New samba deployment; samba 3.0.24 w/ldapsam, em64t (Dell 2900), CentOS
4.4, using nss_ldap with LDAP master and two slaves (OpenLDAP 2.3.32), one
Samba PDC (on LDAP master) and two Samba BDC's (on each of the LDAP
slaves); no Windows servers; one Linux domain member server (first of
several). All four Samba servers use the same LDAP parameters. testparm
checks out. All accounts are in LDAP; no other source except for the stock
/etc/passwd entries. LDAP is fully functional; nss_ldap is properly
configured (I believe). Everything seems to work properly in the Unix
space, and in the Windows space with the exception of roaming profiles; I
can join Windows machines to the domain, log in, map shares, etc, with no
issues. In the DIT I have, for each user, the following:
sambaHomePath: \\<server.domain.org>\<username>
sambaProfilePath: \\<server.domain.org>\profiles\<username>
where "server.domain.org" is the fully-qualified hostname of the DMS box
(which resolves to two IP's from DNS, forwards and backwards, as do the
PDC and BDC's). When logging in to a Windows XP box, I get the complaint
that the roaming profile cannot be downloaded because it is not owned by
the user that is logging in (it is, and all permissions are correct), and
in the samba log file there is a successful connection to the profiles
share followed by:
Could not peek rid out of sid <correct-SID-value> (twice)
User <username> with invalid SID <same-SID-value> in passdb (3 times)
followed by a successful connection to the home directory share, which is
fully useable from the Windows client at this point.
If I replace the "server.domain.org" in LDAP's sambaProfilePath with the
FQDN of the PDC (not changing sambaHomePath), the roaming profile can be
successfully downloaded (which is how it was initially created).
Rather than including all my configuration files, I'd just appreciate it
if someone can give me a clue as to where to look next. It's evidently a
problem with the DMS setup, although the DMS works well for everything
else Samba-related (only roaming profiles do not work).
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
