[K12OSN] disable roaming profiles samba/ldap

Doug Simpson veewee77 at alltel.net
Tue Jan 10 18:22:41 UTC 2006


Rita Gibson wrote:

>
>>>>>> I have a samba/ldap server doing my authentication and storing home
>>>>>> directories as well as roaming profiles. How do I disable roaming
>>>>>> profiles
>>>>>> (setup on core 3 using the smbldap-installer script)? This server 
>>>>>> has
>>>>>> been
>>>>>> running for almost a year now can I just simply disable roaming
>>>>>
>>>>
>>>>
>>>> profiles
>>>>
>>>>>> without it affecting the server? Thanks for the help.
>>>>>
>>
>>
>>  >>cant you simply edit oout the roamaing profiles portion of 
>> smb.conf..?
>>  >>chuck
>>  >>
>>
>>>>> We have roaming profiles too, and I'd love to learn how to disable 
>>>>> them!
>>>>>   They are kind of a "legacy" from the W2K server we had years ago.
>>>>>
>>>
>>> I was thinking that you could comment out the profile section in 
>>> smb.conf.
>>> I am not an expert and did not know if this would cause any problems. I
>>> really need to know what to do as profiles are a problem with network
>>> traffic. I was hoping there was an easy way to do this but with few
>>> responses I now don't think it is. Any help is appreciated. Thanks
>>>
>>
>> I guess I could test it today, with no one in the building I could 
>> put it back if it doesn't work, right?
>>
>> Rita Gibson
>
>
> I decided not to attempt this. Our technology teacher reminded me that 
> we had issues when we tried this a couple of years ago. The windows 
> machine would give us an error saying unable to log on with the user's 
> profile give the user a choice of logging on with a temporary profile 
> for this session.
>
> I tried to change the profiles on the machines from roaming to local 
> but that didn't seem to work. I have Doug Simpson's email with his 
> solution:
>
> <begin snip>
>
> First off, the samba server that has the domain that the students 
> login on
> from student-use computers has the profiles in a different location than
> the user's home directory, which is the default location. The profiles
> have their own share on the server.  The share is set up with root 
> preexec
> and post exec that creates the profile location on login and deletes the
> profile location on logout for the user. Samba sets up the profile
> location before it turns it over to Windows on login.  Windows sets up 
> the
> profile, and the user keeps it as long as they are logged in.  Once they
> logout, and after winders has written the profile and lets go of the
> share, the post exec deletes the profile directory.  Windows is happy
> because it wrote the profile successfully, and then the server gets happy
> because it cleared up the space wasted by the profiles.
>
> On the student-access computers, we run DriveShield which is similar to
> DeepFreeze and other lockdown software. The machines are set up and a
> default profile is created that contains everything the student's need 
> for
> that computer. Then the computer is locked down.  Unchangeable.
>
> When a student logs in on that computer, they have no profile, so winders
> gets a copy of the default profile, which is minimal to begin with, and
> gives it to the student.  A copy is also written to the hard drive on
> the computer. But when the student logs off, it is deleted from the
> server, and then next time the computer is rebooted, that profile is 
> wiped
> from the computer.
>
> So, there is no drive space wasted on either the server or the computer
> for student access computers.
>
> The domain that teachers log into is different than the domain the
> students login to.  Students can't use teacher's computers (security 
> risk)
> because their login will not work on them.  Teacher's logins will not 
> work
> on student computers, either, but they don't need to anyway. Teachers 
> have
> access to all student's home directories no matter what computer they are
> using.
>
> <end snip>
>
> The first time I read it, I didn't really understand exactly what I 
> need to do, but I intend to read this again, and see if I can't figure 
> it out.
>
> Anyone else out there solve this issue?
>
> Rita Gibson
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
Rita, if you need specific details, please let me know.  I will be happy 
to show you how this was all set up.  It was actually pretty easy, and 
can be done in a pretty much "on the fly" manner.  It would be best to 
actually do the cut over when there isn't anyone logged in, but I have 
changed them on the fly and so far it has created no issues.  Just 
remember that if users save things in My Documents, they will be deleted 
with their profile.  They will eventually learn to save to their home 
directory instead of My Documents (our's did!).

Doug




More information about the K12OSN mailing list