[K12OSN] disable roaming profiles samba/ldap

Doug Simpson veewee77 at alltel.net
Tue Jan 10 22:14:59 UTC 2006 

Brian Chivers wrote:

> Doug Simpson wrote:
>
>> Rita Gibson wrote:
>>
>>>
>>>>>>>> I have a samba/ldap server doing my authentication and storing 
>>>>>>>> home
>>>>>>>> directories as well as roaming profiles. How do I disable roaming
>>>>>>>> profiles
>>>>>>>> (setup on core 3 using the smbldap-installer script)? This 
>>>>>>>> server has
>>>>>>>> been
>>>>>>>> running for almost a year now can I just simply disable roaming
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> profiles
>>>>>>
>>>>>>>> without it affecting the server? Thanks for the help.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>
>>>>
>>>>  >>cant you simply edit oout the roamaing profiles portion of 
>>>> smb.conf..?
>>>>  >>chuck
>>>>  >>
>>>>
>>>>>>> We have roaming profiles too, and I'd love to learn how to 
>>>>>>> disable them!
>>>>>>>   They are kind of a "legacy" from the W2K server we had years ago.
>>>>>>>
>>>>>
>>>>> I was thinking that you could comment out the profile section in 
>>>>> smb.conf.
>>>>> I am not an expert and did not know if this would cause any 
>>>>> problems. I
>>>>> really need to know what to do as profiles are a problem with network
>>>>> traffic. I was hoping there was an easy way to do this but with few
>>>>> responses I now don't think it is. Any help is appreciated. Thanks
>>>>>
>>>>
>>>> I guess I could test it today, with no one in the building I could 
>>>> put it back if it doesn't work, right?
>>>>
>>>> Rita Gibson
>>>
>>>
>>>
>>>
>>> I decided not to attempt this. Our technology teacher reminded me 
>>> that we had issues when we tried this a couple of years ago. The 
>>> windows machine would give us an error saying unable to log on with 
>>> the user's profile give the user a choice of logging on with a 
>>> temporary profile for this session.
>>>
>>> I tried to change the profiles on the machines from roaming to local 
>>> but that didn't seem to work. I have Doug Simpson's email with his 
>>> solution:
>>>
>>> <begin snip>
>>>
>>> First off, the samba server that has the domain that the students 
>>> login on
>>> from student-use computers has the profiles in a different location 
>>> than
>>> the user's home directory, which is the default location. The profiles
>>> have their own share on the server.  The share is set up with root 
>>> preexec
>>> and post exec that creates the profile location on login and deletes 
>>> the
>>> profile location on logout for the user. Samba sets up the profile
>>> location before it turns it over to Windows on login.  Windows sets 
>>> up the
>>> profile, and the user keeps it as long as they are logged in.  Once 
>>> they
>>> logout, and after winders has written the profile and lets go of the
>>> share, the post exec deletes the profile directory.  Windows is happy
>>> because it wrote the profile successfully, and then the server gets 
>>> happy
>>> because it cleared up the space wasted by the profiles.
>>>
>>> On the student-access computers, we run DriveShield which is similar to
>>> DeepFreeze and other lockdown software. The machines are set up and a
>>> default profile is created that contains everything the student's 
>>> need for
>>> that computer. Then the computer is locked down.  Unchangeable.
>>>
>>> When a student logs in on that computer, they have no profile, so 
>>> winders
>>> gets a copy of the default profile, which is minimal to begin with, and
>>> gives it to the student.  A copy is also written to the hard drive on
>>> the computer. But when the student logs off, it is deleted from the
>>> server, and then next time the computer is rebooted, that profile is 
>>> wiped
>>> from the computer.
>>>
>>> So, there is no drive space wasted on either the server or the computer
>>> for student access computers.
>>>
>>> The domain that teachers log into is different than the domain the
>>> students login to.  Students can't use teacher's computers (security 
>>> risk)
>>> because their login will not work on them.  Teacher's logins will 
>>> not work
>>> on student computers, either, but they don't need to anyway. 
>>> Teachers have
>>> access to all student's home directories no matter what computer 
>>> they are
>>> using.
>>>
>>> <end snip>
>>>
>>> The first time I read it, I didn't really understand exactly what I 
>>> need to do, but I intend to read this again, and see if I can't 
>>> figure it out.
>>>
>>> Anyone else out there solve this issue?
>>>
>>> Rita Gibson
>>>
>>> _______________________________________________
>>> K12OSN mailing list
>>> K12OSN at redhat.com
>>> https://www.redhat.com/mailman/listinfo/k12osn
>>> For more info see <http://www.k12os.org>
>>>
>> Rita, if you need specific details, please let me know.  I will be 
>> happy to show you how this was all set up.  It was actually pretty 
>> easy, and can be done in a pretty much "on the fly" manner.  It would 
>> be best to actually do the cut over when there isn't anyone logged 
>> in, but I have changed them on the fly and so far it has created no 
>> issues.  Just remember that if users save things in My Documents, 
>> they will be deleted with their profile.  They will eventually learn 
>> to save to their home directory instead of My Documents (our's did!).
>>
>> Doug
>>
>> _______________________________________________
>> K12OSN mailing list
>> K12OSN at redhat.com
>> https://www.redhat.com/mailman/listinfo/k12osn
>> For more info see <http://www.k12os.org>
>
>
> Why not just alter the location of My Documents at login ? Really 
> quite easy to do with a login script to alter location of things like 
> cookies as well.
>
> I'm not around tomorrow but if you's like to know more drop me a mail 
> offlist.
>
> Brian Chivers
>
> ---------------------------------------------------------------
>    The views expressed here are my own and not necessarily 
>                the views of Portsmouth College            
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
One reason is that on Student's computers, with profiles, every use has 
a profile that fills up with web ages and other useless data wasting 
hard drive space.
Deleting the profile at logout cleans up the mess very nicely.  Also, 
the screens come back to the deafults and the users get tired of 
changing them every day and pretty soon, they just do their work instead 
of messing with windows settings.

Works great for us!

Doug

More information about the K12OSN mailing list