
> NT username:
> Account Flags: [U ]
> User SID: S-1-5-21-832165970-4128531365-4003982369-1002
> Primary Group SID: S-1-5-21-832165970-4128531365-4003982369-513
> Full Name: Gary Dale
> Home Directory: \\whenim64\home\garydale
> HomeDir Drive: m:
> Logon Script:
> Profile Path: \\whenim64\home\samba\profiles\garydale
> Domain: RAHIM-DALE
> Account desc:
> Workstations:
> Munged dial:
> Logon time: 0
> Logoff time: 9223372036854775807 seconds since the Epoch
> Kickoff time: 9223372036854775807 seconds since the Epoch
> Password last set: Wed, 15 Sep 2010 14:05:50 EDT
> Password can change: Wed, 15 Sep 2010 14:05:50 EDT
> Password must change: never
> Last bad password : 0
> Bad password count : 0
> Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
^What's this?^
>
> However, although I can log on, I can't get the roaming profiles
> working. I get the "windows cannot locate the server copy of your
> roaming profile" message. Since my Unix account names/numbers are the
> same and the profiles are in the previously working /home folder that
> didn't get touched, I can't see how it''s a permissions
problem.
> Noneheless, I removed an old profile which should have let WIndows
> create a new one. It didn't. I still got the same error.
>
> I did have to reinstate the groupmaps (don't know why the samba install
> doesn't do this) but they seem OK.
>
> root at whenim64:/home/samba/profiles# net groupmap list
> Domain Admins (S-1-5-21-832165970-4128531365-4003982369-512) -> ntadmins
> Domain Users (S-1-5-21-832165970-4128531365-4003982369-513) -> users
> Domain Guests (S-1-5-21-832165970-4128531365-4003982369-514) -> nogroup
> Domain Computers (S-1-5-21-832165970-4128531365-4003982369-515) ->
machines
>
> My smb.conf tests OK with testparm. SWAT reports all the daemons are
> running. I can map shares (with read/write) without needing extra
> authentication.
>
> My smb.conf (minus the shares & printers) is:
[...]
> logon path = \\%N\home\samba\profiles\%U
In 'man smb.conf'
Windows clients can sometimes maintain a connection to the [homes]
share, even though there is no user logged in. Therefore, it is vital
that the logon path does not include a reference to
the homes share (i.e. setting this parameter to \\%N\homes
\profile_path will cause problems).
[...]
If you want profiles stored in the home dir use the default setting ie \
\%N\%U\Profile
> [Profiles]
> profile acls = yes
> create mode = 0600
> directory mode = 0700
> path = /home/samba/profiles
Set this to \\%N\%U\Profile OR edit [global] to the reflect this. Either
way, it needs to be identical and fall within an allowable setting.
May I also add that in my opinion you've gone a little overboard with
the settings in [global] I've been using Samba as a DC for many years
and have never needed to change so many settings. I would suggest
starting with defaults and editing as needed...Just a thought.
Cheers,
Phil