The SAMBA-LDAP-PDC Howto

11

Revision : 1.24

Profile management

WARNING : Under writing !
TODO: Howto manage profiles (NT profiles, as Unix do the job since... AT&T time...)

11.1

Roaming/Roving profiles

When a Microsoft Windows NT user joined the IDEALX-NT domain, his profile is stored in
the directory defined in the profile section of the samba configuration file. He has to log out
for this to be saved. This is a roaming profile: he can use this profile from any computer he
want. If his personal configuration changed, it will be integrated in his roaming profile.
In this Howto, we used roaming profiles: the LDAP ProfilePath indicate to Samba where to
look for those roaming profile (
PDC-SRV
profiles
testsmbuser2, and the [profiles] section of the /etc/samba/smb.conf indicate to samba how to
deal with those profiles.
Keep in mind that a ’regular’ roaming profile is about 186 Kb of data (even more if users
uses big GIF or BMP image as background picture ...): don’t forget impact on load/traffic...

11.2

Mandatory profiles

The mandatory profile is created by the same way of the roaming profile. The difference is
that his profile is made read only by the administrator so that the user can have only one
fixed profile on the domain.
To do so, rename the file NTuser.dat to NTuser.man (for MANdatory profile), and remove
the right access bit. For our testsmbuser1 user, you’ll have to do:

mv /opt/samba/profiles/testsmbuser1/NTUSER.DAT /opt/samba/profiles/testsmbuser1/NTUSER.MAN
chmod -w /opt/samba/profiles/testsmbuser1/NTUSER.MAN

This way, you may want to set up a common user profile for every user on the Domain.

11.3

Logon Scripts

To use Logon Scripts (.BAT or .CMD), just specify the relative path from the netlogon share
to the command script desired in the scriptPath attribute for the user.
Variable substitutions (the logon script smb.conf directive when you’re using LDAP.

page 30/56