The problem is when renaming prf*tmp files for programs that seem like they may be using those files when the user is logging out; this is mostly the ICA client, although I have seen IE cookies cause the error as well.
I have tried disabling oplocks, and setting CSC policy to disable on the share, and this reduced the frequency of the error to the point that I thought I'd solved it, but after a couple of weeks I found two more occurrences. When the error occurs I get the following in the USERENV.LOG file on the client machine:
USERENV(208.154) 16:33:37:609 ReconcileFile: Failed to rename file <E:\scowman\Application Data\ICAClient\Cache\prf5049.tmp> to <E:\scowman\Application Data\ICAClient\Cache\2E78E792.DMA> with error = 32
USERENV(208.154) 16:33:37:609 ReportError: Impersonating user.
USERENV(208.20c) 16:34:08:687 UnloadUserProfileP: CopyProfileDirectory returned FALSE for primary profile. Error = 32
USERENV(208.20c) 16:34:08:687 ReportError: Impersonating user.
On the server side, I see only (log level = 2):
scowman opened file scowman/Application Data/ICAClient/Cache/prf5049.tmp read=
Yes write=No (numopen=5)
[2004/06/09 16:31:14, 2] smbd/close.c:close_normal_file(228) scowman closed file scowman/Application Data/ICAClient/Cache/prf503B.tmp (numopen=4)
[2004/06/09 16:31:14, 2] smbd/close.c:close_normal_file(228) scowman closed file scowman/Application Data/ICAClient/Cache/prf5049.tmp (numopen=3)
The relevant portions of my samba config are:
[global] # netbios name of this server netbios name = pdc # domain name of this server workgroup = khlsc # use the TDBSAM (Trivial Database SAM) backend to store account info. passdb backend = tdbsam # require client to encrypt passwords encrypt passwords = yes
# Rotate logs when they reach 200MB max log size = 200000
# This should allow us to bypass requiring signorseal, but turning it # on breaks XP clients, for some reason. ;server schannel = yes
# Listen for SMB traffic only on port 139. This may help avoid # lost connection issues under Windows XP. smb ports = 139
# Run a WINS server wins support = yes
# Always act as the local master browser # and domain master browser. Do not allow # any other system to take over these roles! domain master = yes local master = yes preferred master = yes os level = 255
# Perform domain authentication. domain logons = yes
# The profiles share is for storing # Windows NT/2000/XP roaming profiles. # Use your own path, and make sure # the directory exists.
[profiles]
# -- The following options are in effect to resolve the roaming
# profile "access denied" issue.
# Disable opportunistic locking on this share.
oplocks = false
level2 oplocks = false
# Disable client-side caching of profile information.
csc policy = disable
# This should have not effect if oplocks are disabled.
veto oplock files = /prf*.tmp/;
path = /files/profiles
writeable = yes
create mask = 0600
directory mask = 0700
browseable = no
# workaround for Windows 2000 SP4/XP SP1 security issue.
profile acls = yes
Thanks for any assistance! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
