Samba - how to disable roaming profiles

[martin.m]

When I modify /usr/share/ebox/stubs/samba/smb.conf.mas and /usr/share/ebox/stubs/samba/smbldap.conf.mas and restart ebox, anything changes for users. When I manually remove roaming profile path entries in LDAP, after restart all setting are back. What I am doing wrong ?

thanks

Martin

[jcanfield]

What changes are you making to smb.conf?

What entries are you removing from the ldap tree?

This is definitely one of those issues that needs to be addressed.  IMHO, roaming profiles should be disabled in the default configuration simply because they can be a complete mess if you do not know what you are doing.  Too many client side changes are required for roaming profiles to work properly.

Ebox should take SME Server's lead on this one and have it disabled by default.

http://wiki.contribs.org/Image:Workgroup.png

Update:

I forgot to mention how to disable roaming profiles...

They can be disabled on samba by leaving the following two options undefined in your smb.conf. Do not comment them out,  just leave them unassigned.

logon path =
logon home =

Personally,  I tend to only "blank out" 'logon path' because I like the users to continue to have an auto-mounted home drive on the server.

[martin.m]

My settings is here:

smb.conf.mas :

Code: [Select]


logon script = logon.bat
logon drive = H:
logon home =
logon path =

smbldap.conf.mas :

Code: [Select]

userSmbHome="\\<% $netbios %>\%U"

userProfile=""

userHomeDrive="H:"

userScript="logon.bat"

and after restart the ldap tree contains this:

Code: [Select]

sambaLMPassword D6A5A3C070B18C94AAD3B435B51404EE
sambaPrimaryGroupSID S-1-5-21-1911238739-97561441-2706018148-513
jabberUid Martin
objectClass inetOrgPerson
objectClass posixAccount
objectClass sambaSamAccount
objectClass userJabberAccount
userPassword [B@8238f4
sambaLogonTime 0
uid Martin
uidNumber 2001
cn Martin
sambaLogoffTime 2147483647
sambaPwdLastSet 1192132788
sambaAcctFlags [U]
sambaProfilePath \\EBOX\profiles\Martin
jabberAdmin FALSE
gidNumber 1901
sambaPwdMustChange 2147483647
sambaNTPassword C3FFF863E3D346C960473D67923ECB58
sambaPwdCanChange 1192132788
sambaSID S-1-5-21-1911238739-97561441-2706018148-5002
description Martin
homeDirectory /home/samba/users/Martin
sambaKickoffTime 2147483647
sn Martin
sambaHomePath \\EBOX\homes\Martin

The Windows registry after logon to domain is here:

[migges]

Hi same problem here,

i search the hole day to disable roaming profiles, but i found nothing that works

in the smb.conf i set the following ...

Code: [Select]

logon home =
logon path =

doesn't work 

over gpedit.msc on the client i set roaming profiles off, but saving the profil is already enabled

doesn't work 

now i have change something in the profile-config, so that windows doesn't find the diconary. thats works, but the windows error msg sucks

can everybody help me?

best regards

ps: eBox-Version 0.11.99

[jcanfield]

Code: [Select]

...
sambaProfilePath \\EBOX\profiles\Martin
...


I'm curious if the LDAP profile entry is being created after the user logs in or if this exists because roaming profiles were enabled previously?

Try this:

Delete the sambaProfilePath LDAP entry and try to log in again. Make sure you delete the cached version of the profile on the client PC before logging in.  It might be easier to create a new user in ebox so you can be certain you don't have cached info. If roaming profiles are enabled and this entry doesn't exist, it will be created automatically.

Let me know,

Jim

 

 

[javi]

I'll add an option to the GUI to enable/disable the roaming profiles in the next release.

I'll probably upload a package to test this feature during this week.

Cheers,

Javi

[javi]

Hi,

I've just added the option to enable/disable roaming profiles. I disabled it by default as jcanfield recommended.

According to the documentation and as jcanfield pointed out, there could be issues with existing users:

Disable  the use of roaming profiles by setting the value of this
parameter to the empty string. For example, logon path = "". Take
note that even if the default setting in the smb.conf file is the
empty string, any value specified in the user account settings in
the  passdb  backend  will  over-ride  the effect of setting this
parameter to null. Disabling of all roaming profile use  requires
that the user account settings must also be blank.

I guess during tomorrow this modification will be available in Ubuntu hardy.

Take a look at the modification:



Thank you guys for reporting and helping fix this.

[jcanfield]

Thank you guys for reporting and helping fix this.

Wow, that was quick work. Thanks Javi!  Shouldn't you be asleep?

[migges]

Great! Thumbs up! 

[dmeireles]

Greetings everyone.

Javi, thumbs up for the quick fix for the Ubuntu package, but I've got one doubt: Using eBox 0.11.99 (tailored debian installer) on a production system, how do I manualy disable the roaming profiles? I sure can edit /etc/samba/smb.conf and the ldap entry that tells where the profile is at for each user, but as soon as I reboot the eBox Server, the smb.conf goes back again with the roaming profile option enabled. And one more thing: disableing this won't mess around with the login script? I ask this because I use the login script to do some mappings and I wouldn't like to disable this feature...

Best Regards!