Oliver Rath
2014-Aug-07 15:41 UTC
[Samba] Howto create roaming profiles using samba4 commands only?
Hi list,
this is my first email here :-)
Im using samba4 as ad-dc with ubuntu-14.04.1, which works. I can login
in previously created users on samba4-server with my win8-client.
Unfortunatly I wasnt able to create working roaming profiles yet.
Following the howtos in internet always need the use of windows
admin-tools for creating roaming profiles with the right permissions.
Is it possible to do this with samba4 (i.e. samba-tool) commands only?
At the moment i use this smb.conf (created by howto from samba.org):
# Global parameters
[global]
workgroup = MEIN-NETZWERK
realm = MEIN-NETZWERK.LOKAL
netbios name = SAMBAAID
server role = active directory domain controller
dns forwarder = 192.168.96.254
idmap_ldb:use rfc2307 = yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
[netlogon]
path = /var/lib/samba/sysvol/mein-netzwerk.lokal/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[profiles]
path = /var/lib/samba/profiles
read only = No
[public]
path = /srv/public
guest ok = yes
read only = no
All test from howto were successful (hosts .., smbclient ..)
To create users, i do the following:
samba-tool user add myuser1 myGreatHiddenPassword789
--profile-path=/var/lib/samba/profiles/myuser1
The dir /var/lib/samba/profiles/ is set to a+rwx, so that all writings
are allowed. No additional acl-entries at the moment.
If I now start my (win80)-client, the client is able to login into the
samba-ad-dc, but the profile isnt copied to server after logout as I
assumed. I hope i will solve this with the windows admin tools.
But are roaming profiles theoretically creatable with samba4-commands only?
Tfh!
Regards
Oliver
P.S.: Is there a difference between "samba-tool user add" and
"samba-tool user create" ?
steve
2014-Aug-07 16:03 UTC
[Samba] Howto create roaming profiles using samba4 commands only?
On Thu, 2014-08-07 at 17:41 +0200, Oliver Rath wrote:> Hi list, > > this is my first email here :-) > > Im using samba4 as ad-dc with ubuntu-14.04.1, which works. I can login > in previously created users on samba4-server with my win8-client. > Unfortunatly I wasnt able to create working roaming profiles yet. > > Following the howtos in internet always need the use of windows > admin-tools for creating roaming profiles with the right permissions. > > Is it possible to do this with samba4 (i.e. samba-tool) commands only? > > At the moment i use this smb.conf (created by howto from samba.org): > > # Global parameters > [global] > workgroup = MEIN-NETZWERK > realm = MEIN-NETZWERK.LOKAL > netbios name = SAMBAAID > server role = active directory domain controller > dns forwarder = 192.168.96.254 > idmap_ldb:use rfc2307 = yes > vfs objects = acl_xattr > map acl inherit = Yes > store dos attributes = Yes > > [netlogon] > path = /var/lib/samba/sysvol/mein-netzwerk.lokal/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > [profiles] > path = /var/lib/samba/profiles > read only = No > > [public] > path = /srv/public > guest ok = yes > read only = no > > All test from howto were successful (hosts .., smbclient ..) > > To create users, i do the following: > > samba-tool user add myuser1 myGreatHiddenPassword789 > --profile-path=/var/lib/samba/profiles/myuser1 > > The dir /var/lib/samba/profiles/ is set to a+rwx, so that all writings > are allowed. No additional acl-entries at the moment. > > If I now start my (win80)-client, the client is able to login into the > samba-ad-dc, but the profile isnt copied to server after logout as I > assumed. I hope i will solve this with the windows admin tools. > > But are roaming profiles theoretically creatable with samba4-commands only?Yes its: samba-tool user add --profile-path If you already have your users use ldbmodify (or ldbedit) to add e.g. profilePath: \\sambaaid\profiles\oliver Make sure you have 1777 on /var/lib/samba/profiles HTH Steve