From: Richard Herrmann on
After upgrade from 3.0.x to 3.4.3 (on new hardware) profiles only apply when
the domain users are Members of the local WinXP admin group!? The Account
behaves like a guest account - Modifications can not be saved (e.g. the left
side of the XP/SP3 task menu remains empty, Control Panel can not be changed
to classic view, .).

No problems at all with profiles created unter samba version 3.4.3.

I extended smb.conf by "profile acl = yes" and "passdb backend = smbpasswd"
(tdbsam did'nt change the behaviour) :


server string = BDC

log level = 1 passdb:5 auth:5 winbind:2

workgroup = xyz

printing = cups

printcap name = cups

printcap cache time = 750

cups options = raw

printer admin = @ntadmin, root, administrator

username map = /etc/samba/smbusers

map to guest = Bad User

# include = /etc/samba/dhcp.conf

logon path = \\%L\profiles\.msprofile

logon drive = Z:

security = user

encrypt passwords = yes

netbios name = svtest

smb passwd file = /etc/samba/smbpasswd

smb ports = 139

passdb backend = smbpasswd

passwd program = /usr/bin/passwd %u

passwd chat = "New password:" %n "Re-enter new password:" %n
"*Password changed*"

passwd chat debug = Yes

add user script = /usr/sbin/useradd -m %u

delete user script = /usr/sbin/userdel -r %u

add group script = /usr/sbin/groupadd %g

delete group script = /usr/sbin/groupdel %g

add user to group script = /usr/sbin/usermod -G %g %u

add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody
-s /bin/false %m$

logon script = %u.bat

domain master = yes

domain logons = yes

local master = yes

wins support = yes

preferred master = yes

os level = 65

hide dot files = yes

time server = yes

max log size = 1000

oplocks = yes

fake oplocks = no

read raw = yes

write raw = yes

socket options = TCP_NODELAY

getwd cache = yes

usershare allow guests = No


comment = Home Directories

valid users = %S

browseable = no

read only = No

inherit acls = Yes

guest ok = no

printable = no


comment = Network Profiles Service

path = %H

read only = No

store dos attributes = Yes

create mask = 0660

directory mask = 0770

browseable = no

guest ok = no

printable = no

profile acls = Yes


comment = All users

path = /data/home

read only = No

inherit acls = Yes

veto files = /aquota.user/groups/shares/

browseable = no

guest ok = no

printable = no


comment = Network Logon Service

path = /data/netlogon

read only = Yes

browseable = no

write list = @admin

csc policy = disable

Did I miss something to make the server configuration compatibel with
version 3.4 or do I have to modify the content / ACLs of all existing


Any help would be appreciated.

Richard Herrmann

To unsubscribe from this list go to the following URL and read the