Win 95 Policy Nightmare Part 1

Daryl L. Biberdorf darylb at superserve.com
Fri Sep 11 04:26:04 GMT 1998 

As I mentioned in a previous note, I'm a new Samba administrator.
I'm trying to set up both roving profiles and system policies on the
Win 95 machines in our computer lab here.

I have used the policy editor (POLEDIT.EXE) to define a CONFIG.POL,
which I have placed in the [netlogon] share. I also used a
newly-installed
Win 95 machine to create the exact *initial* configuration of
desktop, colors, start menu contents, etc. that I want my users to have.
I have copied the four folders under \Windows\Profiles\username 
(Desktop, Start Menu, etc) to the skeleton directory structure
my users will be getting as their accounts are created on our Linux
server. Thus, when I create a new user "jimbob", jimbob gets a 
settings/ subdirectory which contains the four special profiles folders
and their contents. The settings/ subdirectory is shared as [profiles].
(See my smb.conf below)

This works in a strange, funky sort of way. I wish I could fully
describe
it, but it appears that the state of the Windows client's registry at
the time of the first login by user is determining what's going on with
the
policies and profile. The policy generally works, but the profile
settings
are not working like I think they should. In particular, the Start Menu
is frequently wrong (containing almost nothing).

I'm at a loss. I've re-read the documentation for policies and profiles
in the resource kit from Microsoft, and the DOMAIN.txt.

Can anyone offer any step-by-step instructions? Is my approach
completely
wrong? Am I totally confused? I'm stressing out from all this, and I
have
a deadline of Monday.

Thanks in advance for any help.

Daryl Biberdorf, darylb at superserve.com

---------------------- smb.conf follows --------------------
; Dan Thies & Daryl Biberdorf 9/98
; based on
; The global setting for a default install
; Copyright(C) John H Terpstra - 1997
; modified for Caldera OpenLinux by Raymund Will <ray at lst.de>
;
; smbd re-reads this file regularly, but if in doubt stop and restart
it:
; /etc/rc.d/init.d/smb stop
; /etc/rc.d/init.d/smb start
;======================= Global Settings
=====================================
[global]
 
; comment is the equivalent of the NT Description field
   server string = File Server (Students; Lilly Lab)
 
; workgroup = NT-Domain-Name or Workgroup-Name, eg: WINERS
   workgroup = CTSLILLY

; this server handles logons within this domain (workgroup)
   domain logons = yes
 
; the script for each user to run as they login (stored in the location
; specified by the [netlogon] share(see below))
   logon script = startup.bat
 
; location of the Samba log file
  log file = /var/log/samba/log.smb
 
; Put a capping on the size of the log files (in Kb)
   max log size = 50
 
; Options for handling file name case sensitivity and / or preservation
; Case Sensitivity breaks many WfW and Win95 apps
;   case sensitive = yes
    short preserve case = yes
    preserve case = yes
 
; Not turn on when upgraded.
; dos filetimes = yes
 
; Security and file integrity related options
   lock directory = /var/lock/samba
   locking = yes
 
; Strict locking is available for paranoid locking situations only
;        enabling this severely degrades read / write performance.
;   strict locking = yes
;   fake oplocks = yes
   share modes = yes
 
; Security modes: USER uses Unix username/passwd, SHARE uses WfW type
passwords
;        SERVER uses an other SMB server (eg: Windows NT Server or
Samba)
;        to provide authentication services
   security = user
 
; Performance Related Options
 
; respond to WinPopup messages from clients (mail 'em to root)
   message command = /bin/mail -s 'Message from %f on %m' root < %s ; rm
%s
 
; pass the user's real name to the client
    unix realname = yes
 
; Performance Related Options
; Before setting socket options read the smb.conf man page!!
   socket options = TCP_NODELAY
; Still pick need to optimizes this choice
 
; Browser Control Options:
; Local Master set to True causes Samba to participate in browser
elections
;       the default setting is true, this causes Samba to behave like a
;       Windows NT server. Setting this to false turns off all browser
;       election participation.
; dlb note -- only applies to a specific subnet; probably a good thing
to
; leave turned on
   local master = yes
 
; OS Level gives Samba the power to win browser elections. Windows NT =
32
;       Any value < 32 means NT wins as Master Browser, > 32 Samba gets
it
;       default = 0, this ensures that Samba will NOT win the browser
election.
   os level = 35
 
; Domain Master specifies Samba to be the Domain Master Browser
;       Only ever set this if there is NO Windows NT Domain Controller
on the
;       network
   domain master = yes
 
; Preferred Master causes Samba to force a local browser election on
startup
; dlb 082598
   preferred master = yes
 
 
; Where to store roving profiles (only for Win95 and WinNT)
;        %L substitutes for the SMB name we are called, %U is username
;        You must uncomment the [profiles] share below
   logon path = \\%L\profiles\
 
; Windows Internet Name Serving Support Section:
; WINS Support - Tells the NMBD component of Samba to enable it's WINS
Server
;       the default is NO. If you have an Windows NT Server WINS use it!
;       Samba defaults to wins support = no
;   wins support = no
wins support = yes
 
; turn this on when upgrading
; how to do name lookups for SMB services
; possibilities include the following:
;     wins = use WINS server
;     lmhosts = use /etc/lmhosts
;     host = use local resolver (host.conf/nsswitch.conf/resolv.conf)
;     bcast = broadcast to find the name
; order of parameters is the order they are invoked.
   name resolve order = wins host bcast
 
; WINS Proxy - Tells Samba to answer name resolution queries on behalf
of a non
;       WINS Client capable client, for this to work there must be at
least one
;       WINS Server on the network. The default is NO.
;   wins proxy = yes
 
;============================ Share Definitions
==============================
[homes]
   comment = Home Directory
   path = /home/%u/winhome
   browseable = no
   printable = no
   read only = no
   hide dot files = yes
   oplocks = yes
   directory mask = 0700
   create mask =0700
 
; the NETLOGON share, where users get a common startup sequence, etc.
[netlogon]
   comment = Initialization scripts
   path = /netlogon
;   path = /home/%u/netlogon
   read only = yes
   printable = no
   browseable = no
   locking = no
   public = no
 
; Provide a specific roving profile share
; the default is to use the user's home directory
[profiles]
    path = /home/%U/settings
    browseable = no
    printable = no
    read only = no
    guest ok = yes
 
; the cd-rom drive
[cd_1]
  comment = First CD-ROM drive
  browseable = no
  read only = yes
  printable = no
  valid users = darylb,dthies
  locking = no
  path = /mnt
 
; a publicly accessible directory for all users;
; [this should probably be restricted a bit --darylb]
;
[ctstemp]
   comment = Temporary public file storage (deleted after 24 hours)
   path = /home/public
   read only = no
   printable = no
   write list = @users
   valid users = @users

---------------------- end of smb.conf  --------------------

More information about the samba mailing list