# [Resolved] :: Roaming profile does not load/save....

## Ateo

I have my server set up as PDC. I am able to successfully logon to the domain and have my shares mapped. However, after all this work, it's finally come down to 2 issues.

Issue 1:

When logging in, I get 2 errors that deal with my profile:

```
ERROR 1 => Windows cannot create profile directory \\shadow\profiles\dracco.pds.  You will be logged on with a local profile only. Changes to the profile will not be propagated to the server. Contact your network administrator. 

ERROR 2 => Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
```

Issue 2:

I have no write permissions to my user share (/home/username).

To be quite honest, I'm completely lost on the subject of profiles. While I think I understand the concept, I know I'm way off.

I created a temp user, logged in as that user locally (as to create a generic profile) and moved that over to my netlogon directory and renamed the profile 'Default User'. Also, there are no directories other than Administrator and All Users in documents and settings. When I logon as my normal user, it creates a TEMP directory.

Any help would be appreciated.

Snipplets of my smb.conf

```
[global]

        ##

        ## Domain Control Options

        ##

        domain logons = yes

        logon script = login.bat

        logon path = \\%L\profiles\%U  ==> I've also tried \\%N\profiles\%U

        logon drive = H:

        logon home = \\shadow\%U

[profile]

        path = /var/lib/samba/profiles

        nt acl support = no

        csc policy = disable

        profile acls = yes

        browseable = yes

        create mode = 0700

        directory mode = 0700

        read only = no

        default case = lower

        preserve case = no

        short preserve case = no

        case sensitive = no

        hide files = /desktop.ini/ntuser.ini/NTUSER.*/

[homes]

        path = /home/%U

        browseable = no

        valid users = %S

        writable = yes

        guest ok = no

        inherit permissions = yes
```

Last edited by Ateo on Fri Dec 24, 2004 2:32 am; edited 3 times in total

----------

## Spooky Ghost

I assume that you didn't include [netlogon] in your snippets of your conf but it does exist?  You have to make sure that the directory \\%L\profiles\%U exists and is writeable by the user.  Windows will not create the root directory of the profile.  Also, your [profiles] section is missing the s so the UNC paths are invalidated.

----------

## Ateo

Thanks. I changed [profile] to [profiles] and yes, to your original question. However, none of that matter anymore as I can't even logon to the PDC. With as complex as samba seems to be (config wise it seems quite easy), I'd be  amazed if anyone is using it as a production PDC but I'm determined to make it my PDC.

I'm currently only dealing with a single Win2k box. I'll deal with the others afterwards. The computer is part of the domain (parameter WORKGROUP in smb.conf) added by the local computer Admin. The error received is when I try to login as my user is: *Quote:*   

> The system cannot log you on to this domain because this system's computer account in its primary domain is missing or the password on that account is incorrect.

 

I was able to login last night but added some extra parameters which then broke samba. I removed the parameters but it doesn't seem to care (for lack of better words). I know the account exists. I ran the 'smbpasswd -a my_user' command as well as the 'smbpasswd -a -m my_computer$' command. They also exist in the file /etc/samba/private/smbpasswd. How can I verify the password?

Here's my complete smb.conf

```
[global]

  ##

  ## Server Naming Options

  ##

  netbios name = shadow

  workgroup = XDRACCO

  server string = xDracco PDC [on Gentoo :: Samba server %v]

  ##

  ## Security and Domain Membership Options

  ##

  hosts allow = 192.168.4.0/24 127.0.0.0/8

  security = user

  encrypt passwords = yes

  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

  interfaces = lo eth0

  bind interfaces only = yes

  local master = yes

  os level = 65

  domain master = yes

  preferred master = yes

  null passwords = no

  ##

  ## Domain Control Options

  ##

  domain logons = yes

  logon script = login.bat

  logon path = \\%L\profiles\%U

  logon drive = H:

  logon home = \\%L\%U\.9xprofile

  ##

  ## Name Resolution Options

  ##

  wins support = yes

  name resolve order = wins lmhosts hosts bcast

  dns proxy = no

  ##

  ## Misc Options

  ##

  time server = yes

  log file = /var/log/samba3/log.%m

  max log size = 50

  smb passwd file = /etc/samba/private/smbpasswd

  add user script = /usr/sbin/useradd -m %u

  delete user script = /usr/sbin/userdel =r %u

  add group script = /usr/sbin/groupadd %g

  delete group script = /usr/sbin/groupdel %g

  add user to group script = /usr/sbin/usermod -G %g %u

  add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u

  unix charset = ISO8859-1

  ;;    net groupmap modify ntgroup="Domain Admins"  unixgroup=root

  ;;    net groupmap modify ntgroup="Domain Users"   unixgroup=smbusers

  ;;    net groupmap modify ntgroup="Domain Guests"  unixgroup=nobody

[netlogon]

  path = /var/lib/samba/netlogon

  public = no

  writeable = no

  browseable = no

[profiles]

  path = /var/lib/samba/profiles

  nt acl support = no

  csc policy = disable

  profile acls = yes

  browseable = yes

  create mode = 0700

  ;directory mode = 0700

  read only = no

  default case = lower

  preserve case = no

  short preserve case = no

  case sensitive = no

  hide files = /desktop.ini/ntuser.ini/NTUSER.*/

  write list = @smbusers @root

[homes]

  path = /home/%U

  browseable = no

  valid users = %S

  writable = yes

  guest ok = no

  inherit permissions = yes

[public]

  comment = Public Stuff

  path = /public

  public = yes

  writeable = no

  browseable = yes

  write list = @root @smbusers

[audio]

  comment = Audio repository

  path = /multimedia/audio

  public = yes

  writeable = yes

  browseable = yes

  write list = @root @smbusers

[video]

  comment = Video respository

  path = /multimedia/video

  public = yes

  writeable = yes

  browseable = yes

  write list = @root @smbusers
```

----------

## Ateo

Ok. So for whatever reason, I had to remove my trusted computer from the domain, reboot, add it again, reboot. I'm able to log in again however, Win2k still can't load my profile.

I'm also seeing something weird in the samba log saying that my user group doesn't exist. What's up with that crack talk? It's there..

A couple of things I'm trying to figure out is why samba can't create log.mrwhite (my trusted computer) and why primary gid of user [dracco] is not a Domain group. There are no parameters in smb.conf.

