Group Policies, Mandatory Profiles (Win9x) and Samba
Hello!
I am using Samba (2.2.7a) as PDC on Mandrake 9.1 and the clients are Windows 95 & 98 machines. I have created 3 groups in Linux: "students", "teachers" and "smbadmin". When user logs on with his username and password (everyone has his individual user. and pass.), then according to the group to which he belongs to, logon script is being executed. (logon script = %g.bat) Is it possible, to limit user permissions, what can they do and what cant, on the basis of groups, to which they belong to? "Students" and "teachers" for example would have disabled Control Panel, modifyed Start menu etc., while the users in "smbadmin" could use the system normaly if any changes (installing new programs & such) would be necessiry. Any help would be very much appreciated :) and i will post the whole thing in a ZIP file, when it will be finished and ready for use. Here is also my smb.conf file (just global, netlogon, homes) and one logon script: smb.conf [global] workgroup = dssl server string = server interfaces = 192.168.0.2/32 hosts allow = 192.168. 127. client code page = 852 character set = ISO8859-2 security = user os level = 256 domain logons = yes local master = yes domain master = yes preferred master = yes wins support = yes dns proxy = yes encrypt passwords = yes passwd program = /usr/bin/passwd %u smb passwd file = /etc/samba/smbpasswd passwd chat = *new password* %n\n *new password* %n\n *success* unix password sync = yes logon script = %g.bat logon home = \\%L\%U\.profile9x logon path = \\%L\%U\.profilent log level = 0 log file = /var/log/samba/%m.samba.log max log size = 1000 debug timestamp = yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 locking = no hide dot files = yes case sensitive = no keepalive = 150 username level = 8 time server = yes dos filetime resolution = yes dos filetimes = yes [netlogon] comment = The domain logon service path = /etc/samba/netlogon public = no writable = no browsable = no read only = no create mask = 0777 admin users = @smbadmin [homes] comment = Od %u domac direktorij browsable = no valid users = %S writable = yes create mask = 0644 directory mask = 0775 valid users = @students @teachers @smbadmin admin users = @smbadmin Logon script (students.bat) net time \\server /set /yes net use m: /home net use n: \\server\students net use o: \\server\everyone |
Welcome to LQ.
You should be able to use the windows policy editor to choose what permissions users get. Unfortunately some settings require you to logout before the changes occur. |
Thanks for replying and welcoming me :)
So, it IS possible :) I was not quite sure about this. Anyway, I also found this useful page: http://www.microsoft.com/technet/tre...rt2/wrkc08.asp I have a feeling that things will not go as planned already from the beginning so I´ll be around ;) Seeya |
I have read what useful options Mandatory Profiles have (customized desktop, shortcuts, start menu and nobody can change/delete them) and I´m wondering, if this is the way to create one:
When a user logs in for the first time, Windows informs you about that and asks if it should keep the user settings. After clicking on Yes , profile is being created on the server side: /home/[usernname]/profiles9x The problem is, I have not found the user.dat in that directory. What was i doing wrong? And even if i would found it, should I rename the user.dat to user.man in Linux or in Windows? And when I create a profile, with which im pleased, can I copy it to the /etc/skel? As I have understood, every new user im going to create in Linux, he will get the profile settings in his home directory from this location. Any help is apprechiated :) |
anyone? :)
|
All times are GMT -5. The time now is 12:03 PM. |