[K12OSN] disable roaming profiles samba/ldap

Brian Chivers brian at portsmouth-college.ac.uk
Tue Jan 10 21:21:11 UTC 2006 

Doug Simpson wrote:
> Rita Gibson wrote:
> 
>>
>>>>>>> I have a samba/ldap server doing my authentication and storing home
>>>>>>> directories as well as roaming profiles. How do I disable roaming
>>>>>>> profiles
>>>>>>> (setup on core 3 using the smbldap-installer script)? This server 
>>>>>>> has
>>>>>>> been
>>>>>>> running for almost a year now can I just simply disable roaming
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> profiles
>>>>>
>>>>>>> without it affecting the server? Thanks for the help.
>>>>>>
>>>>>>
>>>
>>>
>>>  >>cant you simply edit oout the roamaing profiles portion of 
>>> smb.conf..?
>>>  >>chuck
>>>  >>
>>>
>>>>>> We have roaming profiles too, and I'd love to learn how to disable 
>>>>>> them!
>>>>>>   They are kind of a "legacy" from the W2K server we had years ago.
>>>>>>
>>>>
>>>> I was thinking that you could comment out the profile section in 
>>>> smb.conf.
>>>> I am not an expert and did not know if this would cause any problems. I
>>>> really need to know what to do as profiles are a problem with network
>>>> traffic. I was hoping there was an easy way to do this but with few
>>>> responses I now don't think it is. Any help is appreciated. Thanks
>>>>
>>>
>>> I guess I could test it today, with no one in the building I could 
>>> put it back if it doesn't work, right?
>>>
>>> Rita Gibson
>>
>>
>>
>> I decided not to attempt this. Our technology teacher reminded me that 
>> we had issues when we tried this a couple of years ago. The windows 
>> machine would give us an error saying unable to log on with the user's 
>> profile give the user a choice of logging on with a temporary profile 
>> for this session.
>>
>> I tried to change the profiles on the machines from roaming to local 
>> but that didn't seem to work. I have Doug Simpson's email with his 
>> solution:
>>
>> <begin snip>
>>
>> First off, the samba server that has the domain that the students 
>> login on
>> from student-use computers has the profiles in a different location than
>> the user's home directory, which is the default location. The profiles
>> have their own share on the server.  The share is set up with root 
>> preexec
>> and post exec that creates the profile location on login and deletes the
>> profile location on logout for the user. Samba sets up the profile
>> location before it turns it over to Windows on login.  Windows sets up 
>> the
>> profile, and the user keeps it as long as they are logged in.  Once they
>> logout, and after winders has written the profile and lets go of the
>> share, the post exec deletes the profile directory.  Windows is happy
>> because it wrote the profile successfully, and then the server gets happy
>> because it cleared up the space wasted by the profiles.
>>
>> On the student-access computers, we run DriveShield which is similar to
>> DeepFreeze and other lockdown software. The machines are set up and a
>> default profile is created that contains everything the student's need 
>> for
>> that computer. Then the computer is locked down.  Unchangeable.
>>
>> When a student logs in on that computer, they have no profile, so winders
>> gets a copy of the default profile, which is minimal to begin with, and
>> gives it to the student.  A copy is also written to the hard drive on
>> the computer. But when the student logs off, it is deleted from the
>> server, and then next time the computer is rebooted, that profile is 
>> wiped
>> from the computer.
>>
>> So, there is no drive space wasted on either the server or the computer
>> for student access computers.
>>
>> The domain that teachers log into is different than the domain the
>> students login to.  Students can't use teacher's computers (security 
>> risk)
>> because their login will not work on them.  Teacher's logins will not 
>> work
>> on student computers, either, but they don't need to anyway. Teachers 
>> have
>> access to all student's home directories no matter what computer they are
>> using.
>>
>> <end snip>
>>
>> The first time I read it, I didn't really understand exactly what I 
>> need to do, but I intend to read this again, and see if I can't figure 
>> it out.
>>
>> Anyone else out there solve this issue?
>>
>> Rita Gibson
>>
>> _______________________________________________
>> K12OSN mailing list
>> K12OSN at redhat.com
>> https://www.redhat.com/mailman/listinfo/k12osn
>> For more info see <http://www.k12os.org>
>>
> Rita, if you need specific details, please let me know.  I will be happy 
> to show you how this was all set up.  It was actually pretty easy, and 
> can be done in a pretty much "on the fly" manner.  It would be best to 
> actually do the cut over when there isn't anyone logged in, but I have 
> changed them on the fly and so far it has created no issues.  Just 
> remember that if users save things in My Documents, they will be deleted 
> with their profile.  They will eventually learn to save to their home 
> directory instead of My Documents (our's did!).
> 
> Doug
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>

Why not just alter the location of My Documents at login ? Really quite 
easy to do with a login script to alter location of things like cookies 
as well.

I'm not around tomorrow but if you's like to know more drop me a mail 
offlist.

Brian Chivers

---------------------------------------------------------------
    The views expressed here are my own and not necessarily 
                the views of Portsmouth College

More information about the K12OSN mailing list