Here's my log:

```

[2004/12/23 14:48:40, 0] lib/debug.c:reopen_logs(589)

  Unable to open new log file /var/log/samba3/log.mrwhite: No such file or directory

[2004/12/23 14:48:51, 1] smbd/service.c:close_cnum(836)

  mrwhite (192.168.4.101) closed connection to service video

[2004/12/23 14:48:55, 0] lib/debug.c:reopen_logs(589)

  Unable to open new log file /var/log/samba3/log.mrwhite: No such file or directory

[2004/12/23 14:48:55, 0] lib/debug.c:reopen_logs(589)

  Unable to open new log file /var/log/samba3/log.mrwhite: No such file or directory

[2004/12/23 14:48:55, 0] lib/debug.c:reopen_logs(589)

  Unable to open new log file /var/log/samba3/log.mrwhite: No such file or directory

[2004/12/23 14:48:55, 0] lib/debug.c:reopen_logs(589)

  Unable to open new log file /var/log/samba3/log.mrwhite: No such file or directory

[2004/12/23 14:48:56, 0] lib/debug.c:reopen_logs(589)

  Unable to open new log file /var/log/samba3/log.mrwhite: No such file or directory

[2004/12/23 14:48:56, 0] lib/debug.c:reopen_logs(589)

  Unable to open new log file /var/log/samba3/log.mrwhite: No such file or directory

[2004/12/23 14:48:56, 1] smbd/service.c:make_connection_snum(648)

  mrwhite (192.168.4.101) connect to service profiles initially as user dracco (uid=1000, gid=100) (pid 3665)

[2004/12/23 14:48:57, 1] smbd/service.c:make_connection_snum(648)

  mrwhite (192.168.4.101) connect to service netlogon initially as user dracco (uid=1000, gid=100) (pid 3665)

[2004/12/23 14:48:58, 1] smbd/service.c:make_connection_snum(648)

  mrwhite (192.168.4.101) connect to service dracco initially as user dracco (uid=1000, gid=100) (pid 3665)

[2004/12/23 14:48:58, 1] smbd/service.c:make_connection_snum(648)

  mrwhite (192.168.4.101) connect to service dracco initially as user dracco (uid=1000, gid=100) (pid 3665)

[2004/12/23 14:48:59, 1] rpc_server/srv_util.c:get_domain_user_groups(298)

  get_domain_user_groups: primary gid of user [dracco] is not a Domain group !

  get_domain_user_groups: You should fix it, NT doesn't like that

[2004/12/23 14:48:59, 0] rpc_server/srv_util.c:get_alias_user_groups(206)

  get_alias_user_groups: gid of user dracco doesn't exist. Check your /etc/passwd and /etc/group files

[2004/12/23 14:48:59, 1] smbd/service.c:make_connection_snum(648)

  mrwhite (192.168.4.101) connect to service public initially as user dracco (uid=1000, gid=100) (pid 3665)

[2004/12/23 14:49:01, 1] smbd/service.c:make_connection_snum(648)

  mrwhite (192.168.4.101) connect to service audio initially as user dracco (uid=1000, gid=100) (pid 3665)

[2004/12/23 14:49:01, 1] smbd/service.c:make_connection_snum(648)

  mrwhite (192.168.4.101) connect to service video initially as user dracco (uid=1000, gid=100) (pid 3665)

[2004/12/23 14:49:02, 1] smbd/service.c:make_connection_snum(648)

  mrwhite (192.168.4.101) connect to service public initially as user dracco (uid=1000, gid=100) (pid 3665)

[2004/12/23 14:49:02, 1] smbd/service.c:make_connection_snum(648)

  mrwhite (192.168.4.101) connect to service audio initially as user dracco (uid=1000, gid=100) (pid 3665)

[2004/12/23 14:49:02, 1] smbd/service.c:close_cnum(836)

  mrwhite (192.168.4.101) closed connection to service audio

[2004/12/23 14:49:02, 1] smbd/service.c:make_connection_snum(648)

  mrwhite (192.168.4.101) connect to service video initially as user dracco (uid=1000, gid=100) (pid 3665)

[2004/12/23 14:49:02, 1] smbd/service.c:close_cnum(836)

  mrwhite (192.168.4.101) closed connection to service video

[2004/12/23 14:49:06, 1] smbd/service.c:close_cnum(836)

  mrwhite (192.168.4.101) closed connection to service netlogon

```

----------

## Ateo

So I figured it out. Apparently, the parameters under the scope [profiles] was too aggressive. I probably had some options listed not even available for/compiled into samba, I really don't know. But this is what did it for me.

I changed

```
[profiles]

  path = /var/lib/samba/profiles

  nt acl support = no

  csc policy = disable

  profile acls = yes

  browseable = yes

  create mode = 0700

  ;directory mode = 0700

  read only = no

  default case = lower

  preserve case = no

  short preserve case = no

  case sensitive = no

  hide files = /desktop.ini/ntuser.ini/NTUSER.*/

  write list = @smbusers @root 
```

TO

```
[profiles]

  path = /var/lib/samba/profiles

  browseable = no

  writeable = yes

  default case = lower

  preserve case = no

  short preserve case = no

  case sensitive = no

  hide files = /desktop.ini/ntuser.ini/NTUSER.*/

  write list = @smbusers @root

  create mode = 0600

  directory mode = 0700

```

Also, these are the permissions set to my profiles share

```
shadow samba # ls -l /var/lib/samba

total 0

drwxr-xr-x  3 root root 136 Dec 23 14:44 netlogon

drwxr-xr-x  7 root root 168 Dec 14 17:10 printers

drwx------  2 root root 136 Dec 23 10:26 private

drwxr-xr-x  3 root root  96 Dec 23 15:42 profiles

shadow profiles # ls -l /var/lib/samba/profiles

total 0

drwxrwx---  13 dracco users 456 Dec 23 17:31 dracco

```

Hopefully this will help someone out as setting up samba as PDC with roaming profiles does really work.   :Embarassed: 

----------

## dwalexuk

is any reason to keep users profiles in separate folder? our win 2000 doen's have profiles share and also if you comment logon path then profiles will be stored in users home folder.

----------

