Samba 3.4.0 denies access to Roaming Profiles for XP Clients

Bug 397699 was reported fixed by its original poster after application of posix_acls.c.patch, which is present in 3.4.0 (karmic). You might be encountering a slightly different issue, which shows the same symptoms...

Hmm, I see that you created and someone tested a modified 3.3.2 PPA version, followed by the comment "Marking this fixed in development release (as 3.4.x contains the fix), and nominating for a Jaunty SRU."

but didn't see any actual evidence that the patch made it into 3.4.x. My assumption was that it's fixed in 3.4.x where x >= 1.

In any case, I'm still having the problem, as described above, and couldn't find any mod to either the profile folders or smb.conf which worked.

Let me know if I need to provide more information in order to confirm this bug. Since I'm trying to upgrade production servers and am already behind schedule, my plan was to go ahead and upgrade to Lucid (which has samba 3.4.5) in order to solve the problem. People stuck running Karmic who need roaming profiles for XP clients will be left sad little campers.

Were you able to confirm that 3.4.5 is working correctly ?

"Were you able to confirm that 3.4.5 is working correctly ?"

Not yet; I will try and re-install with Lucid tomorrow and should have an answer by Monday.

@Chuck: some indication of what additional information you want (smb.conf? log files? output from ubuntu-bug?) would be helpful.

I've attached the last iteration of my smb.conf file before I gave up and decided this must be a bug.

This is the similar current (original) smb.conf file which is still working with 3.0.2

The big difference as far as this issue is concerned is this change in the [profile] section:

< force create mode = 0777
< force directory mode = 0777
---
> create mode = 0600
> directory mode = 0700

Also attached output from ubuntu-bug.

OK, Samba 3.4.5, as shipped with Lucid (2:3.4.5~dfsg-2ubuntu1) solves the roaming profile problem, more or less. Windows is very picky about the precise permissions of the profile folder. The permissions on the profile folders were drwx-wx---. This worked fine for fully patched Windows XP SP3 clients and Samba 3.0.2, but no longer works with Samba 3.4.x and the same clients, giving the "windows can't load roaming profile" error messages described previously. Changing the permissions on the profile folder to drwx------ solves the problem. Note that this is NOT the same problem encountered with Samba 3.4.0. For this version, the on shipping with Karmic AMD64 Server, one can create a new profile from scratch and it will give the "window's can't load roaming profile" error message the next time the user tries to log in. I've attached the latest smb.conf file, which is not much different from the original (also attached).

Many thanks Patrick for investigating that through. I'm closing the main bug task since it's working with Lucid's samba version. I'm nominating this fix for Karmic, we'll try to track down the patch that fixed it in 3.4.0->3.4.5 changelogs.

Nothing obvious related to roaming profiles, so it must be something else that fixed it.

I don't know if it's worth backporting 3.4.5 to Karmic. In researching this problem and talking to a number of windows sys admins it seems that most samba server users have just given up on roaming profiles because they can't get them to work. It doesn't help that the XP Group Policy settings (managed using gpedit.msc) don't seem to work as advertised, at least not by my testing. Add to that the agony of ironing out a problem when local profile caching is turned on (i.e. the 3-reboot minimum).

Unfortunately, in an office with XP clients where people move around there's not much alternative. Well, save for re-installing all the desktops with linux and running Windows apps using Virtualbox. <:)

Karmic has long since stopped to receive any updates. Marking the Karmic task for this ticket as "Won't Fix".