Roaming Windows User Profiles: Difference between revisions
Mmuehlfeld (talk | contribs) (Undo revision 10936 by (talk). It doesn't matter if a share is upper-/lowercase and all examples (incl. screenshots were with an uppercase P). Reverting the changes, to keep this consistent.) |
Mmuehlfeld (talk | contribs) (Made word "profile" consistent in uppercase on the page.-) |
||
Line 17: | Line 17: | ||
* Add a new share to your smb.conf: |
* Add a new share to your smb.conf: |
||
[ |
[Profiles] |
||
path = /srv/samba/Profiles/ |
path = /srv/samba/Profiles/ |
||
read only = no |
read only = no |
||
Line 68: | Line 68: | ||
* Create a folder for the roaming profiles and set permissions |
* Create a folder for the roaming profiles and set permissions |
||
# mkdir -p /srv/samba/Profiles/ |
# mkdir -p /srv/samba/Profiles/ |
||
# chmod 1770 /srv/samba/ |
# chmod 1770 /srv/samba/Profiles |
||
# chgrp „Domain Users“ /srv/samba/ |
# chgrp „Domain Users“ /srv/samba/Profiles |
||
* Add a new share to your smb.conf: |
* Add a new share to your smb.conf: |
Revision as of 07:12, 8 September 2015
The following sections describe how to setup a profile share stored on a Samba server.
There are different ways to setup the share, depending on using Windows ACLs (recommended) or POSIX ACLs:
- Create a folder for the roaming profiles, Note: These commands must be run by the 'root' user or with 'sudo'
# mkdir -p /srv/samba/Profiles/
- Add a new share to your smb.conf:
[Profiles] path = /srv/samba/Profiles/ read only = no
- Reload Samba:
# smbcontrol all reload-config
- Log on to a Windows machine as Domain Administrator
- Go to „\\Servername“. You'll see the newly added share.
- Right-click the share name, choose „Properties“ and go to the „Security“ tab.
- Click „Advanced“ and then the „Change permissions“ button for a more granular way to edit the share permissions.
- Set the permissions as shown in the following table
Name Permissions Apply to Administrator Full control This folder, subfolders and files Domain Users Traverse folder/execute file, List folder/read data, Create folder/append data This folder only CREATOR OWNER Full control Subfolders and files only
- You can replace "Domain Users" with another group name, if you want to use that group to store profiles on the share. You can add multiple groups, just use the same recommended group permissions for "Domain Users".
- Save the new permissions by closing the windows with „OK“.
- Create a folder for the roaming profiles and set permissions
# mkdir -p /srv/samba/Profiles/ # chmod 1770 /srv/samba/Profiles # chgrp „Domain Users“ /srv/samba/Profiles
- Add a new share to your smb.conf:
[Profiles] path = /srv/samba/Profiles/ read only = no store dos attributes = Yes create mask = 0600 directory mask = 0700 profile acls = yes csc policy = disable
- Reload Samba:
# smbcontrol all reload-config
Configuring roaming profiles for a user
In an AD environment
In an AD environment, you can setup individual roaming profiles for every user.
- Open ADUC.
- Right-click to an user account and choose „Properties“.
- Go to the „Profile“ tab, and fill the path to the users profile.
- If you use the %USERNAME% variable, you can set the profile path to multiple accounts at once, too.
- Windows Vista up to Windows 8.0 create .V2 folders for their profiles. Windows 8.1 starts using .V4 folders and Windows 10 .V5. This is appended automatically if a profile from those systems is uploaded to the server.
In a NT4 domain
In a NT4 environment, you can setup roaming profiles globally for all users on the Samba PDC.
- Add the following directive to your smb.conf:
logon path = \\%L\Profiles\%U
- The logon path directive is where you actually set up roaming profiles. This directive should contain a Windows network path to the location of the profile for each user. If the users profile directory does not exist, it will be created on that location (as long as the user has write access to that directory).
- You can also take full advantage of Samba's variable substitutions (see „man smb.conf“ in the „variable substitutions“ section).
- Reload Samba:
# smbcontrol all reload-config
Troubleshooting roaming profiles
The registry contains information about each user's profile and should your Samba infrastructure change, like the network location of users profiles, Windows might be unable to find it. The list of user profiles is located at:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList
Deleting the correct subkey (user SID) will force Windows to look up the user's profile setting from the domain controller and restore the profile when the next login happens.