Windows cannot locate the server copy of your roaming profile

Hi,

I'm exerimenting with samba+ldap pdc and I have "Windows cannot locate
the server copy of your roaming profile" on logon,

here is smb.conf:

[global]
 unix charset = LOCALE
 workgroup = CPE
 netbios name = CPE-PDC
 server string = Samba Domain Controller
 enable privileges = yes
 interfaces = eth1,lo
 bind interfaces only = Yes
 passdb backend = ldapsam:ldap://192.168.10.124
# username map = /etc/samba/smbusers
 hide unreadable = yes
 hide dot files = yes
 log level = 1
 syslog = 0
 log file = /var/log/samba/%m
 max log size = 50
 smb ports = 137 138 139 445
 name resolve order = wins bcast hosts
 time server = Yes
 printcap name = CUPS
# map to guest = Never
# guest account = nobody
 wins support = Yes
 ldap suffix = dc=cpe,dc=it
 ldap machine suffix = ou=Computers
 ldap user suffix = ou=People
 ldap group suffix = ou=Groups
 ldap idmap suffix = ou=Idmap
 ldap admin dn = cn=admin,dc=cpe,dc=it
 idmap backend = ldap:ldap://192.168.10.124
 idmap uid = 10000-20000
 idmap gid = 10000-20000
 map acl inherit = Yes
 printing = cups
 #printer admin = Administrator
 veto files = /*.eml/*.nws/*.{*}/
 veto oplock files = /*.doc/*.xls/*.mdb/
 encrypt passwords = Yes
 obey pam restrictions = No
 ldap passwd sync = Yes
 mangling method = hash2

 logon script = scripts\logon.bat
 logon path = \\%L\profiles\%U
 logon drive = H:
 logon home = \\%L\%U

 domain logons = Yes
 os level = 65
 preferred master = Yes
 domain master = Yes
 add user script = /usr/sbin/smbldap-useradd -m "%u"
 ldap delete dn = Yes
 add machine script = /usr/sbin/smbldap-useradd -w "%u"
 add group script = /usr/sbin/smbldap-groupadd -p "%g"
 add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
 delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
 set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
 delete user script = /usr/sbin/smbldap-userdel “%u”
 delete group script = /usr/sbin/smbldap-groupdel “%g”

[netlogon]
        comment = Network Logon Service
    path = /home/samba/netlogon/
        browseable = No
        read only = yes
        writable = No
        locking = No
        share modes= No

[profiles]
        path = /home/samba/profiles
        read only = No
        create mask = 0600
        directory mask = 0700
        browseable = No
#        guest ok = No
        profile acls = yes
        csc policy = disable
        nt acl support = Yes
        valid users = %U
        admin users = @"Domain Admins"
        hide files = /desktop.ini/outlook*.lnk/*Briefcase*/
        root preexec = PROFILE=/home/samba/profiles/%u; if [ ! -e $PROFILE ];
then mkdir -pm700 $PROFILE; chown %u:%g $PROFILE;fi

[homes]
 comment = Home Directories
 valid users = %S
 read only = No
 browseable = No
 writable = yes


any hints?

regards
Nicola

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

On Sun, 29 Jun 2008, Mailing List SVR wrote:

> I'm exerimenting with samba+ldap pdc and I have "Windows cannot locate
> the server copy of your roaming profile" on logon,

What does sambaProfilePath look like in the LDAP entry? Can the Windows
machine resolve the address of the server?

-steve
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Il giorno dom, 29/06/2008 alle 11.48 -0400, Steve Thompson ha scritto:

> On Sun, 29 Jun 2008, Mailing List SVR wrote:
>
> > I'm exerimenting with samba+ldap pdc and I have "Windows cannot locate
> > the server copy of your roaming profile" on logon,
>
> What does sambaProfilePath look like in the LDAP entry? Can the Windows
> machine resolve the address of the server?
>
> -steve


each user has the right profile path in ldap:  

