[Samba] Samba-LDAP Roaming Profiles
mallapadi niranjan
niranjan.ashok at gmail.com
Mon Apr 24 05:51:04 GMT 2006
Hi all
I have a samba 3.0.21c with OpenLDAP 2.3.19 as Primary Domain Controller.
I would like to enable Roaming Profiles per user basis , not for all users.
below is my smb.conf ,
[global]
workgroup = mydomain.com <http://msdpl.com/>
netbios name = mydomain
passdb backend = ldapsam:ldap://mydomain.com
server string = Domain Controller
hosts allow = 192.168.128. 192.168.129. 192.168.130. 127.
security = user
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = eth0, lo
printing = cups
disable spoolss = Yes
printcap name = cups
max print jobs = 100
enable privileges = yes
password level = 8
username level = 8
bind interfaces only = yes
local master = Yes
os level = 65
domain master = yes
preferred master = yes
null passwords = no
hide unreadable = yes
hide dot files = yes
domain logons = yes
logon script = %u.bat
logon path =
logon drive = X:
logon home = \\mydomain\%U
wins support = yes
name resolve order = wins lmhosts host bcast
dns proxy = no
time server = yes
log file = /var/log/samba/%m.log
max log size = 50
nt acl support = yes
ldap passwd sync = yes
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
ldap delete dn = Yes
ldap ssl = no
ldap suffix = dc=msdpl,dc=com
ldap admin dn = cn=manager,dc=msdpl,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
ldap timeout = 50
idmap backend = ldap:ldap://mydomain.com
idmap uid = 10000-20000
idmap gid = 10000-20000
check password script = /usr/local/bin/crackcheck -s
map acl inherit = yes
winbind use default domain = yes
template shell = /bin/false
# Un-comment the following and create the netlogon directory for Domain
Logons
[netlogon]
comment = Network Logon Service
path = /usr/local/samba-3c/lib/netlogon/scripts
guest ok = yes
browseable = yes
write list = root
[profiles]
Comment = Profile Shares
path=/profiles
browseable=yes
writeable = yes
create mode = 0600
directory mode = 0700
################################################################
In the above configuration. I have not given any netbios logon path
ie logon path =
and for users whom i want to enable roaming profiles
i have modified through smbldap-usermod command
ie i have given smbldap-usermod -F \\mydomain\profiles\username username
1)using the above said configuration. Roaming profiles for that particular
user is not getting enabled.
2) suppose i edit my above smb.conf and write
logon path=\\mydomain\profiles\%U
and enable roaming profile for the intended user through smbldap-usermod,
then roaming profile is getting enable, but the problem is , in /profile
directory (which is profile share)
all the user who logon to the domain, a directory is created by their
username.
3) for the user's who i have manually enabled roaming profile, their
roaming profile works perfectly in
windows 2003 and windows Xp, ie if they create any new folder or shortcut ,
it gets reflected in the server
profile directory,but the same user when logon in windows 2000 professional,
it's not working ie, what ever is in
the server profile it gets loaded but if any modification is done, it does
not reflect in server.
4) my query is should we enable logon path = \\mypdc\profiles\%u in server.
if i leave it blank and edit manually per user through smbldap-usermod will
it work.
what is the correct method of enable per user roaming profile for samba with
LDAP backend
Please guide me
Regards
Niranjan
More information about the samba
mailing list