Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 01-31-2004, 07:39 AM   #1
LQ Newbie
Registered: Jan 2004
Location: Slovenia
Distribution: Mandrake
Posts: 6

Rep: Reputation: 0
Question Group Policies, Mandatory Profiles (Win9x) and Samba


I am using Samba (2.2.7a) as PDC on Mandrake 9.1 and the clients are Windows 95 & 98 machines.

I have created 3 groups in Linux: "students", "teachers" and "smbadmin". When user logs on with his username and password (everyone has his individual user. and pass.), then according to the group to which he belongs to, logon script is being executed. (logon script = %g.bat)

Is it possible, to limit user permissions, what can they do and what cant, on the basis of groups, to which they belong to? "Students" and "teachers" for example would have disabled Control Panel, modifyed Start menu etc., while the users in "smbadmin" could use the system normaly if any changes (installing new programs & such) would be necessiry.

Any help would be very much appreciated and i will post the whole thing in a ZIP file, when it will be finished and ready for use.

Here is also my smb.conf file (just global, netlogon, homes) and one logon script:


workgroup = dssl
server string = server
interfaces =
hosts allow = 192.168. 127.
client code page = 852
character set = ISO8859-2

security = user
os level = 256
domain logons = yes
local master = yes
domain master = yes
preferred master = yes
wins support = yes
dns proxy = yes

encrypt passwords = yes
passwd program = /usr/bin/passwd %u
smb passwd file = /etc/samba/smbpasswd
passwd chat = *new password* %n\n *new password* %n\n *success*
unix password sync = yes

logon script = %g.bat
logon home = \\%L\%U\.profile9x
logon path = \\%L\%U\.profilent

log level = 0
log file = /var/log/samba/%m.samba.log
max log size = 1000
debug timestamp = yes

locking = no
hide dot files = yes
case sensitive = no
keepalive = 150
username level = 8

time server = yes
dos filetime resolution = yes
dos filetimes = yes

comment = The domain logon service
path = /etc/samba/netlogon
public = no
writable = no
browsable = no
read only = no
create mask = 0777
admin users = @smbadmin

comment = Od %u domac direktorij
browsable = no
valid users = %S
writable = yes
create mask = 0644
directory mask = 0775

valid users = @students @teachers @smbadmin
admin users = @smbadmin

Logon script (students.bat)

net time \\server /set /yes

net use m: /home
net use n: \\server\students
net use o: \\server\everyone

Last edited by pirx; 02-03-2004 at 02:55 AM.
Old 01-31-2004, 11:26 AM   #2
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
Welcome to LQ.

You should be able to use the windows policy editor to choose what permissions users get. Unfortunately some settings require you to logout before the changes occur.
Old 01-31-2004, 12:40 PM   #3
LQ Newbie
Registered: Jan 2004
Location: Slovenia
Distribution: Mandrake
Posts: 6

Original Poster
Rep: Reputation: 0
Thanks for replying and welcoming me

So, it IS possible I was not quite sure about this. Anyway, I also found this useful page:

I have a feeling that things will not go as planned already from the beginning so Ill be around


Last edited by pirx; 01-31-2004 at 01:03 PM.
Old 02-03-2004, 02:54 AM   #4
LQ Newbie
Registered: Jan 2004
Location: Slovenia
Distribution: Mandrake
Posts: 6

Original Poster
Rep: Reputation: 0
I have read what useful options Mandatory Profiles have (customized desktop, shortcuts, start menu and nobody can change/delete them) and Im wondering, if this is the way to create one:

When a user logs in for the first time, Windows informs you about that and asks if it should keep the user settings. After clicking on Yes , profile is being created on the server side: /home/[usernname]/profiles9x

The problem is, I have not found the user.dat in that directory. What was i doing wrong? And even if i would found it, should I rename the user.dat to in Linux or in Windows?

And when I create a profile, with which im pleased, can I copy it to the /etc/skel? As I have understood, every new user im going to create in Linux, he will get the profile settings in his home directory from this location.

Any help is apprechiated

Last edited by pirx; 02-05-2004 at 11:12 AM.
Old 02-05-2004, 11:15 AM   #5
LQ Newbie
Registered: Jan 2004
Location: Slovenia
Distribution: Mandrake
Posts: 6

Original Poster
Rep: Reputation: 0


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Managing user Accounts with Group Policies, LDAP AdamSBS Linux - Software 2 08-24-2005 09:10 PM
Group Policies on samba mikepengelly Linux - Networking 3 08-25-2004 10:52 PM
Samba and Win98 Group Policies MurrayL Linux - Software 1 08-20-2004 08:09 AM
How can apply group policies on windows clients from Linux Server linuxeagle Linux - Networking 5 11-17-2003 11:21 AM
How can i use group policies using samba linuxeagle Linux - Networking 0 11-13-2003 12:04 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:51 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration