As I mentioned in a previous note, I'm a new Samba administrator.
I'm trying to set up both roving profiles and system policies on the
Win 95 machines in our computer lab here.
I have used the policy editor (POLEDIT.EXE) to define a CONFIG.POL,
which I have placed in the [netlogon] share. I also used a
newly-installed
Win 95 machine to create the exact *initial* configuration of
desktop, colors, start menu contents, etc. that I want my users to have.
I have copied the four folders under \Windows\Profiles\username
(Desktop, Start Menu, etc) to the skeleton directory structure
my users will be getting as their accounts are created on our Linux
server. Thus, when I create a new user "jimbob", jimbob gets a
settings/ subdirectory which contains the four special profiles folders
and their contents. The settings/ subdirectory is shared as [profiles].
(See my smb.conf below)
This works in a strange, funky sort of way. I wish I could fully
describe
it, but it appears that the state of the Windows client's registry at
the time of the first login by user is determining what's going on with
the
policies and profile. The policy generally works, but the profile
settings
are not working like I think they should. In particular, the Start Menu
is frequently wrong (containing almost nothing).
I'm at a loss. I've re-read the documentation for policies and profiles
in the resource kit from Microsoft, and the DOMAIN.txt.
Can anyone offer any step-by-step instructions? Is my approach
completely
wrong? Am I totally confused? I'm stressing out from all this, and I
have
a deadline of Monday.
Thanks in advance for any help.
Daryl Biberdorf, darylb@superserve.com
---------------------- smb.conf follows --------------------
; Dan Thies & Daryl Biberdorf 9/98
; based on
; The global setting for a default install
; Copyright(C) John H Terpstra - 1997
; modified for Caldera OpenLinux by Raymund Will <ray@lst.de>
;
; smbd re-reads this file regularly, but if in doubt stop and restart
it:
; /etc/rc.d/init.d/smb stop
; /etc/rc.d/init.d/smb start
;======================= Global Settings
====================================[global]
; comment is the equivalent of the NT Description field
server string = File Server (Students; Lilly Lab)
; workgroup = NT-Domain-Name or Workgroup-Name, eg: WINERS
workgroup = CTSLILLY
; this server handles logons within this domain (workgroup)
domain logons = yes
; the script for each user to run as they login (stored in the location
; specified by the [netlogon] share(see below))
logon script = startup.bat
; location of the Samba log file
log file = /var/log/samba/log.smb
; Put a capping on the size of the log files (in Kb)
max log size = 50
; Options for handling file name case sensitivity and / or preservation
; Case Sensitivity breaks many WfW and Win95 apps
; case sensitive = yes
short preserve case = yes
preserve case = yes
; Not turn on when upgraded.
; dos filetimes = yes
; Security and file integrity related options
lock directory = /var/lock/samba
locking = yes
; Strict locking is available for paranoid locking situations only
; enabling this severely degrades read / write performance.
; strict locking = yes
; fake oplocks = yes
share modes = yes
; Security modes: USER uses Unix username/passwd, SHARE uses WfW type
passwords
; SERVER uses an other SMB server (eg: Windows NT Server or
Samba)
; to provide authentication services
security = user
; Performance Related Options
; respond to WinPopup messages from clients (mail 'em to root)
message command = /bin/mail -s 'Message from %f on %m' root < %s ;
rm
%s
; pass the user's real name to the client
unix realname = yes
; Performance Related Options
; Before setting socket options read the smb.conf man page!!
socket options = TCP_NODELAY
; Still pick need to optimizes this choice
; Browser Control Options:
; Local Master set to True causes Samba to participate in browser
elections
; the default setting is true, this causes Samba to behave like a
; Windows NT server. Setting this to false turns off all browser
; election participation.
; dlb note -- only applies to a specific subnet; probably a good thing
to
; leave turned on
local master = yes
; OS Level gives Samba the power to win browser elections. Windows NT 32
; Any value < 32 means NT wins as Master Browser, > 32 Samba gets
it
; default = 0, this ensures that Samba will NOT win the browser
election.
os level = 35
; Domain Master specifies Samba to be the Domain Master Browser
; Only ever set this if there is NO Windows NT Domain Controller
on the
; network
domain master = yes
; Preferred Master causes Samba to force a local browser election on
startup
; dlb 082598
preferred master = yes
; Where to store roving profiles (only for Win95 and WinNT)
; %L substitutes for the SMB name we are called, %U is username
; You must uncomment the [profiles] share below
logon path = \\%L\profiles\
; Windows Internet Name Serving Support Section:
; WINS Support - Tells the NMBD component of Samba to enable it's WINS
Server
; the default is NO. If you have an Windows NT Server WINS use it!
; Samba defaults to wins support = no
; wins support = no
wins support = yes
; turn this on when upgrading
; how to do name lookups for SMB services
; possibilities include the following:
; wins = use WINS server
; lmhosts = use /etc/lmhosts
; host = use local resolver (host.conf/nsswitch.conf/resolv.conf)
; bcast = broadcast to find the name
; order of parameters is the order they are invoked.
name resolve order = wins host bcast
; WINS Proxy - Tells Samba to answer name resolution queries on behalf
of a non
; WINS Client capable client, for this to work there must be at
least one
; WINS Server on the network. The default is NO.
; wins proxy = yes
;============================ Share Definitions
=============================[homes]
comment = Home Directory
path = /home/%u/winhome
browseable = no
printable = no
read only = no
hide dot files = yes
oplocks = yes
directory mask = 0700
create mask =0700
; the NETLOGON share, where users get a common startup sequence, etc.
[netlogon]
comment = Initialization scripts
path = /netlogon
; path = /home/%u/netlogon
read only = yes
printable = no
browseable = no
locking = no
public = no
; Provide a specific roving profile share
; the default is to use the user's home directory
[profiles]
path = /home/%U/settings
browseable = no
printable = no
read only = no
guest ok = yes
; the cd-rom drive
[cd_1]
comment = First CD-ROM drive
browseable = no
read only = yes
printable = no
valid users = darylb,dthies
locking = no
path = /mnt
; a publicly accessible directory for all users;
; [this should probably be restricted a bit --darylb]
;
[ctstemp]
comment = Temporary public file storage (deleted after 24 hours)
path = /home/public
read only = no
printable = no
write list = @users
valid users = @users
---------------------- end of smb.conf --------------------
