LinuxQuestions.org - WinXP won't load roaming profiles from SAMBA server

- Ubuntu (https://www.linuxquestions.org/questions/ubuntu-63/)

- - WinXP won't load roaming profiles from SAMBA server (https://www.linuxquestions.org/questions/ubuntu-63/winxp-wont-load-roaming-profiles-from-samba-server-673495/)

WinXP won't load roaming profiles from SAMBA server

Hi all,

I have configured Samba 3.0.28a on Ubuntu studio 8.04 - AMD64. It is configured as a PDC and the users get login to their respective home directories. But, the profile is not loading. So, if users make any changes to their desktop or my documents,they don't get loaded. The error is "windows didnot load your roaming profile and is attempting to log you on with your local profile.Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder." Contact your network administrator.

" Strangely, this used to work when i first created these user accounts. Below is my smb.conf file

# Global parameters
[global]
workgroup = abcd
netbios name = server
;interfaces = eth1, lo
;bind interfaces only = Yes
passdb backend = tdbsam

hosts allow = 10.10.10.0/24
security = user
smb ports = 139
add user script = /usr/sbin/useradd -m '%u'
delete user script = /usr/sbin/userdel -r '%u'
add group script = /usr/sbin/groupadd '%g'
delete group script = /usr/sbin/groupdel '%g'
add user to group script = /usr/sbin/usermod -G '%g' '%u'
add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u'
include = /etc/samba/dc-common.conf
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192

[share]
comment = Student common Share Directory
browsable=yes
path = /export/
read only = No
writable = yes

Contents of /etc/samba/dc-common.conf

# Global parameters
[global]
;shutdown script = /var/lib/samba/scripts/shutdown.sh
;abort shutdown script = /sbin/shutdown -c

domain logons = Yes
preferred master = Yes
domain master = yes
wins support = Yes
os level = 65

;logon path = \\%L\profiles\%U
;logon drive = h:
;logon home = \\%L\%U
;logon script = logon.bat
include = /etc/samba/common.conf

[homes]
comment = Home Directory
valid users = %S
read only = No
browseable = No
path = /home/%u

[profiles]
comment = Profile Share
path = /var/lib/samba/profiles
read only = No
;profile acls = Yes
writable = yes
browsable = no

Contents of common.conf

[global]

username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139
name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
show add printer wizard = No
;shutdown script = /var/lib/samba/scripts/shutdown.sh
abort shutdown script = /sbin/shutdown -c
utmp = Yes
map acl inherit = Yes
printing = cups
#veto files = /*.eml/*.nws/*.{*}/
#veto oplock files = /*.doc/*.xls/*.mdb/
;include =
# Share and Service Definitions are common to all servers
;[printers]
;comment = SMB Print Spool
;path = /var/spool/samba
;guest ok = Yes
;printable = Yes
;use client driver = Yes
;default devmode = Yes
;browseable = No
;[apps]
;comment = Application Files
;path = /apps
;admin users = sambauser
;read only = No

The profiles directory is under /var/lib/samba/profiles

The permissions of the /var/lib/samba directory is
drwxr-xr-x 8 root root 4096 2008-10-01 16:21 samba

The Permissions of the /var/lib/samba/profiles directory:
drwxr-xr-x 30 root root 4096 2008-09-24 16:37 profiles

Under the profiles directories, user directories are created and they have username.users permission. For example..
drwxr-xr-x 13 priya users 4096 2008-10-01 12:31 priya

Sorry for the long post.
can someone help me with this
Avinash

Install the samba-doc package if you don't have it. Roaming Profiles are covered in chapter 27 in the Samba3-HOWTO book. XP Professional is covered in 27.2.2.3. If you don't have XP Pro, I don't know if roaming profiles are supported because XP home has domain support stripped out.

Code:

When MS Windows 200x/XP participates in a domain security context,

and if the default user proﬁle is not found, then the client will search for

a default proﬁle in the NETLOGON share of the authenticating server. In

MS Windows parlance, it is %LOGONSERVER%\NETLOGON\Default User, and

if one exists there, it will copy this to the workstation in the C:\Documents

and Settings\ under the Windows login name of the use.

  Note

          This path translates, in Samba parlance, to the smb.conf

          [NETLOGON] share. The directory should be created at

          the root of this share and must be called Default User.

It seems that you have your login path commented out. Was that the case before?

Hi Guys,

I am using WinXP - SP2 and i downloaded samba doc, but where can i find it?
I figured out the problem. There was a mistake in the profiles path. After installing samba, i used the pdbedit command to set account policies on each user, and i guess by mistake the profiles path was entered wrongly. I changed the profiles path using pdbedit command and it worked. But, i had to do this manually for each user.

