Hi folks,
I am trying to deploy an LDAP based Samba3 PDC, migrated from an old WinNT4
Domain to support roaming profile for new WinXP clients.
But I do not want a full roaming profile. AFAIK WinXP profiles tends to grow. If
possible, I would like to roam only the desktop settings, and maybe the
navigator (IE or Firefox) configuration.
Another important (I believe) information is that our WinXP is a localized
information - brazilian portuguese - version. The main importance of this fact
is that in the registry the key names are in English, whereas in the filesystem
the folders name are in brazilian portuguese.
I have already succeeded in configure the roaming profile. I am having trouble
in limiting its contents.
In my tests I am trying to roam only the "Desktop" session of the user
profile.
Here is the symptom I am experiencing: when a user logs in WinXP a folder
"Desktop" is created on his profile directory; when this user logs out
WinXP all
other folders (from "Ambiente de impressao" up to "SendTo")
that are part of the
profile are created on his profile directory.
What am I missing to achieve this objective: have only the "Desktop"
folder
present on a user profile directory?
In the next lines (long) I have included information so that you know my
environment and have a clue to send me.
As for the samba configuration,
1. Created and populated a "Default User" directory under netlogon
share with
the following directories:
-------------
root@nipdl08:/var/samba/profiles/fabricio# ls -l /var/samba/netlogon/Default\
Users
total 234
drwxr-x--- 2 root Domain Users 48 2005-05-20 16:37 Ambiente de impress?o
drwxr-x--- 2 root Domain Users 48 2005-05-20 16:37 Ambiente de rede
drwxr-x--- 2 root Domain Users 48 2005-06-21 10:23 Configura??es locais
drwxr-x--- 2 root Domain Users 48 2005-06-21 10:24 Cookies
drwxr-x--- 2 root Domain Users 48 2005-06-21 10:23 Dados de aplicativos
drwxr-x--- 2 root Domain Users 48 2005-05-20 16:37 Desktop
drwxr-x--- 2 root Domain Users 48 2005-05-20 16:37 Favoritos
drwxr-x--- 3 root Domain Users 80 2005-06-21 10:24 Menu Iniciar
drwxr-x--- 2 root Domain Users 48 2005-05-20 16:37 Meus documentos
drwxr-x--- 2 root Domain Users 48 2005-06-21 10:25 Modelos
-rw-r--r-- 1 root Domain Users 229376 2005-06-20 16:51 NTUSER.DAT
-rw-r--r-- 1 root Domain Users 1024 2005-06-20 16:51 NTUSER.DAT.LOG
drwxr-x--- 2 root Domain Users 48 2005-05-20 16:37 Recent
drwxr-x--- 2 root Domain Users 48 2005-06-21 10:27 SendTo
------------
2. here is an typical user in the ldap database:
------------
root@nipdl08:~# smbldap-usershow fabricio
dn: uid=fabricio,ou=Users,dc=tcdf,dc=net
objectClass: top,inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount
cn: fabricio
sn: fabricio
uid: fabricio
uidNumber: 10639
gidNumber: 513
loginShell: /bin/bash
gecos: System User
sambaSID: S-1-5-21-162996128-359937467-561332275-2722
sambaPrimaryGroupSID: S-1-5-21-162996128-359937467-561332275-513
displayName: fabricio bianco abreu
description: Administrador do Domino tcdf-master
sambaLogonScript: login.bat
sambaLogonTime: 1118682725
sambaLogoffTime: 1106238911
sambaProfilePath: \\NIPDL08\profile\fabricio
sambaHomeDrive: H:
sambaHomePath: \\NIPDL08\fabricio\.profile
homeDirectory: /home/fabricio
sambaLMPassword: 5602E3F3E86AD1CB81FE6D90B93317CB
sambaAcctFlags: [U]
sambaNTPassword: 2B60D7C84864C848D393509A619D1722
sambaPwdLastSet: 1118872627
sambaPwdMustChange: 1122760627
userPassword: {MD5}z8ANILCzE3FxpQ2SS99TUg=------------
3. Here is my smb.conf
------------
# Global parameters
[global]
workgroup = TCDF-MASTER
netbios name = NIPDL08
enable privileges = yes
interfaces = 10.20.20.30, 127.0.0.1
bind interfaces only = yes
username map = /etc/samba/smbusers
server string = %L Samba-LDAP PDC Server %v
security = user
encrypt passwords = true
obey pam restrictions = No
ldap passwd sync = Yes
log level = 2
syslog = 0
log file = /var/log/samba/log.%m
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
logon script = login.bat
logon drive = H:
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
passdb backend = ldapsam:ldap://nipdl08.tcdf.net/
ldap admin dn = cn=samba,ou=DSA,dc=tcdf,dc=net
ldap suffix = dc=tcdf,dc=net
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
printer admin = @"Print Operators"
load printers = Yes
create mask = 0640
directory mask = 0750
nt acl support = No
printing = lprng
printcap name = /etc/printcap
deadtime = 10
guest account = nobody
map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
show add printer wizard = yes
