[K12OSN] disable roaming profiles samba/ldap
Brian Chivers
brian at portsmouth-college.ac.uk
Tue Jan 10 21:21:11 UTC 2006
Doug Simpson wrote:
> Rita Gibson wrote:
>
>>
>>>>>>> I have a samba/ldap server doing my authentication and storing home
>>>>>>> directories as well as roaming profiles. How do I disable roaming
>>>>>>> profiles
>>>>>>> (setup on core 3 using the smbldap-installer script)? This server
>>>>>>> has
>>>>>>> been
>>>>>>> running for almost a year now can I just simply disable roaming
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> profiles
>>>>>
>>>>>>> without it affecting the server? Thanks for the help.
>>>>>>
>>>>>>
>>>
>>>
>>> >>cant you simply edit oout the roamaing profiles portion of
>>> smb.conf..?
>>> >>chuck
>>> >>
>>>
>>>>>> We have roaming profiles too, and I'd love to learn how to disable
>>>>>> them!
>>>>>> They are kind of a "legacy" from the W2K server we had years ago.
>>>>>>
>>>>
>>>> I was thinking that you could comment out the profile section in
>>>> smb.conf.
>>>> I am not an expert and did not know if this would cause any problems. I
>>>> really need to know what to do as profiles are a problem with network
>>>> traffic. I was hoping there was an easy way to do this but with few
>>>> responses I now don't think it is. Any help is appreciated. Thanks
>>>>
>>>
>>> I guess I could test it today, with no one in the building I could
>>> put it back if it doesn't work, right?
>>>
>>> Rita Gibson
>>
>>
>>
>> I decided not to attempt this. Our technology teacher reminded me that
>> we had issues when we tried this a couple of years ago. The windows
>> machine would give us an error saying unable to log on with the user's
>> profile give the user a choice of logging on with a temporary profile
>> for this session.
>>
>> I tried to change the profiles on the machines from roaming to local
>> but that didn't seem to work. I have Doug Simpson's email with his
>> solution:
>>
>> <begin snip>
>>
>> First off, the samba server that has the domain that the students
>> login on
>> from student-use computers has the profiles in a different location than
>> the user's home directory, which is the default location. The profiles
>> have their own share on the server. The share is set up with root
>> preexec
>> and post exec that creates the profile location on login and deletes the
>> profile location on logout for the user. Samba sets up the profile
>> location before it turns it over to Windows on login. Windows sets up
>> the
>> profile, and the user keeps it as long as they are logged in. Once they
>> logout, and after winders has written the profile and lets go of the
>> share, the post exec deletes the profile directory. Windows is happy
>> because it wrote the profile successfully, and then the server gets happy
>> because it cleared up the space wasted by the profiles.
>>
>> On the student-access computers, we run DriveShield which is similar to
>> DeepFreeze and other lockdown software. The machines are set up and a
>> default profile is created that contains everything the student's need
>> for
>> that computer. Then the computer is locked down. Unchangeable.
>>
>> When a student logs in on that computer, they have no profile, so winders
>> gets a copy of the default profile, which is minimal to begin with, and
>> gives it to the student. A copy is also written to the hard drive on
>> the computer. But when the student logs off, it is deleted from the
>> server, and then next time the computer is rebooted, that profile is
>> wiped
>> from the computer.
>>
>> So, there is no drive space wasted on either the server or the computer
>> for student access computers.
>>
>> The domain that teachers log into is different than the domain the
>> students login to. Students can't use teacher's computers (security
>> risk)
>> because their login will not work on them. Teacher's logins will not
>> work
>> on student computers, either, but they don't need to anyway. Teachers
>> have
>> access to all student's home directories no matter what computer they are
>> using.
>>
>> <end snip>
>>
>> The first time I read it, I didn't really understand exactly what I
>> need to do, but I intend to read this again, and see if I can't figure
>> it out.
>>
>> Anyone else out there solve this issue?
>>
>> Rita Gibson
>>
>> _______________________________________________
>> K12OSN mailing list
>> K12OSN at redhat.com
>> https://www.redhat.com/mailman/listinfo/k12osn
>> For more info see <http://www.k12os.org>
>>
> Rita, if you need specific details, please let me know. I will be happy
> to show you how this was all set up. It was actually pretty easy, and
> can be done in a pretty much "on the fly" manner. It would be best to
> actually do the cut over when there isn't anyone logged in, but I have
> changed them on the fly and so far it has created no issues. Just
> remember that if users save things in My Documents, they will be deleted
> with their profile. They will eventually learn to save to their home
> directory instead of My Documents (our's did!).
>
> Doug
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
Why not just alter the location of My Documents at login ? Really quite
easy to do with a login script to alter location of things like cookies
as well.
I'm not around tomorrow but if you's like to know more drop me a mail
offlist.
Brian Chivers
---------------------------------------------------------------
The views expressed here are my own and not necessarily
the views of Portsmouth College
More information about the K12OSN
mailing list