1) How can i use the pdbedit command to set account policies for all users at once? say for example i want to change the account password policy for 30 users at once?

The above scenario leads me to a question. The default profiles path in samba is in the users home directory /home/username/profile directory. But, i have a different path set for profiles in smb.conf file which is /var/lib/samba/profiles/username. Now which takes the precedence?

I tested this yesterday, i created a new samba user, using smbpasswd -a username command. at the end, in the username details, the profile path is automatically set to /home/username/profile directory. But, in my smb.conf file i have defined a profiles share which is under /var/lib/samba/profiles/username. Now, there is a conflict here?

[profiles]
comment = Profile Share
path = /var/lib/samba/profiles
read only = No
;profile acls = Yes
writable = yes
browsable = no
logon path = \\%L\profiles\%U
logon drive = p:

What is the use of using these parameters then? like logon path = \\%L\profiles\%U etc..??

Thanks for the support
Avinash

It doesn't appear that you can change the profile path as a policy in pdbedit. The man page states:

"Valid policies are: minimum password age, reset count minutes, dis‐connect time, user must logon to change password, password history,lockout duration, min password length, maximum password age and bad lockout attempt."

Also, shouldn't "logon path = \\%L\profiles\%U" be in the [global] section of smb.conf? "path" should be in [profiles].

"logon path" is the network path to the profile so Windows can find it.
"path" is the physical location of the profile on the samba server.

Thanks for the clarifications. I will make these changes in smb.conf file and get back to you. But, strange that the profiles started working when i changed the profiles path using the pdbedit command, may be as you said, the path is in the wrong section in smb.conf file!

Quote:

Originally Posted by mrog (Post 3301724)

I have put the contents of dc-common and common files to smb.conf file. So, i have only one samba configuration file.

I have put the following under the global section,
logon path = \\%L\profiles\%U
logon drive = p:
logon home = \\%L\%U

The output of smbstatus -L
root@Studio-Server:~# smbstatus -L
Global parameter logon path found in service section!
Global parameter logon drive found in service section!
Global parameter logon home found in service section!
Global parameter logon script found in service section!
No locked files

Contents of SMB.CONF

# Global parameters
[global]
workgroup = sscms
netbios name = studio-server
;interfaces = eth1, lo
;bind interfaces only = Yes
passdb backend = tdbsam
logon path = \\%L\profiles\%U
logon drive = p:
logon home = \\%L\%U
;logon script = logon.bat
domain logons = Yes
preferred master = Yes
domain master = Yes
wins support = Yes
os level = 65

#username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139
name resolve order = wins bcast hosts
time server = NO
printcap name = CUPS
show add printer wizard = No

;shutdown script = /var/lib/samba/scripts/shutdown.sh
;abort shutdown script = /sbin/shutdown -c
utmp = Yes
map acl inherit = Yes
printing = cups

#veto files = /*.eml/*.nws/*.{*}/
#veto oplock files = /*.doc/*.xls/*.mdb/

hosts allow = 10.10.10.0/24
security = user
smb ports = 139
add user script = /usr/sbin/useradd -m '%u'
delete user script = /usr/sbin/userdel -r '%u'
add group script = /usr/sbin/groupadd '%g'
delete group script = /usr/sbin/groupdel '%g'
add user to group script = /usr/sbin/usermod -G '%g' '%u'
add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u'
include = /etc/samba/dc-common.conf
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192

[homes]
comment = Home Directory
valid users = %S
read only = No
browseable = No
path = /home/%u

# Share and Service Definitions are common to all servers

[share]
comment = Student common Share Directory
browsable =yes
path = /home/export/
read only = No
writable = yes

[profiles]
comment = Profile Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes
writable = yes
browsable = no

;shutdown script = /var/lib/samba/scripts/shutdown.sh
;abort shutdown script = /sbin/shutdown -c

;[netlogon]
;comment = Network Logon Service
;path = /var/lib/samba/netlogon
;logon script = %U.bat
;guest ok = Yes
;locking = No
;read only = no
;root preexec = /var/lib/samba/bin/make_logon_script '%U'

;[printers]
;comment = SMB Print Spool
;path = /var/spool/samba
;guest ok = Yes
;printable = Yes
;use client driver = Yes
;default devmode = Yes
;browseable = No
;[apps]
;comment = Application Files
;path = /apps
;admin users = sambauser
;read only = No