[K12OSN] disable roaming profiles samba/ldap
Doug Simpson
simpsond at leopards.k12.ar.us
Tue Jan 3 15:36:53 UTC 2006
Profiles have to be allowed to be written by XP or you'll get profile
errors everytime you login and logout, shutdown, etc.
Teacher's profiles are left to work because they generally sit at the same
computers regularly, so their profile isn't that much to deal with.
But with student computers, it is another story. Every time they login,
they get a profile and if they haven't logged in on a computer, that
computer then gets a copy of their profile to waste drive space on the
local computer, as well as the server drive space. So you have 6 students
that use every computer in a classroom over the course of a day. But the
students also login on other computers like library and classrooms, which,
guess what, also get copies of the wasting-space profiles.
Simply turning off profiles in samba will not alleviate this problem
anywhere except server drivespace. Every computer that a student logs into
gets a profile from somewhere, and likely it is the default profile from
the computer they just logged in on, which gets written right back to the
same computer, under a different username so now you have two
space-wasters and the drudgery continues for every use that ever logs in
on that computer.
My solution is this follow closely as it might get complicated to some.
Also, keep in mind that we run linux on our servers here, but not ldap for
login. I know, I still do accounts the old-fashioned way, but you'll see
how it may be better this way than using ldap, unless I am just missing
something major.. ..
First off, the samba server that has the domain that the students login on
from student-use computers has the profiles in a different location than
the user's home directory, which is the default location. The profiles
have their own share on the server. The share is set up with root preexec
and post exec that creates the profile location on login and deletes the
profile location on logout for the user. Samba sets up the profile
location before it turns it over to Windows on login. Windows sets up the
profile, and the user keeps it as long as they are logged in. Once they
logout, and after winders has written the profile and lets go of the
share, the post exec deletes the profile directory. Windows is happy
because it wrote the profile successfully, and then the server gets happy
because it cleared up the space wasted by the profiles.
On the student-access computers, we run DriveShield which is similar to
DeepFreeze and other lockdown software. The machines are set up and a
default profile is created that contains everything the student's need for
that computer. Then the computer is locked down. Unchangeable.
When a student logs in on that computer, they have no profile, so winders
gets a copy of the default profile, which is minimal to begin with, and
gives it to the student. A copy is also written to the hard drive on
the computer. But when the student logs off, it is deleted from the
server, and then next time the computer is rebooted, that profile is wiped
from the computer.
So, there is no drive space wasted on either the server or the computer
for student access computers.
The domain that teachers log into is different than the domain the
students login to. Students can't use teacher's computers (security risk)
because their login will not work on them. Teacher's logins will not work
on student computers, either, but they don't need to anyway. Teachers have
access to all student's home directories no matter what computer they are
using.
I hate profiles!
Doug Simpson
Technology Specialist
DeQueen Public Schools
DeQueen, AR 71832
simpsond at leopards.k12.ar.us
Tux for President!
On Tue, 3 Jan 2006, Randall Swift wrote:
> "Support list for opensource software in schools." <k12osn at redhat.com> on
> Friday, December 30, 2005 at 12:42 PM -0500 wrote:
> >cant you simply edit oout the roamaing profiles portion of smb.conf..?
> >chuck
> >> Randall Swift wrote:
> >>> I have a samba/ldap server doing my authentication and storing home
> >>> directories as well as roaming profiles. How do I disable roaming
> >>> profiles
> >>> (setup on core 3 using the smbldap-installer script)? This server has
> >>> been
> >>> running for almost a year now can I just simply disable roaming
> >profiles
> >>> without it affecting the server? Thanks for the help.
> >>>
> >>
> >> We have roaming profiles too, and I'd love to learn how to disable them!
> >> They are kind of a "legacy" from the W2K server we had years ago.
> >>
> >> Rita Gibson
> >> RMSELTech
> >>
> >> _______________________________________________
> >> K12OSN mailing list
> >> K12OSN at redhat.com
> >> https://www.redhat.com/mailman/listinfo/k12osn
> >> For more info see <http://www.k12os.org>
> >>
> >
> >
> >_______________________________________________
> >K12OSN mailing list
> >K12OSN at redhat.com
> >https://www.redhat.com/mailman/listinfo/k12osn
> >For more info see <http://www.k12os.org>
>
> I was thinking that you could comment out the profile section in smb.conf.
> I am not an expert and did not know if this would cause any problems. I
> really need to know what to do as profiles are a problem with network
> traffic. I was hoping there was an easy way to do this but with few
> responses I now don't think it is. Any help is appreciated. Thanks
>
> Randy Swift
> Network Administrator
> Leavitt Area High School
> Turner, Maine 04282
> (207)225-3533
> swift at msad52.k12.me.us
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
More information about the K12OSN
mailing list