[Samba] Mandatory User Profile

ulrich.schinz at ksfh.de ulrich.schinz at ksfh.de
Sun Mar 6 03:16:47 MST 2011


first of all: my name is uli... i'm from bavaria/germany and i'm working
with linux quite a long time (maybe 10 years).

Now my "problem":
my samba is setup with ldap-backend. my configuration with mandatory
profiles is working quite good. i created a Default User - Profile in my
netlogon-share (migrated from a windows-xp client). ntuser.dat has been
renamed to ntuser.man. my windows client is configured to delete cached
profiles on logoff. this is working perfect.
but the problem is, that my keyborad layout is american and not german at
first logon. next logons the keyboard-layout is germen. but i think the
reason for that is, that the server-side profile creates a ntuser.dat AND
the ntuser.man (ntuser.dat does not exist in Default User profile).
renaming the ntuser.man in Default User profile to ntuser.dat makes the
german keyboard-layout available at first logon.
but i wanna have the mandatory profiles not editable. users should not be
able to save things or change things in the profile.
do you have an idea, how to make my mandatory profile "readonly" AND have
a german keyboard-layout.
another thing id like to have: is it possible to remove the serverside
profile at logoff. if i logon there is the Default User profile copied to
my profiles-share. we have a lot of students and it would be a waste of
disc-space to create the same copy of the Default User  profile many
thousend times...

Here is some information about my setup:
OS: Debian Squeeze
Samba-Version: 3.5.6
workgroup = SCHINZ-HOME
netbios name = klamm
domain logons = yes
domain master = yes
local master = yes
preferred master = yes
os level = 65
logon path = \\%L\profiles\%u
passdb backend = ldapsam:ldap://klamm.home.schinz.de
ldapsam:trusted = yes
ldapsam:editposix = yes
ldap admin dn = cn=admin,dc=schinz,dc=de
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=machines
ldap passwd sync = Yes
ldap suffix = dc=schinz,dc=de
ldap ssl = off
idmap backend = ldap:ldap://klamm.home.schinz.de
idmap uid = 10000 - 50000
idmap gid = 10000 - 50000
idmap config SCHINZ-HOME:default      = yes
idmap config SCHINZ-HOME:backend      = ldap
idmap config SCHINZ-HOME:ldap_base_dn = ou=idmap,dc=schinz,dc=de
idmap config SCHINZ-HOME:ldap_user_dn = cn=admin,dc=schinz,dc=de
idmap config SCHINZ-HOME:ldap_url     = ldap://klamm.home.schinz.de/
idmap config SCHINZ-HOME:range        = 10000 - 50000

idmap alloc backend = ldap
idmap alloc config:ldap_base_dn = ou=idmap,dc=schinz,dc=de
idmap alloc config:ldap_user_dn = cn=admin,dc=schinz,dc=de
idmap alloc config:ldap_url     = ldap://klamm.home.schinz.de
idmap alloc config:range        = 10000 - 50000

  path = /samba/profiles
  read only = No
  store dos attributes = Yes
  create mask = 0700
  directory mask = 0700
  browsable = No
  guest ok = No
  printable = No
  hide files = /desktop.ini/outlook*.lnk/*Briefcase*/

  path = /samba/netlogon
  read only = yes
  path = /samba/homes
  readonly = no

hope you forgive my bad english.
kind regards

More information about the samba mailing list