Mixing Roaming and Local Profiles in Samba 3
can be configured to be a
Primary Domain Controller for Windows Networks. This is extremely useful
for scalability. Out of the box, however, Samba's configuration file, the
only supports global profile types. This
means that all
authenticated accounts will be local profiles or
There are benefits to both types of profiles. Additionally, it's
perfectly normal to expect both kinds on the same domain at a given
time. Configuring this to simply work, however, is not so
Configuration, Includes, Mailing Lists, and RageTo potentially overcome this problem, Samba's configuration allows the
use of "include" files in its configuration. This means that it will
read some of its configuration from another file. Combined with
Samba's macro expander, this should have solved the problem. The macro
expander can replace parts of text with user-specified text on the fly.
For example, it replaces %U with the username of the current
session. If we were to specify
include = smb.%U.conf,
we should be able to override settings on a per-user basis.
For some people, this apparently works. If so, congratulations!
Unfortunately for us, this seemingly simple configuration had no useful
effect. From log output, we could see where it would parse the file,
but we could never get it to correctly reassign configuration
parameters. We also discovered a few arrangements that get Samba's
config parser confused.
Looking for more help, we joined the Samba mailing list. We posted. We
searched the archives. We discovered that most, if not all, questions
regarding mixed profile usage go completely unaddressed. At this point,
anger began to take charge.
pdbedit - The Solution
Looking at what we had to work with, a small tool,
was observed. It comes with Samba. Combined with a
password database, we
discovered that Samba also keeps some configuration settings in its
password database. This only applies for
, and probably not for
One of the configuration settings kept in
database was the user's profile path. This, of course, is the
configuration setting required to make a profile local, or roaming.
Using pdbedit to Fix Profiles
To see what is stored about a user in the password database, use
pdbedit -L -v [username]
You'll see a lot of information: username, NT username, SID stuff, Domain
setting stuff, and also Profile Path. This is set if the profile is
roaming. it is blank if the profile is local. Leaving Profile Path
, and allowing
override it here is probably the best option.
can be given some commands to override the user's
profile path. To set the user's Profile Path with
, use this:
pdbedit -p=[profile path] [username]
If you want to clear the profile path, just use
nothing after the equal sign.
ResultsThis method of solving the mixed-profile problem seems to have come
without a hitch. It seems too simple too. It's a wonder that most of
those mailing list people don't get replied to. This got us out of a
bind, and hopefully it will help someone else out too.
Samba can, in fact, do what you want it to. Sometimes you just have to
trick it into doing it :)