We have Samba 4 running on SLES 11 SP3 as our primary domain controller for a Windows NT-based domain of mostly Windows 7 Professional machines.
Corruption of our SLES server necessitated the rebuilding of our controller this weekend, which was thankfully easy. We reinstalled SLES 11 SP3 and then copied over the /etc/passwd, /etc/group, /etc/samba/*, and /var/lib/samba/netlogon/* directories and applied the appropriate permissions, and were able to get everything running.
Unfortunately, I'm now finding that users who log in after the rebuild receive one, sometimes two errors:
Error 1) "Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you log off. This error may be caused by network problems or insufficient security rights.
DETAIL - The network name cannot be found."
Error 2) "Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off."
In general, users who already have a profile on the machine receive Error 1, but users who log into a workstation for the first time receive Error 2.
We do not need to implement roaming profiles on our domain -- local profiles do just fine for us.
Below are the contents of our smb.conf file:
Any help would be appreciated!
netbios name = [redacted]
workgroup = [redacted]
map to guest = Bad User
passdb backend = smbpasswd
unix password sync = yes
add machine script = /usr/sbin/useradd -g ntadmin -c "NT Machine Account" -s /bin/false %u
domain logons = Yes
domain master = Yes
local master = Yes
os level = 64
preferred master = Yes
security = user
wins support = Yes
usershare max shares = 100
browseable = No
browsable = No
include = /etc/samba/dhcp.conf
usershare allow guests = No
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
encrypt passwords = Yes
smb passwd file = /etc/samba/smbpasswd
passwd program = /usr/bin/passwd %u
logon script = logon.bat
time server = Yes
name resolve order = wins bcast host lmhosts
recycle:keeptree = yes
recycle:repository = /shares/.recycle
recycle:versions = yes
vfs objects = recycle
ldap suffix =
##[profiles] - Intentionally commented out
## comment = Network Profiles Service
## path = %H
## read only = No
## create mask = 0600
## directory mask = 0700
## store dos attributes = Yes
comment = Network Logon Service
path = /var/lib/samba/netlogon
read only = yes
write list = root