[Samba] Samba roaming profile with folder redirection

Yauheni Labko yyl at chappy.com
Mon Oct 19 14:12:30 MDT 2009 

The problem was resolved after rejoining the domain. It looks like the policy 
was not updated though I rebooted the machine and did gpupdate.
 
Yauheni Labko (Eugene Lobko)
Junior System Administrator
Chapdelaine & Co.
(212)208-9150

On Monday 19 October 2009 01:42:09 pm Yauheni Labko wrote:
> Hi,
> 
> I have a domain controller which was configured to use the local profiles.
>  We have a relatively small group whose work required it. Now we are moving
>  toward using the domain for all machine with roaming profile. There are a
>  lot of posts dealing with the roaming profiles and the folder redirection.
>  But I've met some issues.
> 
> My configuration:
> NS3 and SMB are hostnames of our servers.
> PDC is located on NS3  and file server containing profiles and home shares
>  on SMB.
> 
> This is NS3 configuration:
> # Global parameters
> [global]
>         workgroup = CHAPPY-MS
>         netbios name = DS01
>         server string = Chappy Samba LDAP PDC Server
>         interfaces = 192.168.40.8/255.255.255.0
>         passdb backend = ldapsam:ldap://ds01/
>         enable privileges = Yes
>         passwd program = /usr/sbin/smbldap-passwd -u "%u"
>         syslog = 0
>         log file = /var/log/samba/log.%m
>         max log size = 1000
>         printcap name = cups
>         add user script = /usr/sbin/smbldap-useradd -m "%u"
>         add group script = /usr/sbin/smbldap-groupadd -p "%g"
>         add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
>         delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
> "%g"
>         set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
>         add machine script = /usr/sbin/smbldap-useradd -w "%u"
>         logon path = \\smb\profiles\%U\%a
>         logon drive = H:
>         logon home = \\smb\homes
>         domain logons = Yes
>         os level = 65
>         preferred master = Yes
>         domain master = Yes
>         wins support = Yes
>         ldap admin dn = cn=admin,dc=chappy,dc=com
>         ldap delete dn = Yes
>         ldap group suffix = ou=groups
>         ldap idmap suffix = ou=idmap,dc=chappy,dc=com
>         ldap machine suffix = ou=computers
>         ldap passwd sync = Yes
>         ldap suffix = dc=chappy,dc=com
>         ldap user suffix = ou=people
>         panic action = /usr/share/samba/panic-action %d
>         idmap uid = 15000-20000
>         idmap gid = 15000-20000
>         printing = cups
>         print command =
>         lpq command = %p
>         lprm command =
> 
> [netlogon]
>         path = /var/lib/samba/netlogon
>         browseable = No
> 
> 
> This is SMB configuration:
> 
> [global]
>         workgroup = CHAPPY-MS
>         server string = file server
>         interfaces = 192.168.40.43
>         map to guest = Bad User
>         passdb backend = ldapsam:ldap://ds01
>         syslog = 0
>         log file = /var/log/samba/log.%m
>         max log size = 2048
>         keepalive = 0
>         socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
> SO_RCVBUF=8192 SO_SNDBUF=8192
>         hostname lookups = Yes
>         load printers = No
>         dns proxy = No
>         wins server = 192.168.40.8
>         kernel oplocks = No
>         ldap admin dn = cn=admin,dc=chappy,dc=com
>         ldap delete dn = Yes
>         ldap group suffix = ou=groups
>         ldap idmap suffix = ou=idmap,dc=chappy,dc=com
>         ldap machine suffix = ou=computers
>         ldap suffix = dc=chappy,dc=com
>         ldap ssl = no
>         ldap user suffix = ou=people
>         panic action = /usr/share/samba/panic-action %d
> 
> [homes]
>         comment = Home Share
>         path = /san/export/home/%S
>         valid users = %S
>         write list = %S
>         force create mode = 0600
>         force directory mode = 0700
>         hide special files = Yes
>         browseable = No
> 
> [profiles]
>         comment = Profiles Share
>         path = /san/export/samba/profiles
>         read only = No
>         force create mode = 0664
>         force directory mode = 0775
>         profile acls = Yes
>         hide files = /Application Data/Cookies/Local\
> Settings/NetHood/PrintHood/Recent/SendTo/NTUSER.DAT/
>         store dos attributes = Yes
>         browseable = No
>         csc policy = disable
> 
> 
> Netlogon on NS3 has a Default User configuration redirecting Desktop, My
> Documents, My Pictures, My Music, Personal to the appropriate directories
>  on %HOMEDRIVE%:
> Desktop - %HOMEDRIVE%\Desktop
> My Documents - %HOMEDRIVE%\My Documents
> My Pictures - %HOMEDRIVE%\My Documents\My Pictures
> etc..
> 
> The local group policy disables the offline files and the roaming profile
> synchronization for Desktop, My Documents and Application Data. These
>  settings were based on Samba by Examples, ch.5 and 6.
> 
> During the first log in  the user grabs the configured profile from
>  netlogon share and correctly setup all files. But when user logged off it
>  watched synchronizing window where it syncs the user home directory.
> At the same time the user can write/read home drive with no problems. The
> popup message "offline files - working offline" is rather annoying.
> 
> Could anybody give me an idea what is wrong? Or maybe I should use
> %LOGONPROFILE% variable instead of %HOMEDRIVE%?
> If the synchronization window is normal for such configuration is there any
> advantage of using the folder redirection with the roaming profile? Maybe
>  it is better to disable synchronization of some directories and train
>  users to keep their documents on home drive arguing that this is a safe
>  place?
> 
> Yauheni Labko (Eugene Lobko)
> Junior System Administrator
> Chapdelaine & Co
> (212)208-9150
>

More information about the samba mailing list