Roaming profiles in ns7 Active Directory

But I think that´s just a tick in a box?
By the way- do server based profiles exist on NS7- I´ve seen them on NS68.

3 Likes

Do you mean roaming profiles? Good question… I don’t know if and how they’re implemented in AD domains. We should dig around…

1 Like

exactly- we do not have fixed working places for a couple of users- we are already thinking on workarounds for the beginning. Probably the personal user shares are an opportunity to use for this purpose.

Sounds reasonable. Please note that an home directory in a shared network drive differs from roaming profiles!

I wouldn’t go with roaming profiles though: they tend to become inefficient. But I might be wrong because my experience is dated long time ago…

1 Like

Found this https://wiki.samba.org/index.php/Implementing_roaming_profiles#In_an_AD_environment

1 Like

Nice catch! So in AD there’s no global setting on the server configuration.

That’s very good news for me :grin:

:grin:

and that´s another catch- is there probably an Integration into the NS thinkable? http://www.golinuxhub.com/2012/08/create-roaming-profiles-in-samba4.html

It seems to confirm it is a normal shared folder where an user dedicated subfolder becomes the actual profile position. No special setup is required on the DC. Only set filesystem ACLs on the file server where the shared folder lives.

1 Like

4 posts were split to a new topic: NTP time synchronization with Samba DC

Are the roaming profiles so essential? Don’t know :slight_smile: so I’d like to know your thoughts about it

Well, It´s handy because, some of our users are switching their workstations regularly and and like to have their files and settings on all stations equal.

4 Likes

Indeed, sometimes they are handy

1 Like

As a Windows admin, we do use roaming profiles and folder redirection. For our setup (not using NS here), its essential, but for others (some companies I previously worked), not. Our users can log into any workstation, not that they do but easier to swap out computers for repair and login to a their newly issued unit with all their files and configurations in-tact.

Its a nice to have feature as it will come in handy when needed.

5 Likes

Just configured roaming profiles with Nethserver:

Login as root into SSH, enter following command (substitute with your domain):

mkdir /var/lib/nethserver/profiles
chown "administrator@<domain>" /var/lib/nethserver/profiles
chgrp "domain admins@<domain>" /var/lib/nethserver/profiles
chmod 777 /var/lib/nethserver/profiles

(I don’t like giving full access to “others”, but it does not work without this. If anyony knows how this could be avoided, please tell me so)

mkdir -p /etc/e-smith/templates-custom/etc/samba/smb.conf
vi /etc/e-smith/templates-custom/etc/samba/smb.conf/71profiles

Put this in the new file:


[profiles]
comment = Profiles directory
browsable = no
path = /var/lib/nethserver/profiles
read only = no
store dos attributes = Yes
create mask = 0600
directory mask = 0700
profile acls = yes
csc policy = disable

Do a samba update

signal-event nethserver-samba-update

Now set the profile path (separate for each user or for many users at the same time) via Microsoft RSAT-Tools in the “Active Directory Users and Computers > Profile > User Profile > Profile Path” to

\\<hostname>\profiles\%USERNAME%

Don’t forget to substitute with the host name of the server.
Or set the profile path as a group policy (via Microsoft RSAT-Tools, group policy editor) "Computer Configuration > Policies > Administrative Templates > System > User Profiles > “Set roaming profile path for all users…” to

\\<hostname>\profiles\%USERNAME%

But this is done for all users on the computer. Even the local users (not domain users). Don’t forget to update policy before testing (gpupdate /force in DOS box).

Now roaming profiles are working.

Maybe the NethServer part can be configured via the web interface in the future (I’m not yet so deep inside NethServer to do this).

8 Likes

well, think about a windows terminal server joined to the NS domain and roaming profiles… on windows you’ve no data but some sw… i.e. you don’t have to backup it (a VM clone is enough) and can easily move to another server when/if needed
the “roaming” profile is used also in linux, using LTSP or other terminalization tecniques (like X2GO)… you’ve your auth server, a desktop distro that exports the DE, but all the data is in your server…

the sad thing is that windows change roaming profiles each 3x2 (maybe only italian guys will understand :slight_smile: )
and each time you’ve got a new version, all the data is copied again…

3 Likes

hello uliversal

chmod 777 /var/lib/nethserver/profiles
is nice but better you use
chmod 1777 /var/lib/nethserver/profiles
with the sticky bit it is a lill bit save

777 is bad and should not be used anywhere

1 Like

yes thats true
was my falt copy an paste error
better try
chmod 1770 /var/lib/nethserver/profiles

For full blown adoption of Nethserver as a replacement for MS SBS which no longer exists, this would be a requirement and a showstopper, yes. It is not doable to use virtualisation in even a small environment, without them, unless you do not mind telling users to redo their settings every day.

1 Like

Thanks for your thoughts, what are we still missing? Feel free to open a new topic
I’d like to achieve this goal as soon as possible :slight_smile: