[Samba] Still mandatory profiles, every user same profile

Andrew Bartlett abartlet at samba.org
Tue Aug 28 19:49:33 MDT 2012


On Tue, 2012-08-28 at 13:10 +0200, Ulrich Schinz wrote:
> Hi there,
> 
> again me, again similar question.
> 
> First of all, what is it, what I'd like to have:
> 
> 1.) Every user in my System should use the same profile. In dsa.msc I 
> gave every user as profile-path \\samba4\profiles\stud
> 2.) The users should not be able to change anything in that profile (I 
> think changing ntuser.dat to ntuser.man should do the job, proposed i 
> got step one managed ;) )

> So now my question to you guys is: is there someone, who got this 
> working with samba4, or is it even working in samba4 to get this kind of 
> setup running?

I did this with Samba3, years ago.   If I recall correctly, I did the
ACL change to the NTuser.dat, changed it to to ntuser.man and put in in
the netlogon share.

Then I wrote the (still included) disgusting hack: the 'fake_perms' VFS
module.  This is still in the tree - it might even still work!  Set:

[netlogon]
vfs objects = fake_perms
read only = yes
to try it out.  I think the right fix would have been to run:

[netlogon]
profile acls = true
read only = yes

so try that as well.

Make sure you are using s3fs (the new default file server).  I've
suggested read only = yes because I can't vouch for the security
implications of using my old module (it pretends the current user always
owns the file).  

If either of these help, then please let me know so we can work out the
right way to support this long term.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org



More information about the samba mailing list