Hello!

I am using Samba (2.2.7a) as PDC on Mandrake 9.1 and the clients are Windows 95 & 98 machines.

I have created 3 groups in Linux: "students", "teachers" and "smbadmin". When user logs on with his username and password (everyone has his individual user. and pass.), then according to the group to which he belongs to, logon script is being executed. (logon script = %g.bat)

Is it possible, to limit user permissions, what can they do and what cant, on the basis of groups, to which they belong to? "Students" and "teachers" for example would have disabled Control Panel, modifyed Start menu etc., while the users in "smbadmin" could use the system normaly if any changes (installing new programs & such) would be necessiry.

Any help would be very much appreciated and i will post the whole thing in a ZIP file, when it will be finished and ready for use.

Here is also my smb.conf file (just global, netlogon, homes) and one logon script:

smb.conf

[global]
workgroup = dssl
server string = server
interfaces = 192.168.0.2/32
hosts allow = 192.168. 127.
client code page = 852
character set = ISO8859-2

security = user
os level = 256
domain logons = yes
local master = yes
domain master = yes
preferred master = yes
wins support = yes
dns proxy = yes

encrypt passwords = yes
passwd program = /usr/bin/passwd %u
smb passwd file = /etc/samba/smbpasswd
passwd chat = *new password* %n\n *new password* %n\n *success*
unix password sync = yes

logon script = %g.bat
logon home = \\%L\%U\.profile9x
logon path = \\%L\%U\.profilent

log level = 0
log file = /var/log/samba/%m.samba.log
max log size = 1000
debug timestamp = yes

socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
locking = no
hide dot files = yes
case sensitive = no
keepalive = 150
username level = 8

time server = yes
dos filetime resolution = yes
dos filetimes = yes

[netlogon]
comment = The domain logon service
path = /etc/samba/netlogon
public = no
writable = no
browsable = no
read only = no
create mask = 0777
admin users = @smbadmin

[homes]
comment = Od %u domac direktorij
browsable = no
valid users = %S
writable = yes
create mask = 0644
directory mask = 0775

valid users = @students @teachers @smbadmin
admin users = @smbadmin


Logon script (students.bat)

net time \\server /set /yes

net use m: /home
net use n: \\server\students
net use o: \\server\everyone

Welcome to LQ.

You should be able to use the windows policy editor to choose what permissions users get. Unfortunately some settings require you to logout before the changes occur.

Thanks for replying and welcoming me

So, it IS possible I was not quite sure about this. Anyway, I also found this useful page:

http://www.microsoft.com/technet/tre...rt2/wrkc08.asp

I have a feeling that things will not go as planned already from the beginning so I´ll be around

Seeya

I have read what useful options Mandatory Profiles have (customized desktop, shortcuts, start menu and nobody can change/delete them) and I´m wondering, if this is the way to create one:

When a user logs in for the first time, Windows informs you about that and asks if it should keep the user settings. After clicking on Yes , profile is being created on the server side: /home/[usernname]/profiles9x

The problem is, I have not found the user.dat in that directory. What was i doing wrong? And even if i would found it, should I rename the user.dat to user.man in Linux or in Windows?

And when I create a profile, with which im pleased, can I copy it to the /etc/skel? As I have understood, every new user im going to create in Linux, he will get the profile settings in his home directory from this location.

Any help is apprechiated

anyone?