[Samba] Problem with Roaming Profiles
Hello all, I'm using Samba 3.0.28-0.4.3 as PDC on a SUSE Linux Enterprise Server 10 SP1 (x86_64), integrated with a ldap base. I have setup roaming profiles and things were working fine till yesterday when an user "lost" his profile during logon. Here is a part of audit log: Aug 25 08:33:28 localhost smbd_audit: 30829|gustavo|192.168.5.38|gustavom|IPC_|connect|ok|IPC$ Aug 25 08:33:31 localhost smbd_audit: 30829|nobody|192.168.5.38|gustavom|IPC_|connect|ok|IPC$ Aug 25 08:33:31 localhost smbd_audit: 30829|nobody|192.168.5.38|gustavom|IPC_|disconnect|ok|IPC$ Aug 25 08:33:31 localhost smbd_audit: 30829|nobody|192.168.5.38|gustavom|IPC_|connect|ok|IPC$ Aug 25 08:33:31 localhost smbd_audit: 30829|gustavo|192.168.5.38|gustavom|profiles|connect|ok|profiles Aug 25 08:33:32 localhost smbd_audit: 30829|nobody|192.168.5.38|gustavom|IPC_|disconnect|ok|IPC$ Aug 25 08:33:32 localhost smbd_audit: 30829|nobody|192.168.5.38|gustavom|IPC_|connect|ok|IPC$ Aug 25 08:33:32 localhost smbd_audit: 30829|gustavo|192.168.5.38|gustavom|profiles|connect|ok|profiles Aug 25 08:33:32 localhost smbd_audit: 30829|gustavo|192.168.5.38|gustavom|profiles|unlink|ok|gustavo/Contacts/Desktop.ini Aug 25 08:33:32 localhost smbd_audit: 30829|gustavo|192.168.5.38|gustavom|profiles|unlink|ok|gustavo/Contacts/[EMAIL PROTECTED]/A18AA9C 9-F9E1-4C5D-B5C1-A7D230201647.WindowsLiveContact Aug 25 08:33:32 localhost smbd_audit: 30829|gustavo|192.168.5.38|gustavom|profiles|unlink|ok|gustavo/Contacts/[EMAIL PROTECTED]/70CE567 3-4D66-435A-81FA-52B24520B7B7.WindowsLiveContact Aug 25 08:33:32 localhost smbd_audit: 30829|gustavo|192.168.5.38|gustavom|profiles|unlink|ok|gustavo/Contacts/[EMAIL PROTECTED]/BD86C4B F-6D9B-475E-8C12-D1EAF5B0ACDF.WindowsLiveContact . . . . And then the whole profile was unlinked, and a new one was created on the server O.o My profile share in smb.conf: [profiles] path = /home/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = no csc policy = disable nt acl support = yes store dos attributes = Yes hide files = desktop.ini/outlook*.lnk/*Briefcase*/.* force user = %U valid users = %U "@Domain Admins" write list = %U "@Domain Admins" The setting "Delete cached copies of roaming profiles" of the gpedit.msc on Windows XP is enabled. Any comments and suggestions are appreciated. Thank you Márcio de Oliveira -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem with roaming profiles
Version 3.0.26a 2.6.22-gentoo-r9 configuration: http://pastebin.com/m3b84d11e The problem is the following: I login with a network account in a windows xp box for the first time. Everything is ok, profile loads completely. If i try to login with this account in another pc, then the account is being logged ok, but the profile is not loaded completely. You cant even run firefox that is in desktop. The network drive is mounted and you can access the files. I cant figure out what i am doing wrong here ... Could you please help me on this ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problem with roaming profiles
Hi, this may be of interest to you: http://www.microsoft.com/downloads/details.aspx?FamilyID=1b286e6d-8912-4e18-b570-42470e2f3582&displaylang=en a service called User Profile Hive Cleanup Service -- Warum können Pinguine nicht fliegen? Was nicht fliegt, kann nicht abstürzen. Never be afraid of doing tasks you are not familiar with. Noah's Ark was built by an amateur. Professionals have built the Titanic -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem with roaming profiles
Hi, i'm using samba version 3.0.9-2.6-SUSE on suse 9.1 platform with about 40 clients both win XP SP2 and win 2000 SP4 and over 200 users. My problem is with win xp roaming profiles. It caches profiles onto local drive and every time user logs off it starts to synchronize users profile. If there are more than one profiles cached it tries to synchronize all of them and asks username and password for each cached profile. I have set the registry key to delete roaming profiles and it does so, but when user does not log off correctly for some reason (power cut or reset button is too attempting ) it still caches his profile. i have many dumbusers around and in a month there are over 15 profiles in each computer wanting to synchronize. Is there a way to disable this synchronize? PS! profiles can be deleted.. users need their accounts just for internet, msn and printing. Siim Kobin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with Roaming Profiles
Have you tried clearing out the profiles from both machines, use the profiles tool on the Linux box to check that the domain SID (net getlocalsid) is the same as what is listed in the ntuser.dat files inside each persons profile. Another way to test this is to give the particular user that is having the problems local administrator rights to the desktop machine. Then when they login if everything works fine (desktop background etc) it could very well be an SID problem. Hi, This is driving me nuts!! Ok, this is a home network, so not many machines! I HAD 1 windows XP machine with local profiles for everyone - worked fine. I have now installed a linux box with SAMBA on it and I have 3 desktop PCs. I have set up roaming profiles (I think) correctly according to the How-To book. I initially had some trouble getting the local profiels moved to the server, but I don't think that's the issue now. Anyway, what happens is this:-- Log in to Machine A. Everything works fine, the various profile files seem to go to the server, things like the re-direction of My Documents works etc. etc. Log in to Machine B and only SOME of the profile seems to work. The desktop wallpaper doesn't appear, the desktop icons are most "unknown" icon, but other bits DO work (for example desktop items are ther ane My Documents is still redirected. Go back to Machine A and everything is still fine. Back on Machine B, set up everything as I want it. Now Machine B works, but Machine A doesn't!!! It can't be a rights thing because the files get created ok from either machine. I tried copying the local profile up to make it a roaming one and changed the security to allow the domain user to use it and it STILL does this!!! Can anyone help?? WinXP SP2 SAMBA3 LFS 6.0 Cheers, Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with Roaming Profiles
Hi, This is driving me nuts!! Ok, this is a home network, so not many machines! I HAD 1 windows XP machine with local profiles for everyone - worked fine. I have now installed a linux box with SAMBA on it and I have 3 desktop PCs. I have set up roaming profiles (I think) correctly according to the How-To book. I initially had some trouble getting the local profiels moved to the server, but I don't think that's the issue now. Anyway, what happens is this:-- Log in to Machine A. Everything works fine, the various profile files seem to go to the server, things like the re-direction of My Documents works etc. etc. Log in to Machine B and only SOME of the profile seems to work. The desktop wallpaper doesn't appear, the desktop icons are most "unknown" icon, but other bits DO work (for example desktop items are ther ane My Documents is still redirected. Go back to Machine A and everything is still fine. Back on Machine B, set up everything as I want it. Now Machine B works, but Machine A doesn't!!! It can't be a rights thing because the files get created ok from either machine. I tried copying the local profile up to make it a roaming one and changed the security to allow the domain user to use it and it STILL does this!!! Can anyone help?? WinXP SP2 SAMBA3 LFS 6.0 Cheers, Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with roaming profiles on upgrade from 2.2 to 3.0
I have quite a few samba installations, and I've had problems with roaming profiles when upgrading from Samba 2.2 to 3.0. My servers run Debian stable, which uses Samba 2.2.3, with security patches. At some point Debian will release a new stable version with a recent Samba 3.0 release. Right now I'm testing a few servers with a samba 3.0.10 backport to make sure the transition will go smoothly. Unfortunately, I have this problem with roaming profiles and I've already spent several days researching (google) and trying to fix it to no avail. When I update to 3.0, users are getting the message "Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to your profile will not be copied to the server when you log off. possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - The filename, directory name or volume label syntax is incorrect." After a bit of research, I ended up running the pdbedit command: #pdbedit -v -u=alex Unix username:alex NT username: Account Flags:[U ] User SID: S-1-5-21-1446488701-1319150898-4256949202-3838 Primary Group SID:S-1-5-21-1446488701-1319150898-4256949202-1201 Full Name:Alex King,,, Home Directory: "\\server\alex\profile" HomeDir Drive:Z: Logon Script: UNKNOWN\alex.bat Profile Path: "\\server\NTPROFILE\alex" Domain: WORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Sat, 14 Dec 1901 09:45:51 GMT Kickoff time: Sat, 14 Dec 1901 09:45:51 GMT Password last set:Mon, 01 Nov 2004 23:53:42 GMT Password can change: Mon, 01 Nov 2004 23:53:42 GMT Password must change: Sat, 14 Dec 1901 09:45:51 GMT Last bad password : 0 Bad password count : 0 Logon hours : FF And OK, while composing this email, I finally solved my problem, which is the double quotes around the Profile Path value above. After resetting the Profile Path with pdbedit -u alex -p "server\\alex\\profile", which results in the following pdbedit -v -u alex listing: Unix username:alex NT username: Account Flags:[U ] User SID: S-1-5-21-1446488701-1319150898-4256949202-3838 Primary Group SID:S-1-5-21-1446488701-1319150898-4256949202-1201 Full Name:Alex King,,, Home Directory: \\server\alex HomeDir Drive:Z: Logon Script: \\SERVER\netlogon\WinNT\alex.bat Profile Path: \\server\alex\profile Domain: WORKGROUP Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Sat, 14 Dec 1901 09:45:51 GMT Kickoff time: Sat, 14 Dec 1901 09:45:51 GMT Password last set:Mon, 01 Nov 2004 23:53:42 GMT Password can change: Mon, 01 Nov 2004 23:53:42 GMT Password must change: Sat, 14 Dec 1901 09:45:51 GMT Last bad password : 0 Bad password count : 0 Logon hours : FF profiles now work as expected. Actually, my config file included the double quotes, and this worked with samba 2.2 but not with samba 3.0. Now that I look in the man page, there is a warning on the logon path parameter, although it didn't sink in for me in the past. So to recap for the benefit of others, although I first used pdbedit to take away the quotes for a single user, the real fix was to remove the quotes around the logon home and logon path parameters in smb.conf. Perhaps testparm could be modified to give a warning in this situation? Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with roaming profiles and Samba 3.0
profile acls = yes might help You. I had the same problem and this fixed it. MS introduced permission checks on the user profile with W2K SP3. Greetings, Osama > > Due to a change in W2K SP4 and XP SP1 (see Microsoft Knowledge Base > Article 327462 at > http://support.microsoft.com/default.aspx?scid=KB;EN-US;q327462) Windows > checks the owner of a roaming profile folder when logging in. > > For some reason this check fails with Samba 3.0 (at least with our > setup). It works with Samba 2.2. > > Any suggestions? > > Please CC me. I'm not on the list. > > Thanks, > > > Nick Wellnhofer > > > -- > aevum gmbh > leopoldstr. 87 > 80802 münchen > germany > > fon: +4989 38380653 > fax: +4989 38799384 > [EMAIL PROTECTED] > http://aevum.de/ > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba --- Osama Dengler http://www.jazz-on-the-rocks.de/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with roaming profiles and Samba 3.0
Due to a change in W2K SP4 and XP SP1 (see Microsoft Knowledge Base Article 327462 at http://support.microsoft.com/default.aspx?scid=KB;EN-US;q327462) Windows checks the owner of a roaming profile folder when logging in. For some reason this check fails with Samba 3.0 (at least with our setup). It works with Samba 2.2. Any suggestions? Please CC me. I'm not on the list. Thanks, Nick Wellnhofer -- aevum gmbh leopoldstr. 87 80802 münchen germany fon: +4989 38380653 fax: +4989 38799384 [EMAIL PROTECTED] http://aevum.de/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with roaming profiles
Am Son, 2003-09-07 um 15.23 schrieb Tilo Lutz: > Hi > > After changing from samba 2.2.7 to 3.0.rc2 I can't get roaming profiles > work. Clients Are W2K and XP. > I've also switched from smbpasswd backend to ldap. Logon path is only > set in smb.conf, not in ldap. > Storing of profiles is working but it takes very long. > I've tried logon path = \\wilma2\profile\Win2K and \\wilma2\profile. > But the clients are always storing profile in \\wilma2\profile\Win2K. > Is it possible windows is caching home path anywere? If I set attribute sambaProfilePath in ldap profiles are working Why isn't the global parameter logon path = "\\WILMA2\profile\Win2K" in smb.conf used? Setting sambaProfilePath = "\\WILMA2\profile has worked, but why? The correct setting would be \\wilma2\profile\Win2K Any idea? Tilo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with roaming profiles
Hi After changing from samba 2.2.7 to 3.0.rc2 I can't get roaming profiles work. Clients Are W2K and XP. I've also switched from smbpasswd backend to ldap. Logon path is only set in smb.conf, not in ldap. Storing of profiles is working but it takes very long. I've tried logon path = \\wilma2\profile\Win2K and \\wilma2\profile. But the clients are always storing profile in \\wilma2\profile\Win2K. Is it possible windows is caching home path anywere? Loading of profiles dowsn't work I get the old "security permission" error, but I've set use profile acls in profile share. I've also set to option on client side not to check security settings on above folders. I'Ve attached relevant parts of smb.conf, log.smbd and ldif of user. I hope anybody can help me. relevant part of log.smbd [2003/09/06 11:18:36, 2] passdb/pdb_ldap.c:init_sam_from_ldap(460) Entry found for user: tilo [2003/09/06 11:18:36, 2] [2003/09/06 11:18:36, 2] auth/auth.c:check_ntlm_password(302) check_ntlm_password: authentication for user [tilo] -> [tilo] -> [tilo] succeeded b111-pc16 (192.168.83.16) connect to service profile initially as user tilo (uid=1546, gid=106) (pid 17106) [2003/09/06 11:18:36, 2] smbd/open.c:open_file(250) tilo opened file Win2K/NTUSER.DAT read=Yes write=No (numopen=1) [2003/09/06 11:18:36, 2] lib/smbldap.c:smbldap_search_suffix(1068) smbldap_search_suffix: searching for:[(&(sambaSID=S-1-5-21-3371203057-3264423045-2392767973-3092)(objectclass=sambaSamAccou nt))] [2003/09/06 11:18:36, 2] smbd/open.c:open_file(250) tilo opened file Win2K/NTUSER.INI read=Yes write=No (numopen=2) [2003/09/06 11:18:46, 2] smbd/close.c:close_normal_file(228) tilo closed file Win2K/NTUSER.INI (numopen=1) [2003/09/06 11:19:52, 0] lib/util_sock.c:read_socket_data(342) read_socket_data: recv failure for 4. Error = Die Verbindung wurde vom Kommunikationspartner zurückgesetzt [2003/09/06 11:19:52, 2] smbd/server.c:exit_server(558) Closing connections [2003/09/06 11:19:52, 1] smbd/service.c:close_cnum(874) b111-pc16 (192.168.83.16) closed connection to service profile [2003/09/06 11:19:52, 2] smbd/close.c:close_normal_file(228) tilo closed file Win2K/NTUSER.DAT (numopen=0) [2003/09/06 11:19:52, 2] smbd/utmp.c:sys_utmp_update(419) utmp_update: uname:/var/run/utmp wname:/var/log/wtmp [2003/09/06 11:20:21, 2] lib/smbldap.c:smbldap_search_domain_info(1297) Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=WMS-NET))] [2003/09/06 11:20:21, 2] lib/smbldap.c:smbldap_search_suffix(1068) smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=WMS-NET))] [2003/09/06 11:20:21, 2] lib/smbldap.c:smbldap_open_connection(625) smbldap_open_connection: connection opened [2003/09/06 11:20:21, 2] smbd/reply.c:reply_special(93) netbios connect: name1=WILMA2 name2=B111-PC16 [2003/09/06 11:20:21, 2] smbd/reply.c:reply_special(100) netbios connect: local=wilma2 remote=b111-pc16, name type = 0 [2003/09/06 11:20:21, 2] smbd/sesssetup.c:setup_new_vc_session(535) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/09/06 11:20:21, 2] smbd/sesssetup.c:setup_new_vc_session(535) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/09/06 11:20:21, 2] lib/smbldap.c:smbldap_search_suffix(1068) smbldap_search_suffix: searching for:[(&(sambaSID=S-1-5-21-3371203057-3264423045-2392767973-501)(objectclass=sambaSamAccoun t))] relevant part of smb.conf: [global] # Globale Einstellungen netbios name = Wilma2 workgroup = WMS-NET os level = 255 local master = yes bind interfaces only = true interfaces = 192.168.0.7/16 127.0.0.1 security = user encrypt passwords = yes domain logons = yes preferred master = yes domain master = yes logon script = %I.bat logon drive = h: #logon path = "\\WILMA2\profile\Win2K" logon path = "\\192.168.0.7\profile" wins support = yes time server = yes dead time = 15 kernel oplocks = yes mangle case = yes case sensitive = no default case = lower preserve case = yes short preserve case = yes name resolve order = wins bcast host lmhosts #veto files = /.*/ printing = cups load printers = yes username map = /etc/samba/smbusers nt acl support = yes log level = 2 max log size = 10 use sendfile = yes large readwrite = yes socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192 SO_RCVBUF=8192 utmp = yes passdb backend = ldapsam:ldap://localhost guest algorithmic rid base = 1000 printing = cups printcap name = cups load printers = yes unix charset = UTF8 unicode = yes display charset = UTF8 dos charset = ASCII unix extensions = yes ldap admin dn = uid=wilma2,dc=wms-hn,dc=de ldap suffix = dc=wms-hn,dc=de ldap machine suffix = ou=machines ldap group su
Re: [Samba] Problem with roaming profiles..
On Wed, 2003-01-22 at 08:13, Michele Santucci wrote: > I'm using samba 2.2.7 used as pdc. > After long time I finally managed it two work mostly but I still have two > problems pending: > 1) if i put on a desktop of a user profile (I'm using roaming profiles) > a link to a net resource I'm unable to open again this profile (the system > tell me it's unable to use the remote profile etc.) does the user own the link? they should > 2) the Administrator user (that's mapped on root I hope) act as if it's > been mappend on guest... how did you map it to root? with /etc/smbusers? brad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with roaming profiles..
I'm using samba 2.2.7 used as pdc. After long time I finally managed it two work mostly but I still have two problems pending: 1) if i put on a desktop of a user profile (I'm using roaming profiles) a link to a net resource I'm unable to open again this profile (the system tell me it's unable to use the remote profile etc.) 2) the Administrator user (that's mapped on root I hope) act as if it's been mappend on guest... bye by(t)e[S]...TuX! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba