[Samba] Samba roaming profile with folder redirection
Yauheni Labko
yyl at chappy.com
Mon Oct 19 11:42:09 MDT 2009
Hi,
I have a domain controller which was configured to use the local profiles. We
have a relatively small group whose work required it. Now we are moving toward
using the domain for all machine with roaming profile. There are a lot of
posts dealing with the roaming profiles and the folder redirection. But I've
met some issues.
My configuration:
NS3 and SMB are hostnames of our servers.
PDC is located on NS3 and file server containing profiles and home shares on
SMB.
This is NS3 configuration:
# Global parameters
[global]
workgroup = CHAPPY-MS
netbios name = DS01
server string = Chappy Samba LDAP PDC Server
interfaces = 192.168.40.8/255.255.255.0
passdb backend = ldapsam:ldap://ds01/
enable privileges = Yes
passwd program = /usr/sbin/smbldap-passwd -u "%u"
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
printcap name = cups
add user script = /usr/sbin/smbldap-useradd -m "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
logon path = \\smb\profiles\%U\%a
logon drive = H:
logon home = \\smb\homes
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=admin,dc=chappy,dc=com
ldap delete dn = Yes
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap,dc=chappy,dc=com
ldap machine suffix = ou=computers
ldap passwd sync = Yes
ldap suffix = dc=chappy,dc=com
ldap user suffix = ou=people
panic action = /usr/share/samba/panic-action %d
idmap uid = 15000-20000
idmap gid = 15000-20000
printing = cups
print command =
lpq command = %p
lprm command =
[netlogon]
path = /var/lib/samba/netlogon
browseable = No
This is SMB configuration:
[global]
workgroup = CHAPPY-MS
server string = file server
interfaces = 192.168.40.43
map to guest = Bad User
passdb backend = ldapsam:ldap://ds01
syslog = 0
log file = /var/log/samba/log.%m
max log size = 2048
keepalive = 0
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
SO_RCVBUF=8192 SO_SNDBUF=8192
hostname lookups = Yes
load printers = No
dns proxy = No
wins server = 192.168.40.8
kernel oplocks = No
ldap admin dn = cn=admin,dc=chappy,dc=com
ldap delete dn = Yes
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap,dc=chappy,dc=com
ldap machine suffix = ou=computers
ldap suffix = dc=chappy,dc=com
ldap ssl = no
ldap user suffix = ou=people
panic action = /usr/share/samba/panic-action %d
[homes]
comment = Home Share
path = /san/export/home/%S
valid users = %S
write list = %S
force create mode = 0600
force directory mode = 0700
hide special files = Yes
browseable = No
[profiles]
comment = Profiles Share
path = /san/export/samba/profiles
read only = No
force create mode = 0664
force directory mode = 0775
profile acls = Yes
hide files = /Application Data/Cookies/Local\
Settings/NetHood/PrintHood/Recent/SendTo/NTUSER.DAT/
store dos attributes = Yes
browseable = No
csc policy = disable
Netlogon on NS3 has a Default User configuration redirecting Desktop, My
Documents, My Pictures, My Music, Personal to the appropriate directories on
%HOMEDRIVE%:
Desktop - %HOMEDRIVE%\Desktop
My Documents - %HOMEDRIVE%\My Documents
My Pictures - %HOMEDRIVE%\My Documents\My Pictures
etc..
The local group policy disables the offline files and the roaming profile
synchronization for Desktop, My Documents and Application Data. These settings
were based on Samba by Examples, ch.5 and 6.
During the first log in the user grabs the configured profile from netlogon
share and correctly setup all files. But when user logged off it watched
synchronizing window where it syncs the user home directory.
At the same time the user can write/read home drive with no problems. The
popup message "offline files - working offline" is rather annoying.
Could anybody give me an idea what is wrong? Or maybe I should use
%LOGONPROFILE% variable instead of %HOMEDRIVE%?
If the synchronization window is normal for such configuration is there any
advantage of using the folder redirection with the roaming profile? Maybe it
is better to disable synchronization of some directories and train users to
keep their documents on home drive arguing that this is a safe place?
Yauheni Labko (Eugene Lobko)
Junior System Administrator
Chapdelaine & Co
(212)208-9150
More information about the samba
mailing list