; to maintain capital letters in shortcuts in any of the profile
folders:
preserve case = yes
short preserve case = yes
case sensitive = no
[homes]
comment = diretorio de %U, %u
read only = No
create mask = 0644
directory mask = 0775
browseable = No
[netlogon]
path = /var/samba/netlogon/
browseable = No
read only = yes
write list = @"Domain Admins"
[profile]
path = /var/samba/profiles
guest ok = Yes
profile acls = yes
csc policy = disable
create mode = 0600
directory mode = 0700
# next line is a great way to secure the profiles
force user = %U
# next line allows administrator to access all profiles
write list = %U @"Domain Admins"
[printers]
comment = Network Printers
printer admin = @"Print Operators"
guest ok = yes
printable = yes
path = /var/spool/samba
browseable = No
read only = Yes
printable = Yes
print command = /usr/bin/lpr -P%p -r %s
lpq command = /usr/bin/lpq -P%p
lprm command = /usr/bin/lprm -P%p %j
[print$]
path = /var/samba/printers
guest ok = No
browseable = Yes
read only = Yes
valid users = @"Print Operators"
write list = @"Print Operators"
create mask = 0664
directory mask = 0775
------------
Regarding Windowx XP I have executed the following procedure:
1. Using regedt32 I have edit de default user "NTUSER.dat" to set the
keys under
[Software\Microsoft\Windows\CurrrentVersion\Explorer\User Shell Folders] as
listed bellow:
------------
Nome da chave:
HKEY_LOCAL_MACHINE\Default\Software\Microsoft\Windows\CurrentVersion\Explorer\User
Shell Folders
Nome da classe: <Sem classe>
Hora da ?ltima grava??o: 20/6/2005 - 15:11
Valor 0
Nome: AppData
Tipo: REG_EXPAND_SZ
Dados: %USERPROFILE%\Dados de aplicativos
Valor 1
Nome: Desktop
Tipo: REG_EXPAND_SZ
Dados: \\NIPDL08\profile\%USERNAME%\Desktop
Valor 2
Nome: Favorites
Tipo: REG_EXPAND_SZ
Dados: %USERPROFILE%\Favoritos
Valor 3
Nome: NetHood
Tipo: REG_EXPAND_SZ
Dados: %USERPROFILE%\Ambiente de rede
Valor 4
Nome: Personal
Tipo: REG_EXPAND_SZ
Dados: %USERPROFILE%\Meus documentos
Valor 5
Nome: PrintHood
Tipo: REG_EXPAND_SZ
Dados: %USERPROFILE%\Ambiente de impress?o
Valor 6
Nome: Programs
Tipo: REG_EXPAND_SZ
Dados: %USERPROFILE%\Menu Iniciar\Programas
Valor 7
Nome: Recent
Tipo: REG_EXPAND_SZ
Dados: %USERPROFILE%\Recent
Valor 8
Nome: SendTo
Tipo: REG_EXPAND_SZ
Dados: %USERPROFILE%\SendTo
Valor 9
Nome: Start Menu
Tipo: REG_EXPAND_SZ
Dados: %USERPROFILE%\Menu Iniciar
Valor 10
Nome: Startup
Tipo: REG_EXPAND_SZ
Dados: %USERPROFILE%\Menu Iniciar\Programas\Inicializar
Valor 11
Nome: Templates
Tipo: REG_EXPAND_SZ
Dados: %USERPROFILE%\Modelos
Valor 12
Nome: Cookies
Tipo: REG_EXPAND_SZ
Dados: %USERPROFILE%\Cookies
Valor 13
Nome: My Pictures
Tipo: REG_EXPAND_SZ
Dados: %USERPROFILE%\Meus documentos\Minhas imagens
Valor 14
Nome: Local Settings
Tipo: REG_EXPAND_SZ
Dados: %USERPROFILE%\Configura??es locais
Valor 15
Nome: Local AppData
Tipo: REG_EXPAND_SZ
Dados: %USERPROFILE%\Configura??es locais\Dados de aplicativos
Valor 16
Nome: Cache
Tipo: REG_EXPAND_SZ
Dados: %USERPROFILE%\Configura??es locais\Temporary Internet Files
Valor 17
Nome: History
Tipo: REG_EXPAND_SZ
Dados: %USERPROFILE%\Configura??es locais\Hist?rico
------------
Please note that the only folder I have redirected to the samba server is
"Desktop" and that if user "fabricio" is logged in
%USERPROFILE% expands to
"c:\Documents and Settings\fabricio". Nevertherless upon logout all
other
folders are created in fabricio's sambaProfilePath.
2. Using gpedit.msc I edited "Exclude directories in roaming profile"
under
"User Configuration->Admnistrative Templates->System->User
Profiles" as:
------------
Ambiente de impress?o;Ambiente de rede;Configura??es locais;Cookies;Dados de
aplicativos;Favoritos;Menu Iniciar;Meus documentos;Modelos;Recent;SendTo
------------
This is an almost complete list of directories in a user profile, lacking of
course the "Desktop" folder that shall be roamed
3. Using gpedit.msc I enabled "Do not checkfor user ownership of Roaming
Profile
Folders" under "Computer Configuration->Admnistrative
Templates->System->User
Profiles"
________________________________________________________________
Fabricio Bianco Abreu
N?cleo de Inform?tica e Processamento de Dados
TRIBUNAL DE CONTAS DO DISTRITO FEDERAL (http://www.tc.df.gov.br)
Tel 55 - 61 - 314 2236
Fax 55 - 61 - 314 2268
Utilize software livre (visite http://www.tc.df.gov.br/tcbrasil)
________________________________________________________________
________ Information from NOD32 ________
This message was checked by NOD32 Antivirus System for Linux Mail Server.
http://www.nod32.com
