User-agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)
Evan Smith wrote:
We want our users to log into a mandatory profile when they log into a
windows machine in the school. Does anyone know of a good how-to for this?
Is it possible to setup a few profiles and assign them to different
users, ie. staff profile and student profile
To do this do i just create these profiles, rename NTUser.dat to
NTUser.man and place them into /Users/Profiles. Then for each user set
their profile field to \\server\Profiles\profilename
or do i just create one profile and alter smb.conf to use this?
If you only need a single profile for everyone, you should be able to alter
smb.conf and use the global "logon path =" (see instructions below) with
a fixed string.
If you want group profiles, you may be able to achieve that using
the variable substitution feature (with the default logon group).
Note that you can override this in OD for individuals if you need to.
************** man smb.conf
logon path (G)
This parameter specifies the directory where roaming profiles (Desktop, NTuser.dat, etc) are stored. Contrary to previous versions of these
manual pages, it has nothing to do with Win 9X roaming profiles. To find out how to handle roaming profiles for Win 9X system, see the logon home
parameter.
This option takes the standard substitutions, allowing you to have separate logon scripts for each user or machine. It also specifies the
directory from which the "Application Data", (desktop, start menu, network neighborhood, programs and other folders, and their contents, are loaded
and displayed on your Windows NT client.
The share and the path must be readable by the user for the preferences and directories to be loaded onto the Windows NT client. The share must
be writeable when the user logs in for the first time, in order that the Windows NT client can create the NTuser.dat and other directories.
Thereafter, the directories and any of the contents can, if required, be made read-only. It is not advisable that the NTuser.dat file be made
read-only - rename it to NTuser.man to achieve the desired effect (a MANdatory profile).
Windows clients can sometimes maintain a connection to the [homes] share, even though there is no user logged in. Therefore, it is vital that the
logon path does not include a reference to the homes share (i.e. setting this parameter to \\%N\homes\profile_path will cause problems).
This option takes the standard substitutions, allowing you to have separate logon scripts for each user or machine.
Warning
Do not quote the value. Setting this as ā\\%N\profile\%Uā will break profile handling. Where the tdbsam or ldapsam passdb backend is used, at the
time the user account is created the value configured for this parameter is written to the passdb backend and that value will over-ride the parameter
value present in the smb.conf file. Any error present in the passdb backend account record must be editted using the appropriate tool (pdbedit on the
command-line, or any other locally provided system tool.
Note that this option is only useful if Samba is set up as a domain controller.
Disable the use of roaming profiles by setting the value of this parameter to the empty string. For example, logon path = "". Take note that even
if the default setting in the smb.conf file is the empty string, any value specified in the user account settings in the passdb backend will over-ride
the effect of setting this parameter to null. Disabling of all roaming profile use requires that the user account settings must also be blank.
An example of use is:
logon path = \\PROFILESERVER\PROFILE\%U
Default: logon path = \\%N\%U\profile
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
