Samba PDC without profile roaming troubles

t0bias · 09-20-2008, 11:59 AM

Hi,

I am trying to set up a Samba PDC without roaming profiles, so the PDC should just do the authentication process and rights distribution.

When I logon with a Windows client I get the following error-message:

Code:

Your roaming profile is not available. You are logged on with the locally stored profile. Changes to the profile will not be propagated to the server. Contact your network administrator.

DETAIL: The filename, directory name or volume label syntax is incorrect.

Actually, this is what I do want it to do, but how can I get rid of this error-message, each time a client logs on?

This is my smb.conf:

Code:

[global]
  workgroup = WORKGROUP
  netbios name = SAMBA PDC
  server string = Samba Domain Controller %v
  passdb backend = ldapsam:ldap://127.0.0.1/
  log file = /var/log/samba/%m.log
  max log size = 50
  socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
  add user script = /usr/sbin/smbldap-useradd -m "%u"
  delete user script = /usr/sbin/smbldap-userdel "%u"
  add group script = /usr/sbin/smbldap-groupadd -p "%g"
  delete group script = /usr/sbin/smbldap-groupdel "%g"
  add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
  delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
  set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
  add machine script = /usr/sbin/smbldap-useradd -w "%u"
  logon path = ""
  domain logons = Yes
  preferred master = Yes
  domain master = Yes
  encrypt passwords = Yes
  os level = 65
  dns proxy = No
  ldap admin dn = cn=admin,dc=samba,dc=local
  ldap delete dn = Yes
  ldap group suffix = ou=groups
  ldap idmap suffix = ou=users
  ldap machine suffix = ou=machines
  ldap suffix = dc=samba,dc=local
  ldap ssl = no
  ldap user suffix = ou=users
  idmap backend = ldap:ldap://127.0.0.1/

[homes]
  comment = Home Directories
  path = /home/profiles/%U
  read only = No
  writable = Yes
  create mask = 0644
  directory mask = 0775
  inherit permissions = Yes
  browseable = No

[netlogon]
  path = /home/samba/netlogon/%U
  browseable = No
  writable = Yes

[profiles]
  path = /home/samba/profiles/%U
  valid users = %U, "@Domain Admins"
  force user = %U
  read only = No
  writable = Yes
  create mask = 0700
  directory mask = 0775
  guest ok = Yes
  profile acls = Yes
  case sensitive = No
  preserve case = No
  short preserve case = No
  browseable = No
  csc policy = disable

Thanks,

Toby

Woodypecker · 09-20-2008, 02:55 PM

Search for "logon path" in man smb.conf.
You will find that the stanza
logon path = "" deliberately disables roaming profiles.

t0bias · 09-20-2008, 03:02 PM

Hmm.. I think you didn't read my post carefully enough as I do NOT want roaming profiles.

Woodypecker · 09-20-2008, 03:17 PM

Uhm, didn't I write exactly that? The stanza 'logon path ="" ` does just that,
disabling roaming profiles.
You can indeed use a netlogon script (share netlogon is necessary) to run
a regedit command as (local/domain) admin, possibly using CPAU, to permanently
disable roaming profile at the client side.

Woodypecker · 09-20-2008, 03:21 PM

Ouch I see you already have that stanza .... well, at work we use it as well,
but without the quotes, just the empty = ... when I wrote the replies,
I wanted to play safe and took the example from the manpage.
Maybe better omit the "" - we don't see that error, in particular the syntax/label
part.

t0bias · 09-20-2008, 03:28 PM

Wow, indeed, omiting the paranthesis solved the problem..!

Thanks,

Toby

ridingthestorm · 09-21-2008, 12:39 PM

Hi there,

I'm struggling with this, too, and removing the "" works fine. But what about the three commas (apparently taken from /etc/passwd) on the top of Start Menu following the domain user's full name (e.g., John Littleroof,,,)? Is there a way to get rid of them other than switching to classical start menu?