samba - Aug 2002 - PDC roaming profiles and templates

Greetings!

I have configured samba as a PDC.
This works fine so far, I can add users, log in at my Win2k workstations and
use roaming profiles. But now my problem: I want several "template"
profiles. I want to use several different pre-configured base-profiles.

1) I  configure a template-user: configure the corresponding Desktop,
network and printer connections and so on.
2) After this I added another user and copied the hole profile-folder (of
the prevously descibed template)  to the new user.
3) When I log in with this new user, I have my pre-configured profile.

But if I change things like the background-settings or if I delete icons on
the desktop, these settings are reset to the template-profile-value at next
login, and its not saved in the new profile. I expect this has something to
do with the windows-registry or NTUSER.DAT file. A simple copy of this
profile does not work :(

I have tried several things to get rid of that, but nothing worked.
The howtos and faqs dont really cover this.
I can use the "Default User" profile and copy this to my
netlogon-folder.
Next I can copy the *.lnk files from any Desktop to the "Deafult
User\Desktop" folder. When I first log in with a new user, windows uses
this
default. But I can not configure something like the background-color of my
desktop or the screensaver. I except these values are stored in the registry
(ntuser.dat?!)

I have found a site
http://networking.earthweb.com/netos/article/0,,12083_625291_2,00.html
 explaining how to set up template profiles. So I thing it *should* work. I
dont want mandatory profiles. I furthermore dont want to restrict the access
of my users to the system. So I think the Policy Editor is not the right
way. It would be quite simple for me to manage the template, if I simply can
login and change them.

There is another thing. I have tried the usrmgr.exe from microsoft to
administrate/copy the profiles. But this tools does not work from a
workstation to my samba-PDC. I can see the users, but i am unable to
change/delete any values, even if I am logged in as the root into the
domain. Can I get this tool working somehow?


I will be really happy for hints to get this working. Could somebody please
help me?

M&V Werbeagentur GmbH
Christian Kuhn




I?m using windows 2000 client and a samba-2.2.3a.
And here is my smb.conf:

[global]
 # Basic server settings
 netbios name = fserver
 workgroup = Mvwa1

 # we should act as the domain and local master browser
 os level = 64
 preferred master = yes
 domain master = yes
 local master = yes

 # security settings
 security = user

 # encrypted passowrds are required for a PDC
 encrypt passwords = Yes

 # support domain logons
 domain logons = yes

 # groups, that should be treated as sysadmins on the win-machines
 domain admin group = @root

 # where to store the user profiles
 logon path = \\%N\profiles\%u

 # where is the user home directory and where should it be mounted
 logon drive = H:
 logon home = \\%N\%U\.profiles

 # generic logon script for all users
 logon script = logon.cmd

 guest account = Nobody
 map to guest = Bad User

 # These settings are a suggestion for a local network. Cf. section
 # 'socket options' in the man page of smb.conf and socket(7).
 socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY

 # Please uncomment the following entry and replace the ip number and
 # netmask with the values of your network interface configuration.
 interfaces = 192.168.14.100/255.255.255.0

 # If you want Samba to act as a wins server, please set
 # 'wins support' to yes.
 wins support = No

 # Set these two parameters to your DOS code page and appropriate UNIX
 # character set. These values are for west European languages (Latin-9)
 # UNIX character and MS-DOS Latin 1 code page.
 character set = ISO8859-15
 client code page = 850

# Where to store the logon scripts.
[netlogon]
 comment = Network Logon Service
 path = /var/lib/samba/netlogon
 read only = yes

# Extra share for profiles. Default is the home of the user.
[profiles]
 comment = Network Profiles Service
 path = /mnt/profiles
 read only = no
 create mask = 0600
 directory mask = 0700
 browseable = Yes

[homes]
 comment = Home Directories
 read only = No
 create mask = 0640
 directory mask = 0750
 browseable = Yes

Hey,

On Mon, 12 Aug 2002 15:54:39 +0200
"MVWA Stuff" <info@mvwa.de> wrote:
> and use roaming profiles. But now my problem: I want several
"template"
> profiles. I want to use several different pre-configured base-profiles.
at least with NT 4.0 you have to copy your default profile to a new user
with "System" from the "Control Panel" to get the
permissions of the files
and the registry entries in NTuser.dat right.
> There is another thing. I have tried the usrmgr.exe from microsoft to
> administrate/copy the profiles. But this tools does not work from a
> workstation to my samba-PDC. I can see the users, but i am unable to
> change/delete any values, even if I am logged in as the root into the
> domain. Can I get this tool working somehow?
As far as I know, no...

Goetz

Hi!

Thx for your quick response!
>> and use roaming profiles. But now my problem: I want several
>> "template"
>> profiles. I want to use several different pre-configured
>> base-profiles.
> at least with NT 4.0 you have to copy your default profile to a new
> user
> with "System" from the "Control Panel" to get the
permissions of the
> files
> and the registry entries in NTuser.dat right.

Ok. Now I have done the following:

1) Configured a new template (with a red background) in the domain
2) logged in as "root" (who is in the admin group) in the domain
3) system -> control panel -> user profiles -> select template ->
copy
to: \\fserver\profiles\foobar -> ok
4) useradd and smbpasswd for user "foobar"
5) chown foobar.users /mnt/profiles/foobar -R (/mnt/profiles is my
profile-folder)
6) log in as "foobar" in the domain
7) set background from red to green/black/whatever ..
8) log out and in  ->  background is set back to red (!) again.

In conclusion this is the same effect as before when I tried to copy the
profile with a simple "cp" :(

Furthermore I've tried to delete the ntuser.dat, ntuser.dat.LOG,
ntuser.ini and even \"template-profile"\Anwendungsdaten\Identities\*
(dont know exactly how this folder is called in english) files on my
linux-box.
Nothing helped. Obviously windows uses the local stored ntuser.dat files
then, but if I delete this, I'm not able to select the template for a
copy process anymore.

I've tried for hours now don't now any further.

Again I thing something like this _should_ work and I dont know, why it
does not ...
Any help would be welcome.



Greetings
Christian Kuhn