Issue

Roaming Profiles are not working.
If you have problems with your roaming profiles, you can check or try the following steps:

Option 1.

Windows is updated with all patchlevels

Option 2.

You can apply the group policy “Always wait for the network at computer startup and logon”

Option 3.

If you use a netapp, there might be a solution to apply the GPO “Do not check for user ownership of roaming profiles”

Option 4.

You do have access on the profileshare with a new user but with a new user logged in at a windows 10 client, the profiledirectory ist created with <username.V6> but you get the error message when you log off: “There is a problem with the roaming profile service. It is no longer being saved.”

Option 5

The wbinfo check is very important, and should work:

wbinfo -a <Benutzername>%<password> oder wbinfo -a WINDOWSDOMAIN+<Benutzername>
wbinfo -u |grep -i <Benutzername>
wbinfo -n <Benutzername>
wbinfo -S <result of wbinfo -n >
wbinfo -U <result of  wbinfo -S>
wbinfo -s <result of wbinfo -U >

If you receive error messages as result from the checks, you should look in the winbindd-idmap logfile

Option 6.

Userfull information and commands to check:

:~# id <username> 
:~# univention-ldapsearch -LLLo ldif-wrap=no uid=<username> sambasid
:~# net getdomainsid
:~# getfacl <path to Share/Profilverzeichnis>
:~# samba-tool ntacl get <path to share/Profilverzeichnis> --as-sddl

Check the access via commandline:

:~# kinit <username> 
:~# smbcacls -k  //$(hostname -f)/<Sharename> / -U <Benutzername>
:~# smbclient -k  //$(hostname -f)/<Sharename>  -U <Benutzername>

Option 7.

You get a temporary profile:
This may be the case, if you are still logged in, when you reboot you windows maschine. Then the ntuser.dat is still locked, when the windows ist starting up, and if the user logges in windows cannot access the ntuser.dat from the user and he gets a temporary profile.

You can check if the ntuser.dat is still locked:

smbstatus -L
or 
smbstatus -L |grep -i ntuser.dat

and remove the lock