[Samba] Windows profile properties with Samba

Troy Heidner theidner.mail at gmail.com
Thu Jan 29 14:47:24 GMT 2009


Thank you VERY much for your input!  That is exactly the information I was
looking for.  I am continuing to make my way through your How To and By
Example books too.  I have been lurking on this list for a couple of months
and have been very impressed with the level of expertise and the willingness
to help here.  Knowing this resource exists is one of the things that gives
me enough confidence and peace of mind to roll out Samba as a critical
system in our work environment, even though I don't have an official channel
of paid support.  I can't say enough good things about the work that you all
accomplish here.

Thanks again!


> On Wed, Jan 28, 2009 at 6:11 PM, John H Terpstra <jht at samba.org> wrote:
>> On Wednesday 28 January 2009 17:24:52 Troy Heidner wrote:
>> > Hello everyone,
>> >
>> > We are investigating migrating our Windows 2003 active directory domain
>> to
>> > a purely Samba one.  I am a relative novice to Samba.  I have used it
>> many
>> > times to do simple file and printer sharing on an individual or
>> workgroup
>> > basis, but never in a domain environment.  One of the things I need to
>> find
>> > out how to do involves delivering Windows profiles.  On our Windows
>> > network, some users use local profiles, some use roaming profiles, and
>> some
>> > use mandatory profiles; depending on their status as staff, faculty, or
>> > student.  Currently, I set these attributes individually in each user
>> > object's properties in active directory.
>> Samba currently implements only NT4 style profile handling.  It is easily
>> possible to create any type of NT4-style windows profile. The capability
>> exits
>> for:
>>        a) Roaming per-user profiles
>>        b) Mandatory profiles (per-user or per-group)
>>        c) Network default profiles
>>                Samba makes it possible to do this per group also.
>> It is also possible to apply NTConfig.POL policies but so far as I am
>> aware
>> this does not work with Vista and Windows 7.
>> > I have successfully deployed a roaming profile on my test Samba network.
>> This is the simplest to deploy.  It is documented in Samba3-ByExample.
>> See:
>> http://www.samba.org/samba/docs/Samba3-ByExample.pdf
>> > But so far I can only see how to do this globally for all users in the
>> > global section of the smb.conf.
>> With an LDAP backend it is possible to specify the location of a per-user
>> profile. This also makes it possible to specify a group profile.
>> > I HAVE to be able to assign these on an
>> > individual or group basis based on the needs of different users.  I
>> intend
>> > to use LDAP for my backend.  As I understand it, you can set many
>> different
>> > user attributes using LDAP.  I would like to find out specifically how
>> to
>> > setup individual windows profiles, and generally whatever other windows
>> > property managements may be possible?
>> Any setting that is available in NT4 can be set with Samba.
>> > I'd also like to know if it is
>> > possible to assign these kinds of attributes to groups in Samba.
>> Samba does NOT implement group policy objects as does active directory.
>>  For
>> that capability you need Samba4 which has not yet been released for
>> production
>> use.  You may want to evaluate Samba4 and be part of the feedback team on
>> that.  Samba4 implements active directory technology.
>> > It would
>> > be convenient to be able to set up an environment configuration based on
>> > group membership.  Then I could control these things merely by moving
>> users
>> > in and out of different groups.
>> It is possible to test for group membership in a logon script and then to
>> map
>> drives to or paths to a location at which a group profile is shared. It's
>> one
>> one to get mostly what you want.
>> Cheers,
>> John T.
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list