[K12OSN] disable roaming profiles samba/ldap

Doug Simpson simpsond at leopards.k12.ar.us
Tue Jan 3 15:36:53 UTC 2006 

Profiles have to be allowed to be written by XP or you'll get profile 
errors everytime you login and logout, shutdown, etc.

Teacher's profiles are left to work because they generally sit at the same 
computers regularly, so their profile isn't that much to deal with.

But with student computers, it is another story.  Every time they login, 
they get a profile and if they haven't logged in on a computer, that 
computer then gets a copy of their profile to waste drive space on the 
local computer, as well as the server drive space. So you have 6 students 
that use every computer in a classroom over the course of a day.  But the 
students also login on other computers like library and classrooms, which, 
guess what, also get copies of the wasting-space profiles.

Simply turning off profiles in samba will not alleviate this problem 
anywhere except server drivespace. Every computer that a student logs into 
gets a profile from somewhere, and likely it is the default profile from 
the computer they just logged in on, which gets written right back to the 
same computer, under a different username so now you have two 
space-wasters and the drudgery continues for every use that ever logs in 
on that computer.

My solution is this follow closely as it might get complicated to some. 
Also, keep in mind that we run linux on our servers here, but not ldap for 
login.  I know, I still do accounts the old-fashioned way, but you'll see 
how it may be better this way than using ldap, unless I am just missing 
something major.. ..

First off, the samba server that has the domain that the students login on 
from student-use computers has the profiles in a different location than 
the user's home directory, which is the default location. The profiles 
have their own share on the server.  The share is set up with root preexec 
and post exec that creates the profile location on login and deletes the 
profile location on logout for the user. Samba sets up the profile 
location before it turns it over to Windows on login.  Windows sets up the 
profile, and the user keeps it as long as they are logged in.  Once they 
logout, and after winders has written the profile and lets go of the 
share, the post exec deletes the profile directory.  Windows is happy 
because it wrote the profile successfully, and then the server gets happy 
because it cleared up the space wasted by the profiles.

On the student-access computers, we run DriveShield which is similar to 
DeepFreeze and other lockdown software. The machines are set up and a 
default profile is created that contains everything the student's need for 
that computer. Then the computer is locked down.  Unchangeable.

When a student logs in on that computer, they have no profile, so winders 
gets a copy of the default profile, which is minimal to begin with, and 
gives it to the student.  A copy is also written to the hard drive on 
the computer. But when the student logs off, it is deleted from the 
server, and then next time the computer is rebooted, that profile is wiped 
from the computer.

So, there is no drive space wasted on either the server or the computer 
for student access computers.

The domain that teachers log into is different than the domain the 
students login to.  Students can't use teacher's computers (security risk) 
because their login will not work on them.  Teacher's logins will not work 
on student computers, either, but they don't need to anyway. Teachers have 
access to all student's home directories no matter what computer they are 
using.

I hate profiles!

Doug Simpson
Technology Specialist
DeQueen Public Schools
DeQueen, AR 71832
simpsond at leopards.k12.ar.us
Tux for President!

On Tue, 3 Jan 2006, Randall Swift wrote:

> "Support list for opensource software in schools." <k12osn at redhat.com> on
> Friday, December 30, 2005 at 12:42 PM -0500 wrote:
> >cant you simply edit oout the roamaing profiles portion of smb.conf..?
> >chuck
> >> Randall Swift wrote:
> >>> 	I have a samba/ldap server doing my authentication and storing home
> >>> directories as well as roaming profiles. How do I disable roaming
> >>> profiles
> >>> (setup on core 3 using the smbldap-installer script)? This server has
> >>> been
> >>> running for almost a year now can I just simply disable roaming
> >profiles
> >>> without it affecting the server? Thanks for the help.
> >>>
> >>
> >> We have roaming profiles too, and I'd love to learn how to disable them!
> >>    They are kind of a "legacy" from the W2K server we had years ago.
> >>
> >> Rita Gibson
> >> RMSELTech
> >>
> >> _______________________________________________
> >> K12OSN mailing list
> >> K12OSN at redhat.com
> >> https://www.redhat.com/mailman/listinfo/k12osn
> >> For more info see <http://www.k12os.org>
> >>
> >
> >
> >_______________________________________________
> >K12OSN mailing list
> >K12OSN at redhat.com
> >https://www.redhat.com/mailman/listinfo/k12osn
> >For more info see <http://www.k12os.org>
> 
> I was thinking that you could comment out the profile section in smb.conf.
> I am not an expert and did not know if this would cause any problems. I
> really need to know what to do as profiles are a problem with network
> traffic. I was hoping there was an easy way to do this but with few
> responses I now don't think it is. Any help is appreciated. Thanks
> 
> Randy Swift
> Network Administrator
> Leavitt Area High School
> Turner, Maine 04282
> (207)225-3533
> swift at msad52.k12.me.us
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>

More information about the K12OSN mailing list