UCS 2.4 - Univention
UCS 2.4 - Univention
UCS 2.4 - Univention
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
8.4.5.4 Profile directory<br />
8.4 Extended Configuration<br />
The user profile for the Windows user interface is stored in the profile directory. In the Samba<br />
configuration there is the parameter logon path, which under <strong>UCS</strong> is by default resolved to<br />
\\\\windows-profiles\.<br />
This directory is also used for storing the files which the user saves under Windows in the My documents<br />
folder. Initially, these files are stored locally on the Windows computer; they are only stored on the drive of<br />
the Samba server after the user has logged out of Windows.<br />
The <strong>Univention</strong> Configuration Registry variable samba/profileserver can be used for specifying a<br />
different server, the variable samba/profilepath for defining a different directory for logon path.<br />
A different path or server for the user’s profile directory can be configured in the Windows Profile Path<br />
entry field of <strong>Univention</strong> Directory Manager Example: \\ucs-file-server\meier\profiles\winXP.<br />
If the path is changed at a later date, then a new profile directory will be created. The data in the old profile<br />
directory will be kept. These data can be manually copied or moved to the new profile directory. Finally,<br />
the old profile directory can be deleted.<br />
Profiles stored on the server can be deactivated by setting the <strong>Univention</strong> Configuration Registry variables<br />
samba/profilepath and samba/profileserver to local. The Samba service has to be restarted<br />
after this procedure.<br />
If further BDCs should be used alongside the PDC, this setting must also be performed on other systems.<br />
8.4.5.5 Relative ID<br />
All users, groups and processors within a Windows domain have a security ID (SID) consisting of two<br />
parts. The first part is identical for all users and groups of the domain, and different from those of other<br />
domains. The second part is used for distinguishing the users and groups within the domain. This part<br />
is called relative ID (RID). Thus the overall SID is unique for each object. The RIDs from 0 to 999 are<br />
reserved for standard groups and similar special objects.<br />
8.4.5.6 Password characteristics for Windows clients<br />
In <strong>Univention</strong> Directory Manager, specifications for user passwords can be defined regarding minimum<br />
length, password quality and password history, via the policy Password. These presettings have an<br />
indirect influence on passwords changed under Windows.<br />
The background: Samba accepts password changes made by Windows clients, and passes them on to<br />
the <strong>Univention</strong> Directory Manager. In <strong>Univention</strong> Directory Manager the policy Password is analysed;<br />
if the policy is violated, say by a password consisting of too few characters, then the password change<br />
is rejected. Samba returns to the Windows client the message: You are not authorised to change the<br />
password.<br />
To make it possible for Samba to return meaningful error messages to the client, some settings regarding<br />
password properties can be made in the Samba configuration.<br />
199