[Samba] Problem with Roaming Profiles
Hello all, I'm using Samba 3.0.28-0.4.3 as PDC on a SUSE Linux Enterprise Server 10 SP1 (x86_64), integrated with a ldap base. I have setup roaming profiles and things were working fine till yesterday when an user lost his profile during logon. Here is a part of audit log: Aug 25 08:33:28 localhost smbd_audit: 30829|gustavo|192.168.5.38|gustavom|IPC_|connect|ok|IPC$ Aug 25 08:33:31 localhost smbd_audit: 30829|nobody|192.168.5.38|gustavom|IPC_|connect|ok|IPC$ Aug 25 08:33:31 localhost smbd_audit: 30829|nobody|192.168.5.38|gustavom|IPC_|disconnect|ok|IPC$ Aug 25 08:33:31 localhost smbd_audit: 30829|nobody|192.168.5.38|gustavom|IPC_|connect|ok|IPC$ Aug 25 08:33:31 localhost smbd_audit: 30829|gustavo|192.168.5.38|gustavom|profiles|connect|ok|profiles Aug 25 08:33:32 localhost smbd_audit: 30829|nobody|192.168.5.38|gustavom|IPC_|disconnect|ok|IPC$ Aug 25 08:33:32 localhost smbd_audit: 30829|nobody|192.168.5.38|gustavom|IPC_|connect|ok|IPC$ Aug 25 08:33:32 localhost smbd_audit: 30829|gustavo|192.168.5.38|gustavom|profiles|connect|ok|profiles Aug 25 08:33:32 localhost smbd_audit: 30829|gustavo|192.168.5.38|gustavom|profiles|unlink|ok|gustavo/Contacts/Desktop.ini Aug 25 08:33:32 localhost smbd_audit: 30829|gustavo|192.168.5.38|gustavom|profiles|unlink|ok|gustavo/Contacts/[EMAIL PROTECTED]/A18AA9C 9-F9E1-4C5D-B5C1-A7D230201647.WindowsLiveContact Aug 25 08:33:32 localhost smbd_audit: 30829|gustavo|192.168.5.38|gustavom|profiles|unlink|ok|gustavo/Contacts/[EMAIL PROTECTED]/70CE567 3-4D66-435A-81FA-52B24520B7B7.WindowsLiveContact Aug 25 08:33:32 localhost smbd_audit: 30829|gustavo|192.168.5.38|gustavom|profiles|unlink|ok|gustavo/Contacts/[EMAIL PROTECTED]/BD86C4B F-6D9B-475E-8C12-D1EAF5B0ACDF.WindowsLiveContact . . . . And then the whole profile was unlinked, and a new one was created on the server O.o My profile share in smb.conf: [profiles] path = /home/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = no csc policy = disable nt acl support = yes store dos attributes = Yes hide files = desktop.ini/outlook*.lnk/*Briefcase*/.* force user = %U valid users = %U @Domain Admins write list = %U @Domain Admins The setting Delete cached copies of roaming profiles of the gpedit.msc on Windows XP is enabled. Any comments and suggestions are appreciated. Thank you Márcio de Oliveira -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem with roaming profiles
Version 3.0.26a 2.6.22-gentoo-r9 configuration: http://pastebin.com/m3b84d11e The problem is the following: I login with a network account in a windows xp box for the first time. Everything is ok, profile loads completely. If i try to login with this account in another pc, then the account is being logged ok, but the profile is not loaded completely. You cant even run firefox that is in desktop. The network drive is mounted and you can access the files. I cant figure out what i am doing wrong here ... Could you please help me on this ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem with roaming profiles
Hi, i'm using samba version 3.0.9-2.6-SUSE on suse 9.1 platform with about 40 clients both win XP SP2 and win 2000 SP4 and over 200 users. My problem is with win xp roaming profiles. It caches profiles onto local drive and every time user logs off it starts to synchronize users profile. If there are more than one profiles cached it tries to synchronize all of them and asks username and password for each cached profile. I have set the registry key to delete roaming profiles and it does so, but when user does not log off correctly for some reason (power cut or reset button is too attempting ) it still caches his profile. i have many dumbusers around and in a month there are over 15 profiles in each computer wanting to synchronize. Is there a way to disable this synchronize? PS! profiles can be deleted.. users need their accounts just for internet, msn and printing. Siim Kobin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problem with roaming profiles
Hi, this may be of interest to you: http://www.microsoft.com/downloads/details.aspx?FamilyID=1b286e6d-8912-4e18-b570-42470e2f3582displaylang=en a service called User Profile Hive Cleanup Service -- Warum können Pinguine nicht fliegen? Was nicht fliegt, kann nicht abstürzen. Never be afraid of doing tasks you are not familiar with. Noah's Ark was built by an amateur. Professionals have built the Titanic -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with Roaming Profiles
Hi, This is driving me nuts!! Ok, this is a home network, so not many machines! I HAD 1 windows XP machine with local profiles for everyone - worked fine. I have now installed a linux box with SAMBA on it and I have 3 desktop PCs. I have set up roaming profiles (I think) correctly according to the How-To book. I initially had some trouble getting the local profiels moved to the server, but I don't think that's the issue now. Anyway, what happens is this:-- Log in to Machine A. Everything works fine, the various profile files seem to go to the server, things like the re-direction of My Documents works etc. etc. Log in to Machine B and only SOME of the profile seems to work. The desktop wallpaper doesn't appear, the desktop icons are most unknown icon, but other bits DO work (for example desktop items are ther ane My Documents is still redirected. Go back to Machine A and everything is still fine. Back on Machine B, set up everything as I want it. Now Machine B works, but Machine A doesn't!!! It can't be a rights thing because the files get created ok from either machine. I tried copying the local profile up to make it a roaming one and changed the security to allow the domain user to use it and it STILL does this!!! Can anyone help?? WinXP SP2 SAMBA3 LFS 6.0 Cheers, Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with Roaming Profiles
Have you tried clearing out the profiles from both machines, use the profiles tool on the Linux box to check that the domain SID (net getlocalsid) is the same as what is listed in the ntuser.dat files inside each persons profile. Another way to test this is to give the particular user that is having the problems local administrator rights to the desktop machine. Then when they login if everything works fine (desktop background etc) it could very well be an SID problem. Hi, This is driving me nuts!! Ok, this is a home network, so not many machines! I HAD 1 windows XP machine with local profiles for everyone - worked fine. I have now installed a linux box with SAMBA on it and I have 3 desktop PCs. I have set up roaming profiles (I think) correctly according to the How-To book. I initially had some trouble getting the local profiels moved to the server, but I don't think that's the issue now. Anyway, what happens is this:-- Log in to Machine A. Everything works fine, the various profile files seem to go to the server, things like the re-direction of My Documents works etc. etc. Log in to Machine B and only SOME of the profile seems to work. The desktop wallpaper doesn't appear, the desktop icons are most unknown icon, but other bits DO work (for example desktop items are ther ane My Documents is still redirected. Go back to Machine A and everything is still fine. Back on Machine B, set up everything as I want it. Now Machine B works, but Machine A doesn't!!! It can't be a rights thing because the files get created ok from either machine. I tried copying the local profile up to make it a roaming one and changed the security to allow the domain user to use it and it STILL does this!!! Can anyone help?? WinXP SP2 SAMBA3 LFS 6.0 Cheers, Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem using roaming profiles with wireless clients
Hello, I have a Linux server acting as a Windows PDC and we're using roaming profiles. Wired clients connect fine and upload/download their profiles. Wireless clients do not. I also have RADIUS running on the Linux server and the Wireless AP is configured to authenticate against the RADIUS server as well, using the windows login information. I enabled verbose debugging on the RADIUS server, so I could see exactly what is happening. When the wireless clients try to login to the domain and download their roaming profiles, the client will hang at the login sceen for a few minutes, then report that it could not connect to the server hosting the roaming profile. Only after I click ok does the client send the username and password to the RADIUS server for authentication. The problem seems to be timing, so I was hoping someone may know if and how I can configure the XP clients to bring up it's wireless interface before attempting to download it's roaming profile. I know this isn't a samba issue, but was hoping someone might know a Windows fix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with roaming profiles on upgrade from 2.2 to 3.0
I have quite a few samba installations, and I've had problems with roaming profiles when upgrading from Samba 2.2 to 3.0. My servers run Debian stable, which uses Samba 2.2.3, with security patches. At some point Debian will release a new stable version with a recent Samba 3.0 release. Right now I'm testing a few servers with a samba 3.0.10 backport to make sure the transition will go smoothly. Unfortunately, I have this problem with roaming profiles and I've already spent several days researching (google) and trying to fix it to no avail. When I update to 3.0, users are getting the message Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to your profile will not be copied to the server when you log off. possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - The filename, directory name or volume label syntax is incorrect. After a bit of research, I ended up running the pdbedit command: #pdbedit -v -u=alex Unix username:alex NT username: Account Flags:[U ] User SID: S-1-5-21-1446488701-1319150898-4256949202-3838 Primary Group SID:S-1-5-21-1446488701-1319150898-4256949202-1201 Full Name:Alex King,,, Home Directory: \\server\alex\profile HomeDir Drive:Z: Logon Script: UNKNOWN\alex.bat Profile Path: \\server\NTPROFILE\alex Domain: WORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Sat, 14 Dec 1901 09:45:51 GMT Kickoff time: Sat, 14 Dec 1901 09:45:51 GMT Password last set:Mon, 01 Nov 2004 23:53:42 GMT Password can change: Mon, 01 Nov 2004 23:53:42 GMT Password must change: Sat, 14 Dec 1901 09:45:51 GMT Last bad password : 0 Bad password count : 0 Logon hours : FF And OK, while composing this email, I finally solved my problem, which is the double quotes around the Profile Path value above. After resetting the Profile Path with pdbedit -u alex -p server\\alex\\profile, which results in the following pdbedit -v -u alex listing: Unix username:alex NT username: Account Flags:[U ] User SID: S-1-5-21-1446488701-1319150898-4256949202-3838 Primary Group SID:S-1-5-21-1446488701-1319150898-4256949202-1201 Full Name:Alex King,,, Home Directory: \\server\alex HomeDir Drive:Z: Logon Script: \\SERVER\netlogon\WinNT\alex.bat Profile Path: \\server\alex\profile Domain: WORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Sat, 14 Dec 1901 09:45:51 GMT Kickoff time: Sat, 14 Dec 1901 09:45:51 GMT Password last set:Mon, 01 Nov 2004 23:53:42 GMT Password can change: Mon, 01 Nov 2004 23:53:42 GMT Password must change: Sat, 14 Dec 1901 09:45:51 GMT Last bad password : 0 Bad password count : 0 Logon hours : FF profiles now work as expected. Actually, my config file included the double quotes, and this worked with samba 2.2 but not with samba 3.0. Now that I look in the man page, there is a warning on the logon path parameter, although it didn't sink in for me in the past. So to recap for the benefit of others, although I first used pdbedit to take away the quotes for a single user, the real fix was to remove the quotes around the logon home and logon path parameters in smb.conf. Perhaps testparm could be modified to give a warning in this situation? Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with roaming profiles and Samba 3.0
profile acls = yes might help You. I had the same problem and this fixed it. MS introduced permission checks on the user profile with W2K SP3. Greetings, Osama Due to a change in W2K SP4 and XP SP1 (see Microsoft Knowledge Base Article 327462 at http://support.microsoft.com/default.aspx?scid=KB;EN-US;q327462) Windows checks the owner of a roaming profile folder when logging in. For some reason this check fails with Samba 3.0 (at least with our setup). It works with Samba 2.2. Any suggestions? Please CC me. I'm not on the list. Thanks, Nick Wellnhofer -- aevum gmbh leopoldstr. 87 80802 münchen germany fon: +4989 38380653 fax: +4989 38799384 [EMAIL PROTECTED] http://aevum.de/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba --- Osama Dengler http://www.jazz-on-the-rocks.de/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with roaming profiles and Samba 3.0
Due to a change in W2K SP4 and XP SP1 (see Microsoft Knowledge Base Article 327462 at http://support.microsoft.com/default.aspx?scid=KB;EN-US;q327462) Windows checks the owner of a roaming profile folder when logging in. For some reason this check fails with Samba 3.0 (at least with our setup). It works with Samba 2.2. Any suggestions? Please CC me. I'm not on the list. Thanks, Nick Wellnhofer -- aevum gmbh leopoldstr. 87 80802 münchen germany fon: +4989 38380653 fax: +4989 38799384 [EMAIL PROTECTED] http://aevum.de/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with roaming profiles
Am Son, 2003-09-07 um 15.23 schrieb Tilo Lutz: Hi After changing from samba 2.2.7 to 3.0.rc2 I can't get roaming profiles work. Clients Are W2K and XP. I've also switched from smbpasswd backend to ldap. Logon path is only set in smb.conf, not in ldap. Storing of profiles is working but it takes very long. I've tried logon path = \\wilma2\profile\Win2K and \\wilma2\profile. But the clients are always storing profile in \\wilma2\profile\Win2K. Is it possible windows is caching home path anywere? If I set attribute sambaProfilePath in ldap profiles are working Why isn't the global parameter logon path = \\WILMA2\profile\Win2K in smb.conf used? Setting sambaProfilePath = \\WILMA2\profile has worked, but why? The correct setting would be \\wilma2\profile\Win2K Any idea? Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with roaming profiles
Hi After changing from samba 2.2.7 to 3.0.rc2 I can't get roaming profiles work. Clients Are W2K and XP. I've also switched from smbpasswd backend to ldap. Logon path is only set in smb.conf, not in ldap. Storing of profiles is working but it takes very long. I've tried logon path = \\wilma2\profile\Win2K and \\wilma2\profile. But the clients are always storing profile in \\wilma2\profile\Win2K. Is it possible windows is caching home path anywere? Loading of profiles dowsn't work I get the old security permission error, but I've set use profile acls in profile share. I've also set to option on client side not to check security settings on above folders. I'Ve attached relevant parts of smb.conf, log.smbd and ldif of user. I hope anybody can help me. relevant part of log.smbd [2003/09/06 11:18:36, 2] passdb/pdb_ldap.c:init_sam_from_ldap(460) Entry found for user: tilo [2003/09/06 11:18:36, 2] [2003/09/06 11:18:36, 2] auth/auth.c:check_ntlm_password(302) check_ntlm_password: authentication for user [tilo] - [tilo] - [tilo] succeeded b111-pc16 (192.168.83.16) connect to service profile initially as user tilo (uid=1546, gid=106) (pid 17106) [2003/09/06 11:18:36, 2] smbd/open.c:open_file(250) tilo opened file Win2K/NTUSER.DAT read=Yes write=No (numopen=1) [2003/09/06 11:18:36, 2] lib/smbldap.c:smbldap_search_suffix(1068) smbldap_search_suffix: searching for:[((sambaSID=S-1-5-21-3371203057-3264423045-2392767973-3092)(objectclass=sambaSamAccou nt))] [2003/09/06 11:18:36, 2] smbd/open.c:open_file(250) tilo opened file Win2K/NTUSER.INI read=Yes write=No (numopen=2) [2003/09/06 11:18:46, 2] smbd/close.c:close_normal_file(228) tilo closed file Win2K/NTUSER.INI (numopen=1) [2003/09/06 11:19:52, 0] lib/util_sock.c:read_socket_data(342) read_socket_data: recv failure for 4. Error = Die Verbindung wurde vom Kommunikationspartner zurückgesetzt [2003/09/06 11:19:52, 2] smbd/server.c:exit_server(558) Closing connections [2003/09/06 11:19:52, 1] smbd/service.c:close_cnum(874) b111-pc16 (192.168.83.16) closed connection to service profile [2003/09/06 11:19:52, 2] smbd/close.c:close_normal_file(228) tilo closed file Win2K/NTUSER.DAT (numopen=0) [2003/09/06 11:19:52, 2] smbd/utmp.c:sys_utmp_update(419) utmp_update: uname:/var/run/utmp wname:/var/log/wtmp [2003/09/06 11:20:21, 2] lib/smbldap.c:smbldap_search_domain_info(1297) Searching for:[((objectClass=sambaDomain)(sambaDomainName=WMS-NET))] [2003/09/06 11:20:21, 2] lib/smbldap.c:smbldap_search_suffix(1068) smbldap_search_suffix: searching for:[((objectClass=sambaDomain)(sambaDomainName=WMS-NET))] [2003/09/06 11:20:21, 2] lib/smbldap.c:smbldap_open_connection(625) smbldap_open_connection: connection opened [2003/09/06 11:20:21, 2] smbd/reply.c:reply_special(93) netbios connect: name1=WILMA2 name2=B111-PC16 [2003/09/06 11:20:21, 2] smbd/reply.c:reply_special(100) netbios connect: local=wilma2 remote=b111-pc16, name type = 0 [2003/09/06 11:20:21, 2] smbd/sesssetup.c:setup_new_vc_session(535) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/09/06 11:20:21, 2] smbd/sesssetup.c:setup_new_vc_session(535) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/09/06 11:20:21, 2] lib/smbldap.c:smbldap_search_suffix(1068) smbldap_search_suffix: searching for:[((sambaSID=S-1-5-21-3371203057-3264423045-2392767973-501)(objectclass=sambaSamAccoun t))] relevant part of smb.conf: [global] # Globale Einstellungen netbios name = Wilma2 workgroup = WMS-NET os level = 255 local master = yes bind interfaces only = true interfaces = 192.168.0.7/16 127.0.0.1 security = user encrypt passwords = yes domain logons = yes preferred master = yes domain master = yes logon script = %I.bat logon drive = h: #logon path = \\WILMA2\profile\Win2K logon path = \\192.168.0.7\profile wins support = yes time server = yes dead time = 15 kernel oplocks = yes mangle case = yes case sensitive = no default case = lower preserve case = yes short preserve case = yes name resolve order = wins bcast host lmhosts #veto files = /.