In Windows 95 and NT, each user can have his or her own
profile. A profile bundles information such as: the appearance of a user's desktop, the applications that appear on the start menus, the background, and other miscellaneous items. If the profile is stored on a local disk, it's called a
local profile, since it describes what a user's environment is like on one machine. If the profile is stored on a server, on the other hand, the user can download the same profile to any client machine that is connected to the server. The latter is called a
roaming profile because the user can roam around from machine to machine and still use the same profile. This makes it particularly convenient when someone might be logging in from his or her desk one day and from a portable in the field the next.
Figure 6.6 illustrates local and roaming profiles.
Samba will provide roaming profiles if it is configured for domain logons and you provide a tree of directories pointed to by the
logon
path option. This option is typically used with one of the user variables, as shown in this example:
[global]
domain logons = yes
security = user
workgroup = SIMPLE
os level = 34
local master = yes
preferred master = yes
domain master = yes
logon path = \\hydra\profile\%U
We need to create a new share to support the profiles, which is a basic disk share accessible only by the Samba process' user (
root). This share must be writeable, but should not be browseable. In addition, we must create a directory for each user who wishes to log on (based on how we specified our
logon
path in the example above), which is accessible only by that user. For an added measure of security, we use the
directory
mode and
create
mode options to keep anyone who connects to it from viewing or altering the files created in those directories:
[profile]
comment = User profiles
path = /export/samba/profile
create mode = 0600
directory mode = 0700
writable = yes
browsable = no
Once a user initially logs on, the Windows client will create a
user.dat or
ntuser.dat file - depending on which operating system the client is running. The client then uploads the contents of the desktop, the Start Menu, the Network Neighborhood, and the programs folders in individual folders in the directory. When the user subsequently logs on, those contents will be downloaded from the server and activated for the client machine with which the user is logging on. When he or she logs off, those contents will be uploaded back on the server until the next time the user connects. If you look at the directory listing of a profile folder, you'll see the following:
# ls -al
total 321
drwxrwxr-x 9 root simple Jul 21 20:44 .
drwxrwxr-x 4 root simple Jul 22 14:32 ..
drwxrwx--- 3 fred develope Jul 12 07:15 Application Data
drwxrwx--- 3 fred develope Jul 12 07:15 Start Menu
drwxrwx--- 2 fred develope Jul 12 07:15 cookies
drwxrwx--- 2 fred develope Jul 12 07:15 desktop
drwxrwx--- 7 fred develope Jul 12 07:15 history
drwxrwx--- 2 fred develope Jul 12 07:15 nethood
drwxrwx--- 2 fred develope Jul 19 21:05 recent
-rw------- 1 fred develope Jul 21 21:59 user.dat
The
user.dat files are binary configuration files, created automatically by Windows. They can be edited with the Profile Editor on a Windows client, but they can be somewhat tricky to get correct. Samba supports them correctly for all clients up to NT 5.0 beta, but they're still relatively new
.
Hints and HOWTOs for handling logon scripts are available in the Samba documentation tree, in both
docs/textdocs/DOMAIN.txt and
docs/textdocs/PROFILES.txt.