# test, Users, cpe.it
dn: uid=test,ou=Users,dc=cpe,dc=it
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: test
sn: test
givenName: test
uid: test
uidNumber: 1555
gidNumber: 513
homeDirectory: /home/test
loginShell: /bin/false
gecos: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: test
sambaSID: S-1-5-21-2468945884-3209077212-4101011376-4110
sambaPrimaryGroupSID: S-1-5-21-2468945884-3209077212-4101011376-513
sambaLogonScript: scripts\logon.bat
sambaProfilePath: \\%L\profiles\test
sambaHomePath: \\%L\test
sambaHomeDrive: H:
sambaLMPassword: 01FC5A6BE7BC6929AAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: 0CB6948805F797BF2A82807973B89537
sambaPwdLastSet: 1214745736
sambaPwdMustChange: 1218633736
shadowMax: 45

after the first unsuccesfull login I created the
diretory /home/samba/profiles/test and give it the right permissions but
nothing changes,

from windows xp I can ping cpe-pdc, so the name resolution seems ok

thanks for your help,

Nicola
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

On Sun, 29 Jun 2008, Mailing List SVR wrote:

> each user has the right profile path in ldap:
> # test, Users, cpe.it
> dn: uid=test,ou=Users,dc=cpe,dc=it
> [...]

In the smb.conf file that you posted, you had:

  ldap user suffix = ou=People

but the DN is:

  uid=test,ou=Users,dc=cpe,dc=it

which is a different ou. I would venture that the H: drive doesn't mount
either when you log in.

Steve
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Il giorno dom, 29/06/2008 alle 12.34 -0400, Steve Thompson ha scritto:
additionaly this is my ldap config

grep -vE '(^[[:space:]]*($|(#|!|;|//)))' /etc/ldap/slapd.conf
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
include         /etc/ldap/schema/misc.schema
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
loglevel        none
modulepath /usr/lib/ldap
moduleload back_hdb
sizelimit 500
tool-threads 1
backend hdb
database        hdb
suffix          "dc=cpe,dc=it"
rootdn          "cn=admin,dc=cpe,dc=it"
rootpw {SSHA}FEtTcnfGmIfrwQBiCZayXEHnQT0ysQIK
directory       "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index           objectClass eq
index cn                    pres,sub,eq
index sn                    pres,sub,eq
index uid                   pres,sub,eq
index displayName           pres,sub,eq
index uidNumber             eq
index gidNumber             eq
index memberUID             eq
index sambaSID              eq
index sambaPrimaryGroupSID  eq
index sambaDomainName       eq
index default               sub
lastmod         on
checkpoint      512 30
access to attrs=userPassword,shadowLastChange
        by dn.regex="cn=admin,dc=cpe,dc=it" write
        by anonymous auth
        by self write
        by * none
access to dn.base="" by * read
access to *
        by dn="cn=admin,dc=cpe,dc=it" write
        by * read
access to attrs=sambaNTPassword,sambaLMPassword
        by dn.regex="cn=admin,dc=cpe,dc=it" write
        by * none

thanks
Nicola

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Il giorno dom, 29/06/2008 alle 18.48 +0200, Mailing List SVR ha scritto:
from windows client

net use h: /home give network path not found error,

ldap authentication seems works fine, if I change the shell to /bin/bash
I'm able to login with ldap users on pdc,

thanks
Nicola

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Il giorno dom, 29/06/2008 alle 12.50 -0400, Steve Thompson ha scritto:
> On Sun, 29 Jun 2008, Mailing List SVR wrote:
>
> > Yes Steve, I changed that but still the same issue,
>
> I would suggest trying to map \\cpe-pdc\test by hand once you get logged
> in, and then,

manual mapping works fine ...

>  when it fails, look at the client logfile in /var/log/samba
> to see why it failed. Also see if the Windows firewall settings on the
> client allow file and printer sharing, and that the Windows machine entry
> in LDAP is correct (that is, it is a domain member).
>
> Steve

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Il giorno dom, 29/06/2008 alle 18.53 +0200, Mailing List SVR ha scritto:
account machine is corretly created

# vmware$, Computers, cpe.it
dn: uid=vmware$,ou=Computers,dc=cpe,dc=it
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: sambaSamAccount
cn: vmware$
uid: vmware$
uidNumber: 1553
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
sambaSID: S-1-5-21-2468945884-3209077212-4101011376-1001
displayName: VMWARE$
sambaAcctFlags: [W          ]
sambaNTPassword: D35B3FD096A1D4CF9D721DD3EE8A035F


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Hi all,

an update about this issue:

on centos 5.2 the same configuration works just fine,

seems something specific to ubuntu 8.04,

regards
Nicola

Il giorno dom, 29/06/2008 alle 18.56 +0200, Mailing List SVR ha scritto:
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba