Roaming profiles in ns7 Active Directory

v7

(Dr Thomas Quinton) #1

But I think that´s just a tick in a box?
By the way- do server based profiles exist on NS7- I´ve seen them on NS68.


Moving from Zentyal 3.4 DC to NS7 DC (AD) at a medical institution
Roaming profiles I know it's been covered but I just can't get it working
CentOS7 Desktop Client?
Looking for HOWTO for Neth 7 as AD PDC and file server with Ubuntu and Windows clients
(Davide Principi) #2

Do you mean roaming profiles? Good question… I don’t know if and how they’re implemented in AD domains. We should dig around…


(Dr Thomas Quinton) #3

exactly- we do not have fixed working places for a couple of users- we are already thinking on workarounds for the beginning. Probably the personal user shares are an opportunity to use for this purpose.


(Davide Principi) #4

Sounds reasonable. Please note that an home directory in a shared network drive differs from roaming profiles!

I wouldn’t go with roaming profiles though: they tend to become inefficient. But I might be wrong because my experience is dated long time ago…


(Dr Thomas Quinton) #5

Found this https://wiki.samba.org/index.php/Implementing_roaming_profiles#In_an_AD_environment


(Davide Principi) #6

Nice catch! So in AD there’s no global setting on the server configuration.

That’s very good news for me :grin:


(Dr Thomas Quinton) #7

:grin:

and that´s another catch- is there probably an Integration into the NS thinkable? http://www.golinuxhub.com/2012/08/create-roaming-profiles-in-samba4.html


(Davide Principi) #8

It seems to confirm it is a normal shared folder where an user dedicated subfolder becomes the actual profile position. No special setup is required on the DC. Only set filesystem ACLs on the file server where the shared folder lives.


(Davide Principi) split this topic #9

4 posts were split to a new topic: NTP time synchronization with Samba DC


NTP time synchronization with Samba DC
(Alessio Fattorini) #10

Are the roaming profiles so essential? Don’t know :slight_smile: so I’d like to know your thoughts about it


(Dr Thomas Quinton) #11

Well, It´s handy because, some of our users are switching their workstations regularly and and like to have their files and settings on all stations equal.


(Alessio Fattorini) #12

Indeed, sometimes they are handy


(Vhinz Sanchez) #13

As a Windows admin, we do use roaming profiles and folder redirection. For our setup (not using NS here), its essential, but for others (some companies I previously worked), not. Our users can log into any workstation, not that they do but easier to swap out computers for repair and login to a their newly issued unit with all their files and configurations in-tact.

Its a nice to have feature as it will come in handy when needed.


RSAT and Roaming Profiles NS7
(Uli Gr) #14

Just configured roaming profiles with Nethserver:

Login as root into SSH, enter following command (substitute with your domain):

mkdir /var/lib/nethserver/profiles
chown "administrator@<domain>" /var/lib/nethserver/profiles
chgrp "domain admins@<domain>" /var/lib/nethserver/profiles
chmod 777 /var/lib/nethserver/profiles

(I don’t like giving full access to “others”, but it does not work without this. If anyony knows how this could be avoided, please tell me so)

mkdir -p /etc/e-smith/templates-custom/etc/samba/smb.conf
vi /etc/e-smith/templates-custom/etc/samba/smb.conf/71profiles

Put this in the new file:


[profiles]
comment = Profiles directory
browsable = no
path = /var/lib/nethserver/profiles
read only = no
store dos attributes = Yes
create mask = 0600
directory mask = 0700
profile acls = yes
csc policy = disable

Do a samba update

signal-event nethserver-samba-update

Now set the profile path (separate for each user or for many users at the same time) via Microsoft RSAT-Tools in the “Active Directory Users and Computers > Profile > User Profile > Profile Path” to

\\<hostname>\profiles\%USERNAME%

Don’t forget to substitute with the host name of the server.
Or set the profile path as a group policy (via Microsoft RSAT-Tools, group policy editor) "Computer Configuration > Policies > Administrative Templates > System > User Profiles > “Set roaming profile path for all users…” to

\\<hostname>\profiles\%USERNAME%

But this is done for all users on the computer. Even the local users (not domain users). Don’t forget to update policy before testing (gpupdate /force in DOS box).

Now roaming profiles are working.

Maybe the NethServer part can be configured via the web interface in the future (I’m not yet so deep inside NethServer to do this).


SAMBA AD Romaing profiles issue
Samba stopped and can't restart
(Stefano Zamboni) #15

well, think about a windows terminal server joined to the NS domain and roaming profiles… on windows you’ve no data but some sw… i.e. you don’t have to backup it (a VM clone is enough) and can easily move to another server when/if needed
the “roaming” profile is used also in linux, using LTSP or other terminalization tecniques (like X2GO)… you’ve your auth server, a desktop distro that exports the DE, but all the data is in your server…

the sad thing is that windows change roaming profiles each 3x2 (maybe only italian guys will understand :slight_smile: )
and each time you’ve got a new version, all the data is copied again…


(Axel Urbanski) #16

hello uliversal

chmod 777 /var/lib/nethserver/profiles
is nice but better you use
chmod 1777 /var/lib/nethserver/profiles
with the sticky bit it is a lill bit save


(Stefano Zamboni) #17

777 is bad and should not be used anywhere


(Axel Urbanski) #18

yes thats true
was my falt copy an paste error
better try
chmod 1770 /var/lib/nethserver/profiles


(Jeroen Visser) #19

For full blown adoption of Nethserver as a replacement for MS SBS which no longer exists, this would be a requirement and a showstopper, yes. It is not doable to use virtualisation in even a small environment, without them, unless you do not mind telling users to redo their settings every day.


(Alessio Fattorini) #20

Thanks for your thoughts, what are we still missing? Feel free to open a new topic
I’d like to achieve this goal as soon as possible :slight_smile: