Implementing Roaming Profiles with Samba
To implement Roaming Profiles with Samba a few things must happen. First you must create a share to store these profiles, then you must set a few Samba directives to enable roaming profiles.
NOTE: You can theoretically store profiles within the users home directory, unfortunately Windows does not release a share immediately after logging out. So if you do store user's profiles within the home directories and another user logs into a machine immediately after another user logs out, the newly logged in user could invariably use the other users profile resulting in a possible security issue, as well as other issues. It is best to simply store all of the user profiles within a separate Samba share.
To create a Samba share to use for your user's profiles simply add something similar to your share section of the smb.conf file:
comment = Network Profiles Share
path = /srv/samba/profiles
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
browseable = no
guest ok = no
printable = no
hide files = /desktop.ini/outlook*.lnk/*Briefcase*/
Then ensure that everyone has write access to the directory listed as the path:
chmod o+rw /srv/samba/profiles
Setting relevant directives for Roaming Profiles
The smb.conf settings required to use Roaming Profiles by default are:
logon path = \\%L\profiles\%U
logon home = \\%L\%U\.9xprofile
logon drive = P:
The logon home directive is only used if you have any Windows 9x based machines on your Domain, otherwise it does not need to be set. The logon drive specifies the Drive Letter Windows will assign your home directory, this alleviates the need to create a logon script that essentially would do the same thing.
The logon path directive is where you actually setup roaming profiles. This directive should contain a Windows Network path to the location of the profile for each user. If the user's profile directory does not exist, one will be created at that location (as long as the user has write access to that directory).
You can also take full advantage of Samba's Variable Substitutions (see chapter x) and further separate User's profiles, such as by architecture. Using the directive:
logon path = \\%L\profiles\%U\%a
will separate the user's profiles relating to each version of Windows, such as WinXP, WinNT, etc. This is extremely helpful if you have users that jump from computer to computer that have different versions of Windows on them. This can solve a whole slew of problems relating to the registry on different versions of Windows, especially when running different version of Internet Explorer. Separating profiles in this way can be a very powerful feature, especially when you include Folder Redirection into the mix.