[Samba] Roaming Profiles

L.P.H. van Belle belle at bazuin.nl
Wed Jun 19 07:48:10 UTC 2019 

Hai Rowland, 
 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland penny via samba
> Verzonden: woensdag 19 juni 2019 9:20
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Roaming Profiles
> 
> On 19/06/2019 07:27, L.P.H. van Belle via samba wrote:
> > Gooooood morning Rowland,  :-)
> >
> > Thunder and rain here.. Your pushing rain to me from england ;-) :-p
> Not me personally ;-)
> >
> > Yes, if you count administrator also to everybody.  ;-)
> You may just be breaking European law.

No definately not. :-) I was in 2016 already EU Priv law compliant. 
Im tested 4 times, everytime all good, and when i question the auditors,... 
Well, these where not EU Priv Law compiant..  Hahaha :-) .. 

These folders are monitored, and even if I wanted to enter, i need a "ticket/support" registration
in my support system..  If people dont sent in a problem report im not even looking at it. 
What works the same for me with mail problems. 
This is for my own protection and the users, im very strick in this, people find it very anoying.. 
No registration, im not doing anything, because of the law. 
As system administrator, your working in a grey area, you just need to have everything logged/registered
Before you do anything..  And im the Admin from hell :-) but that results for me in 90% less problems. 
As long as the boss is happy with it, its fine for me also.  ;-) 
Heheh.. 
And this results for me in having time to spend on samba :-) 

> > What i have on my member server. ( AD backend )
> >
> > install -d /home/samba/profiles -m 1770 -o root -g root
> >
> > [profiles]
> >      browseable = yes
> >      path = /home/samba/profiles
> >      read only = no
> >      acl_xattr:ignore system acl = yes
> >
> > drwxrwx--T+ 103 root root  4096 Jun 14 16:25 profiles
> >
> > getfacl /home/samba/profiles/
> > # file: home/samba/profiles/
> > # owner: root
> > # group: root
> > # flags: --t
> > user::rwx
> > user:root:rwx
> > group::---
> > group:root:---
> > group:domain\040users:rwx
> > mask::rwx
> > other::---
> > default:user::rwx
> > default:user:root:rwx
> > default:group::---
> > default:group:root:---
> > default:mask::rwx
> > default:other::---
> >
> >
> > Resulting in the profiles/username.vX folder to username and SYSTEM
> > Administrator (and domain admins) has access also, through 
> root/administrator mapping,
> > but normal users can see the other users folder but can not 
> access it.
> >
> > Share security, just the default, to everyone, folder 
> rights handles everything else.
> > That where the domain users comes in.
> 
> If it works for you, who am I to say anything ;-)
> 
> Rowland

You Rowland, your allowed to say anything to me. Just dont make my cry.. ;-) 

And above setup is a copy of an Windows 2008R2 setup. 
Ah, have a look here, 
https://docs.microsoft.com/en-us/windows-server/storage/folder-redirection/deploy-roaming-user-profiles 
I see MS changed the docs a bit. 

.. .my security group on step2 is "dom users" ;-)  


Greetz, 

Louis

More information about the samba mailing list