samba-users August 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: Re: [Samba] Windows Vista keeps on deleting cached

Re: [Samba] Windows Vista keeps on deleting cached roaming profile

From: erik bergsma <ebergsma1_at_nospam>
Date: Fri Aug 27 2010 - 13:16:20 GMT
To: "Cain, Marc" <>

Well i turned out to be my LDAP server after all,

after another week (that is almost 2 weeks in total) i've found that if a
user is in a secondary LDAP group with a GID of 514, Windows vista will
delete the cached roaming profile :-S No ADS on the same subnet, no policys,
no registry hacks, none of that.

Don't ask me what signals are sent from samba 3.5.2. to trigger this action,
or what parts of the source of Samba are responsible for this, but i am just
glad that i found the error, and am able to fix it now.

oh i've set up the same group settings/GID into another non-ldap Samba 3.5.2
domain, and from there out Windows doesn't remove the profiles, so it seems
to be a LDAP related problem.

thnx for your help all!

2010/8/24 Cain, Marc <>

> Hmm.
> The Windows server that would most likely be the culprit is the AD server
> and the conditions for that would most likely have to be that the local
> computer is finding a computer account on the AD server at boot time (that's
> when Computer GPO settings are applied), before logon, and the AD server
> would have to have a GPO on it that explicitly enables the "delete cached
> copies of roaming profiles" settings.
> Since the AD server is there and since it is probably the only place such a
> GPO would exist it's where I'd look. But not knowing how your systems are
> setup I'm at a loss to explain this or how it the local machine might be
> doing such a thing. All I know is that the local GPO can only be overridden
> in the by another GPO.
> On Aug 24, 2010, at 5:13 AM, erik bergsma wrote:
> Hi Marc,
> .pol files are in the <vista age, and no longer relevant (that costed me a
> week to figure out btw, completely other story), and i dont even have those
> anywhere on my server.
> i am having a hard time imagining how my samba 3.5 setup is able to
> push/override/send the gpo though.... samba 3.5 itself doesnt have GPO
> support (that is in samba 4), my login.bat have only some mapping inside
> them (net use x //server/%username% etc) and also i am not using AD/kerberos
> in any way in my setup... got any pointers on how my server is able to
> deliver those GPO's?
> i got a windows server 2003 and a windows ADS server 2008 in the same
> subnet, but that cant make a difference right?
> Erik
> 2010/8/23 Cain, Marc <>
>> Hi Erik,
>> This is most likely not a an LDAP backend problem since Windows Group
>> Policy determines the behavior of how roaming user profiles are treated.
>> Cached copies of roaming profiles are left in the user folder on the local
>> drive by default unless a Group Policy setting is made:
>> Computer\Administrative Templates\System\User Profiles\Delete cached
>> copies of roaming profiles.
>> This Group Policy can be overridden in one of two ways: either by copying
>> another group policy over the local group policy via logon script at logon
>> or through setting a Group Policy on the server: typically active directory
>> servers -- though there were methods of doing this on samba by creating a
>> default .pol file I've no experience with this and can't speak to it. The
>> server policy will take precedence over the local Group Policy settings.
>> Since you're seeing two different behaviors on two different servers it
>> seems to me that one of the servers is somehow delivering a second set of
>> GPOs to the workstation. At least this is, from what I know, the only way
>> it can happen.
>> Marc Cain
>> On Aug 23, 2010, at 5:07 AM, erik bergsma wrote:
>> > @ Dave: thnx for your pointers but i already tried those (See my first
>> post)
>> > with no luck...
>> >
>> > @ All: the problem becomes weirder and weirder:
>> > i have set up a new PDC with the same samba version, (only difference is
>> > that its not clustered, and doesn't have the LDAP back end), and when i
>> > create a profile on that domain, the user profile will stay cached on
>> > c:\users\
>> >
>> > however when i join the same machine to the domain that is having the
>> > problems, and create a new profile as well for a new user, the cached
>> user
>> > profile gets deleted again from c:\users\
>> >
>> > so to conclude that; the problem is either my CTDB or my LDAP back end,
>> > which make no sense what so ever :(
>> >
>> > 2010/8/19 David Mathog <>
>> >
>> >> On second thought, the previous method was for older WIndows. Use
>> >> the group policy editor and look at:
>> >>
>> >> Computer Configuration -> Administrative Templates -> System ->
>> >> User Proiles -> Delete user profiles ...
>> >>
>> >> If that is enabled, then the user profiles would disappear in the
>> specified
>> >> number of days.
>> >>
>> >> Regards,
>> >>
>> >> David Mathog
>> >>
>> >>
>> >>
>> > --
>> > To unsubscribe from this list go to the following URL and read the
>> > instructions:
-- To unsubscribe from this list go to the following URL and read the instructions: