[Samba] User and Group management from Linux plus roaming profiles

Rowland Penny rowlandpenny241155 at gmail.com
Tue Sep 8 07:01:33 UTC 2015 

On 07/09/15 22:07, Robert Moskowitz wrote:
> Right now, RSAT seems not to be an option for me, as the only Win 
> systems here are XP...
>
> None of my PDC users were brought over with classicupdate. Perhaps 
> becuase my users are LINUX user accounts?  And the home directories 
> map to /home/user ?

Not having seen your old setup, but if you had a PDC, the users & groups 
should have been created in AD by classicupgrade, it is the only reason 
for the upgrade tool existing.

>
> So I would think I need to start adding users and put them into 
> groups.  How?

By using the RSAT tools from windows, or by using samba-tool etc

>
> And I am reading: 
> https://wiki.samba.org/index.php/Implementing_roaming_profiles
>
> At the beginning the smb.conf starts with:
>
> [profiles]
>
> further down in the POSIX ACLs section it is:
>
> [Profiles]
>
> Are these two different shares?  Or since shares are case insensitive 
> it does not matter?
>

It doesn't any more, thanks for pointing the anomaly out.

> Then there is:
>
> chgrp „Domain Users“ /srv/samba/profiles
>
> and I don't see „Domain Users“ defined.
>

If you have an AD DC, you have "Domain Users",  try this:

  ldbsearch -H /var/lib/samba/private/sam.ldb 
'(&(objectclass=group)(samaccountname=Domain Users))'

> Finally, as this is an AD, not a PDC, I am assuming I need to use 
> 'ADUC' to enable roaming profiles for selected users (that got added 
> how, see above).  Is ADUC available on XP?  I may have to break down 
> and buy a 'cheap' used notebook on ebay with Win7 OEM preloaded...

Yes, you can use ADUC on XP, download it from here:

http://www.microsoft.com/en-us/download/details.aspx?id=16770

But, you can do most of what ADUC does with samba-tool.

>
> As I think Marc said I don't use:
>
> logon path = \\%L\Profiles\%U
>
> for an AD.
>

Correct

> Lastly a question on home share (and the wiki warns not to use the 
> default homes share, but the home share documented).
>
> Can the home share be on a AD Member Server?  It would seem so....
>


Yes, you just need to set the users 'homeDirectory' attribute to point 
to the machine that holds the users home dir

  i.e. \\thinkpad\rowland

The same goes for the users profile, but in this case you would use the 
'profilePath' attribute

Rowland

> thanks. Laboring away here!
>
>
>

More information about the samba mailing list