Samba-4.3 FreeBSD-10.3 Roaming Profiles

Discussion:

(too old to reply)

James B. Byrne via freebsd-questions

2016-07-21 20:58:15 UTC

Has anyone on the list gotten Roaming Profiles to work with Samba43 on
FreeBSD configured as as an AD-DC? I have followed the steps given on
the Samba web-site and while I can get the User Home Drive Shares to
be assigned to a user profile the Roaming Profile share is not
created.

There are differences between the instructions given for user profile
and user home drive share permissions. But even if I duplicate the
settings for the User Home Drive on the Profiles share it is still not
created when added to the User profile.

If someone could point me to a current comprehensive guide as to what
needs to be done on FreeBSD; or can walk me though the exact steps
that they took to get this part working on their Samba install, then I
would greatly appreciate it.

The official guide for the Roaming Profile set-up on the Samba wiki is
not as comprehensive as that for the User Home Drive set-up and I
suspect some trivial piece of assumed knowledge is absent from the
roaming profile write-up.

Sincerely,
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne mailto:***@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3

Jørn Åne

2016-07-21 22:08:00 UTC

Permalink

Post by James B. Byrne via freebsd-questions
Has anyone on the list gotten Roaming Profiles to work with Samba43 on
FreeBSD configured as as an AD-DC? I have followed the steps given on
the Samba web-site and while I can get the User Home Drive Shares to
be assigned to a user profile the Roaming Profile share is not
created.
There are differences between the instructions given for user profile
and user home drive share permissions. But even if I duplicate the
settings for the User Home Drive on the Profiles share it is still not
created when added to the User profile.
If someone could point me to a current comprehensive guide as to what
needs to be done on FreeBSD; or can walk me though the exact steps
that they took to get this part working on their Samba install, then I
would greatly appreciate it.
The official guide for the Roaming Profile set-up on the Samba wiki is
not as comprehensive as that for the User Home Drive set-up and I
suspect some trivial piece of assumed knowledge is absent from the
roaming profile write-up.

It's been a while, but if my memory serves me right, it works like this:

When you set a roaming profile in AD-DC, it tries to create the profile
directory using your privileges. It then uses your administrative
privileges (so you're in admin users) to change the owner and lock you out.

When I set up Samba a while ago, I decided that I did not like that I
essentially needed to be root in order to create a share. So in order
to work around that, I use the «root preexec»-directive in smb4.conf so
that it can create the users' directory when the user actually logs in.
I used the magic [homes] share, but you can just as well use another one.

The only backside of that method is, when you set the roaming profile,
you get an permision error. But the field is set anyway, and when the
user logs in the profile directory is created.

--
Jørn Åne

Andrea Venturoli

2016-07-22 06:55:02 UTC

Permalink

Post by James B. Byrne via freebsd-questions
Has anyone on the list gotten Roaming Profiles to work with Samba43 on
FreeBSD configured as as an AD-DC?

Yes and no.

Yes: I have set up a couple of AD domains with roaming profiles; AD DCs
are jails on 9.3 or 10.3.
No: I don't have the roaming profiles on the DC; I leave the file server
role to a different Samba instance.

If such a setup might suit you, just ask.

bye
av.

James B. Byrne

2016-07-22 13:19:27 UTC

Permalink

Post by Andrea Venturoli

Post by James B. Byrne via freebsd-questions
Has anyone on the list gotten Roaming Profiles to work with Samba43
on
FreeBSD configured as as an AD-DC?

Yes and no.
Yes: I have set up a couple of AD domains with roaming profiles; AD
DCs
are jails on 9.3 or 10.3.
No: I don't have the roaming profiles on the DC; I leave the file
server
role to a different Samba instance.
If such a setup might suit you, just ask.
bye
av.

Anything that works will suit me at them moment. Do you have a write
up of what steps you followed for the 10.3 arrangement?

What bothers me is that the users share gets created as expected but
that the profile share does not. Due to my lack of experience with AD
I do not understand why the set up for the two shares differ on the
Samba wiki or what the implications of the differences are.
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne mailto:***@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3