Hello everyone, We are investigating migrating our Windows 2003 active directory domain to a purely Samba one. I am a relative novice to Samba. I have used it many times to do simple file and printer sharing on an individual or workgroup basis, but never in a domain environment. One of the things I need to find out how to do involves delivering Windows profiles. On our Windows network, some users use local profiles, some use roaming profiles, and some use mandatory profiles; depending on their status as staff, faculty, or student. Currently, I set these attributes individually in each user object's properties in active directory. I have successfully deployed a roaming profile on my test Samba network. But so far I can only see how to do this globally for all users in the global section of the smb.conf. I HAVE to be able to assign these on an individual or group basis based on the needs of different users. I intend to use LDAP for my backend. As I understand it, you can set many different user attributes using LDAP. I would like to find out specifically how to setup individual windows profiles, and generally whatever other windows property managements may be possible? I'd also like to know if it is possible to assign these kinds of attributes to groups in Samba. It would be convenient to be able to set up an environment configuration based on group membership. Then I could control these things merely by moving users in and out of different groups. Thanks in advance for your help! Troy
On Wednesday 28 January 2009 17:24:52 Troy Heidner wrote:> Hello everyone, > > We are investigating migrating our Windows 2003 active directory domain to > a purely Samba one. I am a relative novice to Samba. I have used it many > times to do simple file and printer sharing on an individual or workgroup > basis, but never in a domain environment. One of the things I need to find > out how to do involves delivering Windows profiles. On our Windows > network, some users use local profiles, some use roaming profiles, and some > use mandatory profiles; depending on their status as staff, faculty, or > student. Currently, I set these attributes individually in each user > object's properties in active directory.Samba currently implements only NT4 style profile handling. It is easily possible to create any type of NT4-style windows profile. The capability exits for: a) Roaming per-user profiles b) Mandatory profiles (per-user or per-group) c) Network default profiles Samba makes it possible to do this per group also. It is also possible to apply NTConfig.POL policies but so far as I am aware this does not work with Vista and Windows 7.> I have successfully deployed a roaming profile on my test Samba network.This is the simplest to deploy. It is documented in Samba3-ByExample. See: http://www.samba.org/samba/docs/Samba3-ByExample.pdf> But so far I can only see how to do this globally for all users in the > global section of the smb.conf.With an LDAP backend it is possible to specify the location of a per-user profile. This also makes it possible to specify a group profile.> I HAVE to be able to assign these on an > individual or group basis based on the needs of different users. I intend > to use LDAP for my backend. As I understand it, you can set many different > user attributes using LDAP. I would like to find out specifically how to > setup individual windows profiles, and generally whatever other windows > property managements may be possible?Any setting that is available in NT4 can be set with Samba.> I'd also like to know if it is > possible to assign these kinds of attributes to groups in Samba.Samba does NOT implement group policy objects as does active directory. For that capability you need Samba4 which has not yet been released for production use. You may want to evaluate Samba4 and be part of the feedback team on that. Samba4 implements active directory technology.> It would > be convenient to be able to set up an environment configuration based on > group membership. Then I could control these things merely by moving users > in and out of different groups.It is possible to test for group membership in a logon script and then to map drives to or paths to a location at which a group profile is shared. It's one one to get mostly what you want. Cheers, John T.
John, Thank you VERY much for your input! That is exactly the information I was looking for. I am continuing to make my way through your How To and By Example books too. I have been lurking on this list for a couple of months and have been very impressed with the level of expertise and the willingness to help here. Knowing this resource exists is one of the things that gives me enough confidence and peace of mind to roll out Samba as a critical system in our work environment, even though I don't have an official channel of paid support. I can't say enough good things about the work that you all accomplish here. Thanks again! Troy> > > On Wed, Jan 28, 2009 at 6:11 PM, John H Terpstra <jht@samba.org> wrote: > >> On Wednesday 28 January 2009 17:24:52 Troy Heidner wrote: >> > Hello everyone, >> > >> > We are investigating migrating our Windows 2003 active directory domain >> to >> > a purely Samba one. I am a relative novice to Samba. I have used it >> many >> > times to do simple file and printer sharing on an individual or >> workgroup >> > basis, but never in a domain environment. One of the things I need to >> find >> > out how to do involves delivering Windows profiles. On our Windows >> > network, some users use local profiles, some use roaming profiles, and >> some >> > use mandatory profiles; depending on their status as staff, faculty, or >> > student. Currently, I set these attributes individually in each user >> > object's properties in active directory. >> >> Samba currently implements only NT4 style profile handling. It is easily >> possible to create any type of NT4-style windows profile. The capability >> exits >> for: >> a) Roaming per-user profiles >> >> b) Mandatory profiles (per-user or per-group) >> >> c) Network default profiles >> Samba makes it possible to do this per group also. >> >> It is also possible to apply NTConfig.POL policies but so far as I am >> aware >> this does not work with Vista and Windows 7. >> >> > I have successfully deployed a roaming profile on my test Samba network. >> >> This is the simplest to deploy. It is documented in Samba3-ByExample. >> See: >> http://www.samba.org/samba/docs/Samba3-ByExample.pdf >> >> > But so far I can only see how to do this globally for all users in the >> > global section of the smb.conf. >> >> With an LDAP backend it is possible to specify the location of a per-user >> profile. This also makes it possible to specify a group profile. >> >> > I HAVE to be able to assign these on an >> > individual or group basis based on the needs of different users. I >> intend >> > to use LDAP for my backend. As I understand it, you can set many >> different >> > user attributes using LDAP. I would like to find out specifically how >> to >> > setup individual windows profiles, and generally whatever other windows >> > property managements may be possible? >> >> Any setting that is available in NT4 can be set with Samba. >> >> > I'd also like to know if it is >> > possible to assign these kinds of attributes to groups in Samba. >> >> Samba does NOT implement group policy objects as does active directory. >> For >> that capability you need Samba4 which has not yet been released for >> production >> use. You may want to evaluate Samba4 and be part of the feedback team on >> that. Samba4 implements active directory technology. >> >> > It would >> > be convenient to be able to set up an environment configuration based on >> > group membership. Then I could control these things merely by moving >> users >> > in and out of different groups. >> >> It is possible to test for group membership in a logon script and then to >> map >> drives to or paths to a location at which a group profile is shared. It's >> one >> one to get mostly what you want. >> >> Cheers, >> John T. >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > >