I have a Samba PDC (Ubuntu 12, OpenLDAP 2.4.28, Samba 3.6.3), and at two remote sites, I have some Samba BDCs.
For now I've manually entered the DCs as WINS servers on the workstations I'm using for testing. At the remote sites, I can log in with an account that has no logon path or logon home specified, and it works perfectly. But at the main site, when I try to log on to one of these accounts I get first get the "can't find the server copy of the roaming profile" and then "can't find the local profile logging you in with a temporary profile" errors. I can't figure this one out. I'm using the same account, and the samba setups are nearly identical - just one is a BDC and one a PDC. This is smb.conf on the PDC: [global] workgroup = SEAMANPAPER server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes passdb backend = ldapsam:ldap://localhost syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 smb ports = 137 138 139 445 name resolve order = wins bcast hosts load printers = No printcap name = /dev/null disable spoolss = Yes rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -W '%u' -t 1 logon path = logon home = domain logons = Yes os level = 65 domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=admin,dc=intranet,dc=seamanpaper,dc=com ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = yes ldap suffix = dc=intranet,dc=seamanpaper,dc=com ldap ssl = no ldap user suffix = ou=People panic action = /usr/share/samba/panic-action %d idmap config * : range = 1000000-1999999 idmap config * : backend = ldap printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j [profiles] comment = Windows Profiles path = /home/samba/profiles read only = No create mask = 0600 directory mask = 0700 store dos attributes = Yes browseable = No csc policy = disable [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes [homes] comment = Home Directories valid users = %S read only = No browseable = No and on the BDC: [global] workgroup = SEAMANPAPER server string = %h server (Samba, Ubuntu) map to guest = Bad User obey pam restrictions = Yes passdb backend = ldapsam:ldap://localhost syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 smb ports = 137 138 139 445 name resolve order = wins bcast hosts load printers = No printcap name = /dev/null disable spoolss = Yes rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -W '%u' -t 1 logon path = logon home = domain logons = Yes os level = 65 domain master = No dns proxy = No wins proxy = Yes wins server = 192.168.10.127 ldap admin dn = cn=admin,dc=intranet,dc=seamanpaper,dc=com ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = yes ldap suffix = dc=intranet,dc=seamanpaper,dc=com ldap ssl = no ldap user suffix = ou=People panic action = /usr/share/samba/panic-action %d idmap config * : range = 1000000-1999999 idmap config * : backend = ldap printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j [profiles] comment = Windows Profiles path = /home/samba/profiles read only = No create mask = 0600 directory mask = 0700 store dos attributes = Yes browseable = No csc policy = disable [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes [homes] comment = Home Directories valid users = %S read only = No browseable = No Also notice that my account (which has a roaming profile and works fine at all sites) has a "sambaProfilePath" attribute and the boris and rpoole accounts don't. This should make them no-roaming-profile accounts but it doesn't work consistently. It works at the two satellite sites but not at my main site. root@grackle:~# ldapsearch -W -D cn=admin,dc=intranet,dc=seamanpaper,dc=com -H ldap://grackle.intranet.seamanpaper.com -b dc=intranet,dc=seamanpaper,dc=com "(uid=*jeff*)" | grep Path Enter LDAP Password: sambaHomePath: \\wilkins1\home *sambaProfilePath: \\wilkins1\home\.winProfile* root@grackle:~# root@grackle:~# ldapsearch -W -D cn=admin,dc=intranet,dc=seamanpaper,dc=com -H ldap://grackle.intranet.seamanpaper.com -b dc=intranet,dc=seamanpaper,dc=com "(uid=*boris*)" | grep Path Enter LDAP Password: sambaHomePath: \\wilkins1\home root@grackle:~# ldapsearch -W -D cn=admin,dc=intranet,dc=seamanpaper,dc=com -H ldap://grackle.intranet.seamanpaper.com -b dc=intranet,dc=seamanpaper,dc=com "(uid=*rpoole*)" | grep Path Enter LDAP Password: sambaHomePath: \\wilkins1\home -- * Jeff Dickens* IT Manager 978-632-1513 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba