• VMware

    Learn about VMware virtualization for its products like vsphere, vCenter Server, VMware View, VMware P2V and many more

  • Linux

    Step by step configuration tutorials for many of the Linux services like DNS, DHCP, FTP, Samba4 etc including many tips and tricks in Red Hat Linux.

  • Database

    Learn installation and configuration of databases like Oracle, My SQL, Postgresql, etc including many other related tutorials in Linux.

  • A successful man is one who can lay a firm foundation with the bricks others have thrown at him!!!

    Saturday, August 18, 2012

    Create Roaming Profiles in Samba4

    A roaming profile is a feature of Domain server which allows users to access their personal data on any computer which is joined under the same domain on the same network. So basically the users are logging into their profile whose location is defined on the domain server. So every time a user logs in they are redirected to their profile location so this action becomes computer independent.

    Earlier this feature was limited with Windows Active directory domain server but with the introduction of Samba4, roaming profiles can also be implemented to windows NT machine joined under Linux (Samba4) domain server.

    The following commands are tested on RedHat 6 and CentOS 6.

    Create a directory "profiles" inside /usr/local/samba/var
    # mkdir /usr/local/samba/var/profiles 
    Now make an entry of this directory in smb.conf to make it sharable among the domain users
    # vi /usr/local/samba/etc/smb.conf
    [profiles]
    path = /usr/local/samba/var/profiles
    read only = no
    Restart the samba server
    # killall samba
    # samba
    # kinit administrator@EXAMPLE.COM
    Once your samba is restarted you can check the updates shared directory on your server
    # smbclient -L localhost -U%
    Sharename       Type       Comment
    ---------       ----       -------
    netlogon        Disk
    sysvol          Disk
    profiles        Disk
    IPC$            IPC        IPC Service
    REWRITE: list servers not implemented
    Now go to your windows client machine where you have installed the remote administration tool for your domain server. 

    Go to run prompt and type dsa.msc


    Go to the user for whom you want to implement roaming profile and add the path followed by the username of the user of the profile directory under the profile tab of the properties section as shown below :


    Now run this command to update the policies on the users


    Once done go to the client machine and login by the username of the domain user for whom the profile path have been set. Now this time the user will login to the server where the profile location has been mentioned.

    Go to your server and you can find a directory by the name of the user must have been created under profile directory
    # cd /usr/local/samba/var/profiles
    # ls -l
    drwxr-xr-x 12 3000012 users   4096 Aug  2 15:35 test


    IMPORTANT NOTE:
    Make sure that the user with roaming profile is logging into the same OS i.e either Windows 7 or Windows XP as I noticed that when I logged in with a user in two different machines with different OS then two directories where created with different profiles. So the user won't be able to access his data which he saved in Windows 7 of he logs into Windows XP
    # cd /usr/local/samba/var/profiles 
    drwxr-xr-x 12 3000012 users   4096 Aug  2 15:35 test
    drwxr-xr-x 15 3000012 users   4096 Aug  2 18:53 test.V2
    Here test is the directory created when my user logs into Windows XP and test.V2 is used when the user logs into Windows 7.

    Related Articles


    Follow the below links for more tutorials

    6 comments:

    1. Here test is the directory created when my user logs into Windows 7 and test.V2 is used when the user logs into Windows XP.

      Wrong.

      7 => test.V2
      XP => test

      ReplyDelete
      Replies
      1. Thank You for marking the mistake.

        It has been corrected.

        Delete
    2. hi deepak,
      nice tutorial, while i was working on it i found my self stuck in a place where my windows 7 client was not logging in through profile path i gave, it was giving me an error saying "you are logged on using a temporary profile work done on this cannot be stored", surfing through internet i found that changing profilelist key in regedit can work this error out.
      Samba Wiki Says:
      "In Windows 7, the registry contains information on each users roaming profile and should your Samba infrastructure change, such as the network location of users profiles, this can lead to Windows being unable to find the profile. The list of user profiles are located at:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList
      Deleting an entry will force Windows to look up the users profile from the domain controller and restore the profile".

      ReplyDelete
      Replies
      1. From what I have tested and been using in Samba 4 release 0 I did not did any registry changes for adding Windows machine into AD and using roaming profiles.

        Please make sure you follow all the steps provided properly
        # smbclient -L localhost -U%

        The above command should give o/p as shown

        Check your firewall and selinux
        Also check the permission you have given to the roaming profile directory inside smb.conf

        You can follow the below page for more info as it seems the new release of samba requires some other permission changes for implementing roaming profile
        http://wiki.samba.org/index.php/Samba_%26_Windows_Profiles

        Thanks
        Deepak

        Delete
    3. We're okay with pushing people toward the most user-unfriendly editor to ever have come out of the vietnam war era?

      You may want to say $EDITOR instead of vi, just so there's a chance people can use anything else. I've been happier for the last 20 years, having learned there were other options.

      ReplyDelete
      Replies
      1. That is a nice piece of advice but I have seen many new comers to Linux who are yet unaware of most of the commands so it might be a difficulty for them to understand this variable and choose some editor of their own for many of my posts.

        But yes thinking out of the box is something which even I prefer and I will try to implement your suggestion so that readers get to know about other editors as well.

        Thanks
        Deepak

        Delete