*/ printing = cups load printers = yes username map = /etc/samba/smbusers nt acl support = yes log level = 2 max log size = 10 use sendfile = yes large readwrite = yes socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192 SO_RCVBUF=8192 utmp = yes passdb backend = ldapsam:ldap://localhost guest algorithmic rid base = 1000 printing = cups printcap name = cups load printers = yes unix charset = UTF8 unicode = yes display charset = UTF8 dos charset = ASCII unix extensions = yes ldap admin dn = uid=wilma2,dc=wms-hn,dc=de ldap suffix = dc=wms-hn,dc=de ldap machine suffix = ou=machines ldap group suffix
[Samba] Problem loading roaming profiles on a memer server
Hello, I have two samba server. The PDC and a member server that exports some user accounts and shares. The PDC exports ohter accounts. When I logon on a Windows client with an account exported by the PDC, everything is ok. When i tried to logon with an account exported by the member server, Windows can not load the roaming profile. The path of the profile is specified in the LDAP (I am using Samba 3.0b13). Once I have loged in, I have access to the account exported by the member server. Does someone have an idea of the problem ? Should the profiles only be exported by the PDC ? Thanks for your help Lionel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem disabling roaming profiles...
Hello everyone. Well, I have a very interesting thing happening with my Samba PDC when I try and disable roaming profiles. As it is now, im running Samba as a PDC with LDAP on the backend. This is what i've done to disable roaming profiles: In smb.conf, i've set the following two entries to blank: logon home = logon path = Now, i've used the idealx scripts to add users, groups as well as modify and delete users and groups. Everything was working well except i've run into a snag when i've tried to disable roaming profiles. One thing I noticed is that I would have to edit the smbldap_conf.pm and comment out a few lines. These are the lines: $_userHomePrefix = q(/home/); $_userSmbHome = q(PDC-SRV\\homes); $_userProfile = q(PDC-SRV\\home\\samba\\profiles\\); I just commented them out, and restarted LDAP and it seemed to work. Now, this is where it gets a little weird. When I reboot the workstation and then try and login again, it gives an error saying that it was unable to create the profile testuser.pds. Then it logs me in with a temporary profile. I've checked everything I can think of, but still cant seem to figure it out. Anyone have any suggestions? I've running RH 7.3, with samba 2.2.8a as well as OpenLDAP 2.0.27. I appreciate everyones input. Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with roaming profiles..
I'm using samba 2.2.7 used as pdc. After long time I finally managed it two work mostly but I still have two problems pending: 1) if i put on a desktop of a user profile (I'm using roaming profiles) a link to a net resource I'm unable to open again this profile (the system tell me it's unable to use the remote profile etc.) 2) the Administrator user (that's mapped on root I hope) act as if it's been mappend on guest... bye by(t)e[S]...TuX! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with roaming profiles..
On Wed, 2003-01-22 at 08:13, Michele Santucci wrote: I'm using samba 2.2.7 used as pdc. After long time I finally managed it two work mostly but I still have two problems pending: 1) if i put on a desktop of a user profile (I'm using roaming profiles) a link to a net resource I'm unable to open again this profile (the system tell me it's unable to use the remote profile etc.) does the user own the link? they should 2) the Administrator user (that's mapped on root I hope) act as if it's been mappend on guest... how did you map it to root? with /etc/smbusers? brad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba