Solved

Samba PDC: XP Roaming Profiles not working

Posted on 2004-09-23
6
702 Views
Last Modified: 2008-02-01
I have Samba "correctly" set up as a PDC... smb.conf to follow.

My Win98 and WinXP comps are using it correctly as a workgroup share server just fine.

But I need the security from domain logons, and scripting with roaming profiles...

so I have switched an XP comp to domain logon... and it works fine, I switched to roaming profiles and my user works fine... but anyother user or any new users are having problems:
1. Settings in MS products (IE for example) are not being saved (Proxy settings for example)
2. Start Bar settings are not being saved.
3. MS Office products ask for user name twice no matter how many times you have previously opend it.
4. MS Word cannot save files
5. Visual desktop settings are not being saved.

On the other hand things are working such as renaming and delteing files on the desktop, mapped drives, etc.

Note: The settings mentioned above do not save for a second, the moment you click ok to a settings change and then you re-open the settings dialog... the settings are "lost"/gone. This is not an issue of local profiles not being saved to the server.

I am GMT +6 so my response will take up to 12 hours.

Thank You
0
Comment
Question by:Namtrok
  • 3
  • 3
6 Comments
 
LVL 1

Author Comment

by:Namtrok
Comment Utility
smb.conf:
---------------------------------------------------------------------
[global]
      load printers = No
      ldap ssl = no
      passwd chat = *New\spassword:* %n\n *Re-enter\snew\spassword:* %n\n *Password\schanged.* .
      logon drive = H:
      create mask = 0600
      domain master = Yes
      username map = /etc/samba/users.map
      encrypt passwords = yes
      time server = Yes
      logon home = \\job\homes
      passwd program = /usr/bin/passwd %u
      wins support = Yes
      dns proxy = No
      inherit permissions = Yes
      server string = %h
      logon script = allusers.bat
      dos charset = CP866
      unix password sync = yes
      workgroup = OFFICE
      logon path = \\job\profiles\%u
      os level = 45
      directory mask = 0700
      preferred master = Yes
      add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false -M %u
      log level = 5
      domain logons = Yes

[homes]
      comment = Home Directories
      read only = No
      browseable = No

[netlogon]
      path = /var/lib/samba/netlogon
      write list = root
      guest ok = Yes
      browseable = No
      locking = No

[profiles]
      path = /var/lib/samba/profiles
      read only = No
      guest ok = Yes
      profile acls = Yes
----------------------------------------------------------
0
 
LVL 6

Expert Comment

by:blkline
Comment Utility
I have a setup very similar to what you are attempting to do.  So I know that it can be done.

The roaming profiles that you have set up work basically like this:

* User logs on to domain
* User's profile, settings, etc are copied to the local workstation
* User does his thing on the Windows workstation and as far as the settings go, the Samba PDC is now out of the picture.  Sure, there can be problems if you are trying to save data to it, but those settings are part of the profile that gets dragged down.
* User signs off
* User's settings are sent back to the server.

Assuming that you haven't done anything other than set up a basic Samba PDC then the first time a user logs onto the domain his desktop is built from the windows sorkstation default, then saved back when he logs off.  So perhaps you can pursue things from that angle.

In the meantime, you may want to crank up your logging from within smb.conf and see if you can get any clues from it.
0
 
LVL 6

Expert Comment

by:blkline
Comment Utility
One other thing -- here is my smb.conf.  This may help you, too.

[global]
   netbios name = VRECPDC
   workgroup = VREC
   passdb backend = tdbsam
   os level = 33
   preferred master = yes
   domain master = yes
   local master = yes
   security = user
   domain logons = yes
   logon path = \\%L\profiles\%U
   logon drive = Z:
   logon home = \\QVALLEY\%U
   logon script = %U.cmd
   remote announce = 192.168.2.255 192.168.3.255
#  wins server = 192.168.1.243
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   wins support = yes
   remote announce = 192.168.2.255 192.168.3.255
   username map = /var/samba/username.map
   add machine script = /usr/sbin/useradd -d /dev/null -s /sbin/nologin -g 100 -M %u
   time server = yes
#  log level = 1
                                                                                           
