-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jörn Nettingsmeier wrote:
| win2k clients, samba 3.0.20 pdc. | a new user, who has never logged on, does so for the | first time. the domain uses roaming profiles, and the | netlogon share provides a custom Default User dir | as well as an NTConfig.POL. | | problem: | | the default profile and policy are not downloaded | successfully from the server. instead the user gets | a local profile, missing all our folder redirections. | the userenv.log on the client reports this error: | USERENV(bc.a4) 12:46:47:804 MyRegLoadKey: Failed | to load subkey | <S-1-5-21-1503970882-379070074-3014308087-3158>, error =87 | USERENV(bc.a4) 12:46:47:804 MyRegLoadKey: Mutex released. | Returning 87. USERENV(bc.a4) 12:46:47:804 IssueDefaultProfile: | MyRegLoadKey failed with error 87 | | "net helpmsg 87" says "Falscher Parameter." (on my | german windows) which translates to "illegal parameter" | in english. | | the problem was clearly introduced in 3.0.20. i just | reverted to 3.0.16a, and it disappeared. Assuming you mean 3.0.14a here. | an interesting datapoint is that the failure is specific to win2k | clients. i tried using an xp client, and it does pull a default profile | correctly even from 3.0.20. it seems some backwards-compatibility cruft | was omitted... | | this is a somewhat urgent issue to me, and i would appreciate a quick | ACK from some knowledgeable people or (if it's my fault) a hint as to | what mistakes i'm making. i have not yet entered this into the bug | tracker, as i would like some sort of comment first. maybe you can | suggest further relevant data that i should include? Excellent bug report. This sounds very similar to the mandatory profiles but I spent a day tracking down prior to the 3.0.20 release. I'm trying to remember the exact nature of it. Do you by chance 'store dos attributes = yes' set in smb.conf either globally for for the [netlogon] share? When you view the properties of the NTUSER.DAT file in the default user profile on the server, is the readonly attribute set? | for those who are interested, here are two userenv.log excerpts that | illustrate the problem: | http://pol-serv1.uni-duisburg.de/~nettings/userenv.log-3.0.16a-success.txt | http://pol-serv1.uni-duisburg.de/~nettings/userenv.log-3.0.20-failure.txt | | | one "specialty" of our setup is the fact that the profiles | folder is *not* 777 (btw, i can't understand how this is | recommended practice - to me it's just abysmal security). | instead, a %USERNAME% sub-dir with appropriate permissions | is added when a new account is created. this explains why | the client initially thinks it has found a profile (it checks | for the existence of a %USERNAME% sub-directory), but it | is empty. but this should not make a difference, since when | it tries to stat NTUSER.DAT, the client realizes it has to | create a new profile from the default. This should nto be a problem. It's similar to how I run my setup as well. cheers, jerry ===================================================================== Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "There's an anonymous coward in all of us." --anonymous -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDTq+LIR7qMdg1EfYRAsvqAJwN4PzWDLN7gw9vunTzW9N3r/sjQgCgrnld iw9YqkgqZ74WagFNZ4cAens= =T9D9 -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
