Re: [Samba] Still mandatory profiles, every user same profile

2012-10-31 Thread Joel Franco Guzmán 
Hi Ulrich,

I have a similar problem like you described:

I want several users to authenticate in your windows machine with your
specific login/pass, but all of them use the same mandatory fixed
roaming profile.

Have you succeeded your setup with the Barlett sugestions? In that case,
can you post your solution?

Regards,

-- 
Joel Franco Guzmán

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Still mandatory profiles, every user same profile

2012-08-28 Thread Ulrich Schinz 

Hi there,

again me, again similar question.

First of all, what is it, what I'd like to have:

1.) Every user in my System should use the same profile. In dsa.msc I 
gave every user as profile-path \\samba4\profiles\stud
2.) The users should not be able to change anything in that profile (I 
think changing ntuser.dat to ntuser.man should do the job, proposed i 
got step one managed ;) )


System setup:

OS: Linux, Debian Wheezy, 3.2.0-3-amd64 #1 SMP
Samba-Version: todays git-pull: Version 4.0.0beta8-GIT-9e441c4

On my client I'm using Windows 7.

My samba-setup followed the wiki.


What I tried until now:

1.) 
http://infrablog.escde.net/2011/09/30/mandatory-profiles-oder-ein-profil-fur-alle/ 
(sorry it's in german, but I think its clear, what has to be done there).

Another vid showing same way: http://www.youtube.com/watch?v=bDWEsJ0bJe8
This one didn't work. If i try to change the rights of that folder and 
ntuser.dat-hive, it's not possible to get the same rights, like shown in 
the video. Some rights (creator group etc) are created automatically, 
and ich cant remove them. Not shure, whether this is the problem, 
anyways, windows 7 allways tells me, that I'm beeing logged on with a 
temporary profile...


2.) http://lists.samba.org/archive/samba/2005-August/110239.html
Another post from me, some months ago, where I managed this setup in a 
samba3-ldap environment (where it worked). This way even is not working. 
Same error, temporary profile.


3.) I tried to create a default user profile in my netlogon-share.
My plan was to create a default user profile, so that at every logon 
this profile is copied. So I would have been able to delete the profiles 
over night via cron... But the profile isn't loaded. Maybe I'm doing 
something wrong in this setup...
One way was to copy a customized profile to netlogon-share (see 2.) ) 
whith read-access to authenticated users. But this profile isn't loaded. 
Again the message is: temporary profile. In my profiles-share only a 
folder is created (username.v2) but this folder stays empty.

Other way, was to just copy a profile to netlogon, but same problem

So now my question to you guys is: is there someone, who got this 
working with samba4, or is it even working in samba4 to get this kind of 
setup running?


Maybe someone has some hints for me, what else I could try.

Kind regards
Uli
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Still mandatory profiles, every user same profile

2012-08-28 Thread Andrew Bartlett 
On Tue, 2012-08-28 at 13:10 +0200, Ulrich Schinz wrote:
 Hi there,
 
 again me, again similar question.
 
 First of all, what is it, what I'd like to have:
 
 1.) Every user in my System should use the same profile. In dsa.msc I 
 gave every user as profile-path \\samba4\profiles\stud
 2.) The users should not be able to change anything in that profile (I 
 think changing ntuser.dat to ntuser.man should do the job, proposed i 
 got step one managed ;) )

 So now my question to you guys is: is there someone, who got this 
 working with samba4, or is it even working in samba4 to get this kind of 
 setup running?

I did this with Samba3, years ago.   If I recall correctly, I did the
ACL change to the NTuser.dat, changed it to to ntuser.man and put in in
the netlogon share.

Then I wrote the (still included) disgusting hack: the 'fake_perms' VFS
module.  This is still in the tree - it might even still work!  Set:

[netlogon]
vfs objects = fake_perms
read only = yes
to try it out.  I think the right fix would have been to run:

[netlogon]
profile acls = true
read only = yes

so try that as well.

Make sure you are using s3fs (the new default file server).  I've
suggested read only = yes because I can't vouch for the security
implications of using my old module (it pretends the current user always
owns the file).  

If either of these help, then please let me know so we can work out the
right way to support this long term.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba