Create Roaming Profiles in Samba4

A roaming profile is a feature of Domain server which allows users to access their personal data on any computer which is joined under the same domain on the same network. So basically the users are logging into their profile whose location is defined on the domain server. So every time a user logs in they are redirected to their profile location so this action becomes computer independent.

Earlier this feature was limited with Windows Active directory domain server but with the introduction of Samba4, roaming profiles can also be implemented to windows NT machine joined under Linux (Samba4) domain server.

The following commands are tested on RedHat 6 and CentOS 6.

Create a directory "profiles" inside /usr/local/samba/var

# mkdir /usr/local/samba/var/profiles 

Now make an entry of this directory in smb.conf to make it sharable among the domain users

# vi /usr/local/samba/etc/smb.conf
path = /usr/local/samba/var/profiles
read only = no

Restart the samba server

# killall samba
# samba
# kinit administrator@EXAMPLE.COM

Once your samba is restarted you can check the updates shared directory on your server

# smbclient -L localhost -U%
Sharename       Type       Comment
---------       ----       -------
netlogon        Disk
sysvol          Disk
profiles        Disk
IPC$            IPC        IPC Service
REWRITE: list servers not implemented

Now go to your windows client machine where you have installed the remote administration tool for your domain server. 

Go to run prompt and type dsa.msc

Go to the user for whom you want to implement roaming profile and add the path followed by the username of the user of the profile directory under the profile tab of the properties section as shown below :

Now run this command to update the policies on the users

Once done go to the client machine and login by the username of the domain user for whom the profile path have been set. Now this time the user will login to the server where the profile location has been mentioned.

Go to your server and you can find a directory by the name of the user must have been created under profile directory
# cd /usr/local/samba/var/profiles
# ls -l
drwxr-xr-x 12 3000012 users   4096 Aug  2 15:35 test

Make sure that the user with roaming profile is logging into the same OS i.e either Windows 7 or Windows XP as I noticed that when I logged in with a user in two different machines with different OS then two directories where created with different profiles. So the user won't be able to access his data which he saved in Windows 7 of he logs into Windows XP
# cd /usr/local/samba/var/profiles
drwxr-xr-x 12 3000012 users   4096 Aug  2 15:35 test
drwxr-xr-x 15 3000012 users   4096 Aug  2 18:53 test.V2

Here test is the directory created when my user logs into Windows XP and test.V2 is used when the user logs into Windows 7.

Related Articles

6 thoughts on “Create Roaming Profiles in Samba4”

  1. Here test is the directory created when my user logs into Windows 7 and test.V2 is used when the user logs into Windows XP.
    7 => test.V2
    XP => test

  2. hi deepak,
    nice tutorial, while i was working on it i found my self stuck in a place where my windows 7 client was not logging in through profile path i gave, it was giving me an error saying "you are logged on using a temporary profile work done on this cannot be stored", surfing through internet i found that changing profilelist key in regedit can work this error out.
    Samba Wiki Says:
    "In Windows 7, the registry contains information on each users roaming profile and should your Samba infrastructure change, such as the network location of users profiles, this can lead to Windows being unable to find the profile. The list of user profiles are located at:
    Deleting an entry will force Windows to look up the users profile from the domain controller and restore the profile".

  3. From what I have tested and been using in Samba 4 release 0 I did not did any registry changes for adding Windows machine into AD and using roaming profiles.
    Please make sure you follow all the steps provided properly
    # smbclient -L localhost -U%
    The above command should give o/p as shown
    Check your firewall and selinux
    Also check the permission you have given to the roaming profile directory inside smb.conf
    You can follow the below page for more info as it seems the new release of samba requires some other permission changes for implementing roaming profile

  4. We're okay with pushing people toward the most user-unfriendly editor to ever have come out of the vietnam war era?
    You may want to say $EDITOR instead of vi, just so there's a chance people can use anything else. I've been happier for the last 20 years, having learned there were other options.

  5. That is a nice piece of advice but I have seen many new comers to Linux who are yet unaware of most of the commands so it might be a difficulty for them to understand this variable and choose some editor of their own for many of my posts.
    But yes thinking out of the box is something which even I prefer and I will try to implement your suggestion so that readers get to know about other editors as well.


Leave a Comment