                                                                                           
[netlogon]
   comment = Network Logon Service
   path = /var/samba/netlogon
   read only = yes
   write list = smbadm
   root preexec = /var/samba/netlogon/bld_netlogon %U %m
   root postexec =  /bin/rm -f /var/samba/netlogon/%U.cmd
   preexec = bash -c 'echo "%m" >> /tmp/netlogon.log";[ "%m" = "TSS40020" ] || /bin/sleep 60;cat /etc/motd | /usr/bin/smbclient -M %m -I %I -U Admin &'
                                                                                           
[profiles]
   path = /var/samba/profiles/%a
   read only = no
   create mask = 0600
   directory mask = 0700
   browseable = no
   csc policy = disable
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 1

Author Comment

by:Namtrok
Comment Utility
Thanks blk,

evrything except one aspect seems to be working... lets take your list:
* User logs on to domain
* User's profile, settings, etc are copied to the local workstation
* User does his thing on the Windows workstation and as far as the settings go, the Samba PDC is now out of the picture.  Sure, there can be problems if you are trying to save data to it, but those settings are part of the profile that gets dragged down.
* User signs off
* User's settings are sent back to the server.

*the logon is going well
*the profile is copied to the workstation well
*user can NOT do his thing (change settings)
*the user sign's off
*the user profile MIGHT be saving to the server... I assume they will be if the user can change them!

so are you saying... that this is simply not a samba setting problem at all? I looked at your .conf file and thoguht I didn't have any problems with my settings...  I added two lines to my profiles share even though they are in the globals section I thought ... well stranger things have happened..
lines added:
   create mask = 0600
   directory mask = 0700

Now reads:
[profiles]
     path = /var/lib/samba/profiles
     read only = No
     create mask = 0600
     directory mask = 0700
     guest ok = Yes
     profile acls = Yes


So to summerize, the problem is (you're suggesting) specific to the workstation settings..?

Also another problem since you mentioned it in your answer... (I'm adding points to the question)

I log on as a new user (in the domain but has no profile) and I get this error message (to follow) so when I browse to the profile share I and try to create a folder it says I do not have permissions to do that... here's the error message received @ logon...

----------------------------------------
Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator.  


DETAIL - Access is denied.
---------------------------------------

so now two problems:
#1 Profile settings are not being saved (and all the impact that has... which is described above)
#2 Users without folders in the profiles share do not have access to create a folder there...

Perhaps if the second one is solved it will solve the first problem?
0
 
LVL 6

Accepted Solution

by:
blkline earned 500 total points
Comment Utility
Here are the permissions I use:

[root@vrecpdc /]# ll /var/samba
total 32
drwxr-xr-x    4 root     root         4096 Jun 22 18:57 backups
drwxr-xr-x    4 root     root         4096 May  6 17:16 downloads
drwxr-xr-x    2 root     root         4096 Mar 22  2004 home
lrwxrwxrwx    1 root     root           15 Mar 22  2004 log -> /var/log/samba/
drwxr-xr-x    4 root     root         4096 Aug 23 15:22 misc
drwxr-xr-x    2 root     root         4096 Sep 24 10:45 netlogon
drwxrwxrwx    5 root     root         4096 Aug 10 16:46 profiles
drwxrwxrwx   10 root     root         4096 Sep 21 14:33 share
-rw-r--r--    1 root     root           14 Mar 22  2004 username.map

Next level down in profiles:[root@vrecpdc profiles]# ll
total 12
drwxrwxrwx   26 root     root         4096 Sep 21 11:16 Win2K
drwxrwxrwx    6 root     root         4096 Aug 24 14:05 WinNT
drwxrwxrwx   51 root     root         4096 Sep 23 14:45 WinXP

Then, my profile directory under WinXP:
drwx------   15 klinebl  users        4096 Sep 23 18:16 klinebl

Since it is the user profile on the Samba PDC that is used the permissions on the directories in which you store their profiles must be read/write for them.

Barry



0
 
LVL 1

Author Comment

by:Namtrok
Comment Utility
It was all about Permissions in the profile folder, I made the profile folder itself drwxrwxrwx and it fixed it all!

Thanks Barry, sorry it took so long for me to get back to you!
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

The purpose of this article is to demonstrate how we can use conditional statements using Python.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now