Solved

How to configure Linux+Samba with roaming profile suport for windows clients

Posted on 2009-04-02
2
2,566 Views
Last Modified: 2013-12-16
Hi,
I Want to Know how to configure Linux+Samba with roaming profile suport for windows clients
0
Comment
Question by:alexinoa
2 Comments
 
LVL 4

Accepted Solution

by:
Multipath earned 500 total points
ID: 24055639
There is great data on this on the Samba website...  Some gottchas I have come accross with this is to make sure you set up the proper amount of disk sace for the share I would suggest 200mg per user or an automated clean up process for this.

http://wiki.samba.org/index.php/Samba_&_Windows_Profiles#Implementing_Roaming_Profiles_with_Samba

Implementing Roaming Profiles with Samba

To implement Roaming Profiles with Samba a few things must happen. First you must create a share to store these profiles, then you must set a few Samba directives to enable roaming profiles.

NOTE: You can theoretically store profiles within the users home directory, unfortunately Windows does not release a share immediately after logging out. So if you do store user's profiles within the home directories and another user logs into a machine immediately after another user logs out, the newly logged in user could invariably use the other users profile resulting in a possible security issue, as well as other issues. It is best to simply store all of the user profiles within a separate Samba share.
[edit]
Creating the Profile Share

To create a Samba share to use for your user's profiles simply add something similar to your share section of the smb.conf file:

    * [profiles]
    * comment = Network Profiles Share
    * path = /srv/samba/profiles
    * read only = No
    * store dos attributes = Yes
    * create mask = 0600
    * directory mask = 0700
    * browseable = no
    * guest ok = no
    * printable = no
    * hide files = /desktop.ini/outlook*.lnk/*Briefcase*/

Then ensure that everyone has write access to the directory listed as the path:

    * chmod o+rw /srv/samba/profiles

[edit]
Setting relevant directives for Roaming Profiles

The smb.conf settings required to use Roaming Profiles by default are:

    * logon path = \\%L\profiles\%U
    * logon home = \\%L\%U\.9xprofile
    * logon drive = P:

The logon home directive is only used if you have any Windows 9x based machines on your Domain, otherwise it does not need to be set. The logon drive specifies the Drive Letter Windows will assign your home directory, this alleviates the need to create a logon script that essentially would do the same thing.

The logon path directive is where you actually setup roaming profiles. This directive should contain a Windows Network path to the location of the profile for each user. If the user's profile directory does not exist, one will be created at that location (as long as the user has write access to that directory).

You can also take full advantage of Samba's Variable Substitutions and further separate User's profiles, such as by architecture. Using the directive:

    * logon path = \\%L\profiles\%U\%a

will separate the user's profiles relating to each version of Windows, such as WinXP, WinNT, etc. This is extremely helpful if you have users that jump from computer to computer that have different versions of Windows on them. This can solve a whole slew of problems relating to the registry on different versions of Windows, especially when running different version of Internet Explorer. Separating profiles in this way can be a very powerful feature, especially when you include Folder Redirection into the mix.


0
 

Expert Comment

by:Arslan306
ID: 25332121
how to configure windows xp client for using user profiles that made with samba server
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now