SAMBA AD Romaing profiles issue

NethServer Version: System version: NethServer release 7.3.1611 (Final) Kernel release 3.10.0-514.10.2.el7.x86_64
Module: SAMBA

Hey all. Could ya help me out a little with Samba ?

First of all, can someone confirm NethServer uses Posix ACL’s ? If so, then why on earth cant I get roaming profiles to work. I will explain what I did, and hope someone will have some time to review those steps.

First of all, this is a member server in samba AD domain where this is being done on.

mkdir /var/lib/nethserver/r_profiles
chown "administrator@domain":"Domain Users@domain"
chmod 2750 /var/lib/nethserver/r_profiles

Next I edited my /etc/e-smith/templates/etc/samba/smb.conf/70shares and added this:

comment = User profile share
path = {$baseDir}/r_profiles
read only = no
map acl inherit = yes
store dos attributes = yes
vfs objects = acl_xattr

;create mode = 0660
;force create mode = 0660
;directory mode = 0770
;force directory mode = 0770
;store dos attributes = yes
;profile acls = yes
;csc policy = disable

next I give a:

signal-event nethserver-samba-update

I have played with a number of options in the template, but whatever I do, it doesnt work. I got it working a little bit, whiile using the Windows ACLs howto on the Samba site … but that rather quickly stopped working too.

When I logon to a windows workstation with an account that has a profile path set to \\\\server\profiles$\%username% I get access denied.

I have read that this is possibly due to obey pam restrictions = YES … but this is needed for home folder creation afaik ?

Could someone help me out here ? All I need is roaming profiles on a member server in a way that users can not access eachothers profiles. This keeping in mind that Windows requires either the user having full controll, or the administrator.

P.S., yes, this is not supported out of the box, please comment on my solution and if I did it right regarding where to edit the template and where to create the folder … tnx.

P.P.S., why do I need to use 4 \ ( \\ ) in order to get 2 ? Do I even want to know ?

Take a look at:

Guess some special characters need to be properly escaped in the code.