Windoze roaming profiles (was: Samba PDC/BDC)
Ben Scott
dragonhawk at gmail.com
Tue Jan 17 20:43:00 EST 2006
On 1/17/06, klussier at comcast.net <klussier at comcast.net> wrote:
> I wasn't explicitely wanting roaming profiles (as I view them as evil).
May I ask why?
I've generally found they make things a lot better. Lock down the
workstations, no "root" access for the lusers, use domain
authentication and roaming profiles. When a Windoze workstation gets
screwed up (not like *that* ever happens), swap it out or re-image it.
One profile sync later, the user is back up and running like nothing
happened.
This assumes all the clients are Win NT4/2000/XP. Win 95/98/Me are
to Win NT4/2000/XP as Win NT4/2000/XP are to *nix.
I've done this with both Microsoft and Samba servers, too, so it's
not completely off-topic. For Samba, the critical part is to have
something like
logon path = \\server\profiles\%U\
in your smb.conf on the Samba DC, and
[profiles]
comment = Windows Roaming User Profiles
path = /path/to/some/dir/
browseable = no
guest ok = no
writable = yes
create mask = 600
directory mask = 700
csc policy = disable
on the Samba server holding the roaming profile share (which can be
the same server).
Note that the share holding the roaming profile must *NOT* be a
"magic" share. That is, the "path" must be the same for every user
who connects to the share. Not the "homes" share. No Samba variables
in the "path" directive.
-- Ben "Show me a $HOME where the buffer 'flows roam..." Scott
More information about the gnhlug-discuss
mailing list