Home directories using UNIX/SMB

Luke Kenneth Casson Leighton lkcl at switchboard.net
Mon Nov 17 16:39:16 GMT 1997 

On Mon, 17 Nov 1997, Gerald W. Carter wrote:

> Luke Kenneth Casson Leighton wrote:
> > 
> > > You will have to specify \\sambaserver\homes in the NT user profile as
> > > the home directory.
> > 
> > ah, this is the right approach, but will throw up a slight difficulty.
> > 
> > when a user logs in, no connection is established under the user's
> > account, because the user has not been verified.  a connection is made
> > under the _machine_ account: a "Workstation Trust Account", i believe it
> > is called.
> 
> I'm not sure I follow you.  I know that using NISgina for validation I
> can specify a non encrypted samba server as the [homes] server and it
> passes the username and passwd through ( I am assuming this.  I haven't
> done a packet dump, but it does not prompt for a password if it is the
> home directory of the user ).

interesting.  i don't know where GINAs fit in, exactly (including microsoft's
own one).

the only difference i can think of is that NISgina calls LSALogonUser() 
_not_ the undocumented LSALogonUserEx() function.

 
> I know of others that have got roaming profiles to work this I am fairly
> sure.  Just that the samba server must have 'encrypt password = yes'
> set.

if you have "encrypt passwords = yes", then you are using lm and nt owf 16
byte hashes in /usr/local/samba/private/smbpasswd and not clear-text 
passwords.


 
> > unfortunately, once this connection is made, it is maintained
> > continuously until the machine is switched off.  no users are involved,
> > therefore the [homes] %U substitution doesn't work.
> 
> Now I am lost.  Are we talking about raoming profiles or just mounting
> specifying the user's home directory which is stored on a samba server?

specifically roaming profiles, because even before the user is "logged on" to
the local machine (by logged on, i mean
"running-the-program-on-NT-that-runs-all-the-other-GUI-related-programs-like-EXPLORER.EXE",
the workstation itself mounts the profile path and downloads the 
profile.

because the workstation is in "non-interactive" mode, it cannot fire up
dialogs like "Enter password for \\samba-server\homes share". 

<a href="mailto:lkcl at switchboard.net"  > Luke Kenneth Casson Leighton  </a>
<a href="http://mailhost.cb1.com/~lkcl"> Samba Consultancy and Support </a>

More information about the samba mailing list