# Samba+ldap+ldapsam:editposix can't disable roaming profiles



## kisscool-fr (Dec 9, 2011)

Hi,

I have a litte issue i can't find the fix. I'll try to expose the problem. 

Samba 3.4.14 is working on FreeBSD 8.2R amd64 as a primary domain controller with ldap backend and with ldapsam:editposix activated. All is managed by srvtools. 
The config is working fine except when i want to put a null profile path for a user. 

My default parameter for logon path is \\%L\profils\%U which is good for a lot of users. I just want to disable roaming profiles for some users and to do this, I use pdbedit like that :


```
pdbedit -r -u -p '' myuser
```

But can't change the value. The output always says :


```
Profile Path:         \\mysrv\profils\myuser
```

which is the default smb.conf profile path parameter.

Once connected to a client as a Domain Administrator, if I list user's informations with [CMD=""]net /domain user myuser[/CMD] it also says the user profile path is \\mysrv\profils\myuser. The same thing if I view user's informations with usrmgr.exe. 

If I ask the ldap server directly the output is ok, because there is no sambaProfilePath: line.

I have found an article here which talks about the problem but with tdb database. I tried what he said to be sure but it doesn't work. The output for net and usermgr.exe is good because it marks the user profile path as null but pdbedit still show profile path as \\mysrv\profils\myuser and user profile is updated at each logon and logoff. 

So my question is, does anybody have already encountered this issue and the most important is, have you solved it?
I am looking on the web but can't find anything helpful.

Thanks,


----------



## kisscool-fr (Dec 14, 2011)

There is really nobody that have a suggestion? :\


Ok, so I investigated more and found a dirty hack. 

The idea is to put an empty logon path in smb.conf 


```
logon path              =
```

and to change user's informations at user's logon with a root preexec script. I put the script in [home] shares like that: 


```
[home] 
... 
root preexec            = /bin/sh -c "if ! ( test -d %H ); then mkdir -m 700 -p %H; chown %U:%G %H; pdbedit -r -u %U -p=\"\\\\\\\\%L\\profils\\%U\"; fi;"
```

After that, we can disable roaming profiles for users with the next command:


```
# pdbedit -r -u test5 -p '' 
... 
Profile Path:
```

It works, but new users need to connect twice to their accounts to make modifications effective. And for old users, the modifications need to be made by hand :\

That's why I want to find a something cleaner. Any ideas?


----------

