But I think that´s just a tick in a box?
By the way- do server based profiles exist on NS7- I´ve seen them on NS68.
But I think that´s just a tick in a box?
Do you mean roaming profiles? Good question… I don’t know if and how they’re implemented in AD domains. We should dig around…
exactly- we do not have fixed working places for a couple of users- we are already thinking on workarounds for the beginning. Probably the personal user shares are an opportunity to use for this purpose.
Sounds reasonable. Please note that an home directory in a shared network drive differs from roaming profiles!
I wouldn’t go with roaming profiles though: they tend to become inefficient. But I might be wrong because my experience is dated long time ago…
Nice catch! So in AD there’s no global setting on the server configuration.
That’s very good news for me
and that´s another catch- is there probably an Integration into the NS thinkable? http://www.golinuxhub.com/2012/08/create-roaming-profiles-in-samba4.html
It seems to confirm it is a normal shared folder where an user dedicated subfolder becomes the actual profile position. No special setup is required on the DC. Only set filesystem ACLs on the file server where the shared folder lives.
4 posts were split to a new topic: NTP time synchronization with Samba DC
Are the roaming profiles so essential? Don’t know so I’d like to know your thoughts about it
Well, It´s handy because, some of our users are switching their workstations regularly and and like to have their files and settings on all stations equal.
Indeed, sometimes they are handy
As a Windows admin, we do use roaming profiles and folder redirection. For our setup (not using NS here), its essential, but for others (some companies I previously worked), not. Our users can log into any workstation, not that they do but easier to swap out computers for repair and login to a their newly issued unit with all their files and configurations in-tact.
Its a nice to have feature as it will come in handy when needed.
Just configured roaming profiles with Nethserver:
Login as root into SSH, enter following command (substitute with your domain):
mkdir /var/lib/nethserver/profiles chown "administrator@<domain>" /var/lib/nethserver/profiles chgrp "domain admins@<domain>" /var/lib/nethserver/profiles chmod 777 /var/lib/nethserver/profiles
(I don’t like giving full access to “others”, but it does not work without this. If anyony knows how this could be avoided, please tell me so)
mkdir -p /etc/e-smith/templates-custom/etc/samba/smb.conf vi /etc/e-smith/templates-custom/etc/samba/smb.conf/71profiles
Put this in the new file:
[profiles] comment = Profiles directory browsable = no path = /var/lib/nethserver/profiles read only = no store dos attributes = Yes create mask = 0600 directory mask = 0700 profile acls = yes csc policy = disable
Do a samba update
Now set the profile path (separate for each user or for many users at the same time) via Microsoft RSAT-Tools in the “Active Directory Users and Computers > Profile > User Profile > Profile Path” to
Don’t forget to substitute with the host name of the server.
Or set the profile path as a group policy (via Microsoft RSAT-Tools, group policy editor) "Computer Configuration > Policies > Administrative Templates > System > User Profiles > “Set roaming profile path for all users…” to
But this is done for all users on the computer. Even the local users (not domain users). Don’t forget to update policy before testing (gpupdate /force in DOS box).
Now roaming profiles are working.
Maybe the NethServer part can be configured via the web interface in the future (I’m not yet so deep inside NethServer to do this).
well, think about a windows terminal server joined to the NS domain and roaming profiles… on windows you’ve no data but some sw… i.e. you don’t have to backup it (a VM clone is enough) and can easily move to another server when/if needed
the “roaming” profile is used also in linux, using LTSP or other terminalization tecniques (like X2GO)… you’ve your auth server, a desktop distro that exports the DE, but all the data is in your server…
the sad thing is that windows change roaming profiles each 3x2 (maybe only italian guys will understand )
and each time you’ve got a new version, all the data is copied again…
chmod 777 /var/lib/nethserver/profiles
is nice but better you use
chmod 1777 /var/lib/nethserver/profiles
with the sticky bit it is a lill bit save
777 is bad and should not be used anywhere
yes thats true
was my falt copy an paste error
chmod 1770 /var/lib/nethserver/profiles
For full blown adoption of Nethserver as a replacement for MS SBS which no longer exists, this would be a requirement and a showstopper, yes. It is not doable to use virtualisation in even a small environment, without them, unless you do not mind telling users to redo their settings every day.
Thanks for your thoughts, what are we still missing? Feel free to open a new topic
I’d like to achieve this goal as soon as possible