Samba PDC roaming profiles problem

David N davidn04 at gmail.com
Mon Aug 2 19:49:34 UTC 2010 

On 2 August 2010 21:32, Alex de Kruijff <alexk at specialisterren.nl> wrote:
> Hi,
>
> I've setup a LDAP backend Samba PDC. I can gain access to shares and
>
> login with a user that is in LDAP, but have a prblem setting up the
> roaming profile stuff. I've been trying to solve this problem for some
> time now, and have tried everything I could think of, but without much
> luck. I keep getting the following error messages:
>
> "Windows cannot locate the server copy of your roaming profile and is
> attempting to log you on with your local profile. Changes to the profile
> will not be copied to the server when you logoff. Plausible causes of
> this error include network problem or insufficient security rights. If
> this problem persists, contact your network administrators. DETAILS -
> The network path was not found."
>
> Followed by:
>
> "Windows cannot find the local profile and is logging on with a tempory
> profiles. Changes to this profile will be lost when you logoff."
>
> Here is my smb.conf:
>
>> [global]
>>     security = user
>>     name resolve order = wins lmhosts hosts bcast
>>     deadtime = 15
>>     map to guest = Never
>>     csc policy = disable
>>     hosts allow = 127. 192.168.
>>     server string =
>>     workgroup = Nieuwegein
>>     time server = yes
>>     wins support = yes
>>     domain master = yes
>>     domain logons = yes
>>    encrypt passwords = yes
>>     local master = yes
>>     logon drive = Z:
>>     logon path = \\%L\profiles\%U
>>     preferred master = yes
>>     os level = 255
>>     encrypt passwords = yes
>>     passdb backend = ldapsam:ldap://localhost/
>>     enable privileges = Yes
>>     pam password change = yes
>>     passwd program = /usr/local/sbin/smbldap-passwd %u
>>     passwd chat = *New*password* %n\n *Retype*new*password* %n\n
>
> *all*authentication*tokens*updated*
>>
>>     unix password sync = Yes
>>     ldap delete dn = Yes
>>     ldap ssl = Off
>>     ldap passwd sync = Yes
>>     ldap admin dn = cn=admin,dc=specialisterren,dc=nl
>>     ldap suffix = dc=specialisterren,dc=nl
>>     ldap group suffix = ou=Groups
>>     ldap idmap suffix = ou=Users
>>     ldap machine suffix = ou=Computers
>>     ldap user suffix = ou=Users
>>     idmap backend = ldap:ldap://localhost
>>     idmap uid = 10000-20000
>>     idmap gid = 10000-20000
>>     add user script = /usr/local/sbin/smbldap-useradd -a -m "%u"
>>     delete user script = /usr/local/sbin/smbldap-userdel "%u"
>>     add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
>>     delete group script = /usr/local/sbin/smbldap-groupdel "%g"
>>     add user to group script = /usr/local/sbin/smbldap-groupmod -m
>
> "%u" "%g"
>>
>>     delete user from group script = /usr/local/sbin/smbldap-groupmod
>
> -x "%u" "%g"
>>
>>    set primary group script = /usr/local/sbin/smbldap-usermod -g "%g"
>
> "%u"
>>
>>     add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
>>    template homedir = /home/%U
>>     template shell = /bin/csh
>>    getwd cache = yes
>>    socket options = SO_KEEPALIVE TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=819
>>    use sendfile = yes
>>    mangle prefix = 6 # How to mangle Long Filenames in to 8.3 DOS
>>    log level = 1
>>    log file = /var/log/samba/log.%m
>>    max log size = 50
>>     syslog = 0
>>
>>  [template]
>>  # edited out, has no path
>>
>>  [homes]
>>    comment = Home users
>>    inherit owner = yes
>>    dos filemode = yes
>>    writable = yes
>>    read list = @wheel @"Domain Admins"
>>    valid users = "%S"
>>     create mask = 0740
>>     directory mask = 0750
>>     aio read size = 16384
>>
>>  [netlogon]
>>     comment = Network Logon Service
>>     path = /disk/netlogon
>>     browseable = no
>>     read only = yes
>>     aio read size = 16384
>>
>>  [profiles]
>>     comment = Roaming Profiles Directory
>>     path = /disk/profiles
>>     administrative share = true
>>     browseable = no
>>    writable = yes
>>     create mask = 0600
>>     directory mask = 0700
>>     aio read size = 16384
>>     public = yes
>>     # The root preexec command performs:
>>    # mkdir -pm 750 /disk/profiles/%U-%a; chown %U /disk/profiles/%U-%a
>>     # I started off without this.
>>     root preexec = /root/sbin/profiles.sh %U %a
>>
>> # edited out other shares
>
> ldapsearch gives me:
>>
>>  # tester, Users, specialisterren.nl
>>  dn: uid=tester,ou=Users,dc=specialisterren,dc=nl
>>  objectClass: top
>>  objectClass: person
>>  objectClass: organizationalPerson
>>  objectClass: inetOrgPerson
>>  objectClass: posixAccount
>>  objectClass: shadowAccount
>>  objectClass: sambaSamAccount
>>  cn: tester
>>  sn: tester
>>  givenName: tester
>>  uid: tester
>>  uidNumber: 10005
>>  gidNumber: 513
>>  homeDirectory: /home/tester
>>  loginShell: /bin/sh
>>  gecos: Tes ter
>>  sambaLogonTime: 0
>
> (Edited out the other stuff)
>
> I can acces \\Server\profiles, \\Server\netlogon using my tester
> account. /etc/passwd contains no line with the user tester. And I can
> login under SSH with the tester account.
>
> ll -d /disk/{netlogon,profiles}gives me:
> drwxr-xr-x  2 root  wheel  512 Mar 16 11:09 /disk/netlogon/
> drwxrwxrwt  2 root  wheel  512 Aug  2 12:41 /disk/profiles/
>
> Alex
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>

Have you installed /usr/ports/net/smbldap-tools/, although you dont
need it, it helps when creating users.

Do you have
sambaProfilePath in your ldap?

Regards

More information about the freebsd-questions mailing list