[K12OSN] disable roaming profiles samba/ldap

Tue Jan 10 17:00:06 UTC 2006

>>>>> I have a samba/ldap server doing my authentication and storing home
>>>>> directories as well as roaming profiles. How do I disable roaming
>>>>> profiles
>>>>> (setup on core 3 using the smbldap-installer script)? This server has
>>>>> been
>>>>> running for almost a year now can I just simply disable roaming
>>>
>>>
>>> profiles
>>>
>>>>> without it affecting the server? Thanks for the help.
> 
> 
>  >>cant you simply edit oout the roamaing profiles portion of smb.conf..?
>  >>chuck
>  >>
> 
>>>> We have roaming profiles too, and I'd love to learn how to disable 
>>>> them!
>>>>   They are kind of a "legacy" from the W2K server we had years ago.
>>>>
>>
>> I was thinking that you could comment out the profile section in 
>> smb.conf.
>> I am not an expert and did not know if this would cause any problems. I
>> really need to know what to do as profiles are a problem with network
>> traffic. I was hoping there was an easy way to do this but with few
>> responses I now don't think it is. Any help is appreciated. Thanks
>>
> 
> I guess I could test it today, with no one in the building I could put 
> it back if it doesn't work, right?
> 
> Rita Gibson

I decided not to attempt this. Our technology teacher reminded me that 
we had issues when we tried this a couple of years ago. The windows 
machine would give us an error saying unable to log on with the user's 
profile give the user a choice of logging on with a temporary profile 
for this session.

I tried to change the profiles on the machines from roaming to local but 
that didn't seem to work. I have Doug Simpson's email with his solution:

<begin snip>

First off, the samba server that has the domain that the students login on
from student-use computers has the profiles in a different location than
the user's home directory, which is the default location. The profiles
have their own share on the server.  The share is set up with root preexec
and post exec that creates the profile location on login and deletes the
profile location on logout for the user. Samba sets up the profile
location before it turns it over to Windows on login.  Windows sets up the
profile, and the user keeps it as long as they are logged in.  Once they
logout, and after winders has written the profile and lets go of the
share, the post exec deletes the profile directory.  Windows is happy
because it wrote the profile successfully, and then the server gets happy
because it cleared up the space wasted by the profiles.

On the student-access computers, we run DriveShield which is similar to
DeepFreeze and other lockdown software. The machines are set up and a
default profile is created that contains everything the student's need for
that computer. Then the computer is locked down.  Unchangeable.

When a student logs in on that computer, they have no profile, so winders
gets a copy of the default profile, which is minimal to begin with, and
gives it to the student.  A copy is also written to the hard drive on
the computer. But when the student logs off, it is deleted from the
server, and then next time the computer is rebooted, that profile is wiped
from the computer.

So, there is no drive space wasted on either the server or the computer
for student access computers.

The domain that teachers log into is different than the domain the
students login to.  Students can't use teacher's computers (security risk)
because their login will not work on them.  Teacher's logins will not work
on student computers, either, but they don't need to anyway. Teachers have
access to all student's home directories no matter what computer they are
using.

<end snip>

The first time I read it, I didn't really understand exactly what I need 
to do, but I intend to read this again, and see if I can't figure it out.

Anyone else out there solve this issue?

Rita Gibson