Samba PDC roaming profiles problem

Alex de Kruijff alexk at specialisterren.nl
Mon Aug 2 11:32:43 UTC 2010 

Hi,

I've setup a LDAP backend Samba PDC. I can gain access to shares and

login with a user that is in LDAP, but have a prblem setting up the
roaming profile stuff. I've been trying to solve this problem for some
time now, and have tried everything I could think of, but without much
luck. I keep getting the following error messages:

"Windows cannot locate the server copy of your roaming profile and is
attempting to log you on with your local profile. Changes to the profile
will not be copied to the server when you logoff. Plausible causes of
this error include network problem or insufficient security rights. If
this problem persists, contact your network administrators. DETAILS -
The network path was not found."

Followed by:

"Windows cannot find the local profile and is logging on with a tempory
profiles. Changes to this profile will be lost when you logoff."

Here is my smb.conf:

>[global]
>      security = user
>      name resolve order = wins lmhosts hosts bcast
>      deadtime = 15
>      map to guest = Never
>      csc policy = disable
>      hosts allow = 127. 192.168.
>      server string =
>      workgroup = Nieuwegein
>      time server = yes
>      wins support = yes
>      domain master = yes
>      domain logons = yes
>     encrypt passwords = yes
>      local master = yes
>      logon drive = Z:
>      logon path = \\%L\profiles\%U
>      preferred master = yes
>      os level = 255
>      encrypt passwords = yes
>      passdb backend = ldapsam:ldap://localhost/
>      enable privileges = Yes
>      pam password change = yes
>      passwd program = /usr/local/sbin/smbldap-passwd %u
>      passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
>      unix password sync = Yes
>      ldap delete dn = Yes
>      ldap ssl = Off
>      ldap passwd sync = Yes
>      ldap admin dn = cn=admin,dc=specialisterren,dc=nl
>      ldap suffix = dc=specialisterren,dc=nl
>      ldap group suffix = ou=Groups
>      ldap idmap suffix = ou=Users
>      ldap machine suffix = ou=Computers
>      ldap user suffix = ou=Users
>      idmap backend = ldap:ldap://localhost
>      idmap uid = 10000-20000
>      idmap gid = 10000-20000
>      add user script = /usr/local/sbin/smbldap-useradd -a -m "%u"
>      delete user script = /usr/local/sbin/smbldap-userdel "%u"
>      add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
>      delete group script = /usr/local/sbin/smbldap-groupdel "%g"
>      add user to group script = /usr/local/sbin/smbldap-groupmod -m
"%u" "%g"
>      delete user from group script = /usr/local/sbin/smbldap-groupmod
-x "%u" "%g"
>     set primary group script = /usr/local/sbin/smbldap-usermod -g "%g"
"%u"
>      add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
>     template homedir = /home/%U
>      template shell = /bin/csh
>     getwd cache = yes
>     socket options = SO_KEEPALIVE TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=819
>     use sendfile = yes
>     mangle prefix = 6 # How to mangle Long Filenames in to 8.3 DOS
>     log level = 1
>     log file = /var/log/samba/log.%m
>     max log size = 50
>      syslog = 0
>
>  [template]
>  # edited out, has no path
>
>  [homes]
>     comment = Home users
>     inherit owner = yes
>     dos filemode = yes
>     writable = yes
>     read list = @wheel @"Domain Admins"
>     valid users = "%S"
>      create mask = 0740
>      directory mask = 0750
>      aio read size = 16384
>
>  [netlogon]
>      comment = Network Logon Service
>      path = /disk/netlogon
>      browseable = no
>      read only = yes
>      aio read size = 16384
>
>  [profiles]
>      comment = Roaming Profiles Directory
>      path = /disk/profiles
>      administrative share = true
>      browseable = no
>     writable = yes
>      create mask = 0600
>      directory mask = 0700
>      aio read size = 16384
>      public = yes
>      # The root preexec command performs:
>     # mkdir -pm 750 /disk/profiles/%U-%a; chown %U /disk/profiles/%U-%a
>      # I started off without this.
>      root preexec = /root/sbin/profiles.sh %U %a
>
># edited out other shares

ldapsearch gives me:
>  # tester, Users, specialisterren.nl
>  dn: uid=tester,ou=Users,dc=specialisterren,dc=nl
>  objectClass: top
>  objectClass: person
>  objectClass: organizationalPerson
>  objectClass: inetOrgPerson
>  objectClass: posixAccount
>  objectClass: shadowAccount
>  objectClass: sambaSamAccount
>  cn: tester
>  sn: tester
>  givenName: tester
>  uid: tester
>  uidNumber: 10005
>  gidNumber: 513
>  homeDirectory: /home/tester
>  loginShell: /bin/sh
>  gecos: Tes ter
>  sambaLogonTime: 0
(Edited out the other stuff)

I can acces \\Server\profiles, \\Server\netlogon using my tester
account. /etc/passwd contains no line with the user tester. And I can
login under SSH with the tester account.

ll -d /disk/{netlogon,profiles}gives me:
drwxr-xr-x  2 root  wheel  512 Mar 16 11:09 /disk/netlogon/
drwxrwxrwt  2 root  wheel  512 Aug  2 12:41 /disk/profiles/

Alex

More information about the freebsd-questions mailing list