[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] disable roaming profiles samba/ldap

Doug Simpson wrote:
Rita Gibson wrote:

I have a samba/ldap server doing my authentication and storing home
directories as well as roaming profiles. How do I disable roaming
(setup on core 3 using the smbldap-installer script)? This server has
running for almost a year now can I just simply disable roaming


without it affecting the server? Thanks for the help.

>>cant you simply edit oout the roamaing profiles portion of smb.conf..?

We have roaming profiles too, and I'd love to learn how to disable them!
  They are kind of a "legacy" from the W2K server we had years ago.

I was thinking that you could comment out the profile section in smb.conf.
I am not an expert and did not know if this would cause any problems. I
really need to know what to do as profiles are a problem with network
traffic. I was hoping there was an easy way to do this but with few
responses I now don't think it is. Any help is appreciated. Thanks

I guess I could test it today, with no one in the building I could put it back if it doesn't work, right?

Rita Gibson

I decided not to attempt this. Our technology teacher reminded me that we had issues when we tried this a couple of years ago. The windows machine would give us an error saying unable to log on with the user's profile give the user a choice of logging on with a temporary profile for this session.

I tried to change the profiles on the machines from roaming to local but that didn't seem to work. I have Doug Simpson's email with his solution:

<begin snip>

First off, the samba server that has the domain that the students login on
from student-use computers has the profiles in a different location than
the user's home directory, which is the default location. The profiles
have their own share on the server. The share is set up with root preexec
and post exec that creates the profile location on login and deletes the
profile location on logout for the user. Samba sets up the profile
location before it turns it over to Windows on login. Windows sets up the
profile, and the user keeps it as long as they are logged in.  Once they
logout, and after winders has written the profile and lets go of the
share, the post exec deletes the profile directory.  Windows is happy
because it wrote the profile successfully, and then the server gets happy
because it cleared up the space wasted by the profiles.

On the student-access computers, we run DriveShield which is similar to
DeepFreeze and other lockdown software. The machines are set up and a
default profile is created that contains everything the student's need for
that computer. Then the computer is locked down.  Unchangeable.

When a student logs in on that computer, they have no profile, so winders
gets a copy of the default profile, which is minimal to begin with, and
gives it to the student.  A copy is also written to the hard drive on
the computer. But when the student logs off, it is deleted from the
server, and then next time the computer is rebooted, that profile is wiped
from the computer.

So, there is no drive space wasted on either the server or the computer
for student access computers.

The domain that teachers log into is different than the domain the
students login to. Students can't use teacher's computers (security risk) because their login will not work on them. Teacher's logins will not work on student computers, either, but they don't need to anyway. Teachers have
access to all student's home directories no matter what computer they are

<end snip>

The first time I read it, I didn't really understand exactly what I need to do, but I intend to read this again, and see if I can't figure it out.

Anyone else out there solve this issue?

Rita Gibson

K12OSN mailing list
K12OSN redhat com
For more info see <http://www.k12os.org>

Rita, if you need specific details, please let me know. I will be happy to show you how this was all set up. It was actually pretty easy, and can be done in a pretty much "on the fly" manner. It would be best to actually do the cut over when there isn't anyone logged in, but I have changed them on the fly and so far it has created no issues. Just remember that if users save things in My Documents, they will be deleted with their profile. They will eventually learn to save to their home directory instead of My Documents (our's did!).


K12OSN mailing list
K12OSN redhat com
For more info see <http://www.k12os.org>

Why not just alter the location of My Documents at login ? Really quite easy to do with a login script to alter location of things like cookies as well.

I'm not around tomorrow but if you's like to know more drop me a mail offlist.

Brian Chivers

The views expressed here are my own and not necessarily the views of Portsmouth College
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]