[olug] Samba roaming profiles

Adam Lassek adam at doubleprime.net
Thu Apr 10 11:41:18 UTC 2008


Isn't it possible to combine Samba, OpenLDAP and Kerberos to control an AD
domain? Is that an ugly hack? I know it isn't easy, since I've never managed
to get it working.

On Tue, Apr 8, 2008 at 4:42 PM, Phil Brutsche <phil at brutsche.us> wrote:

> What you see happens when there is a process stuck in the background
> when the user logs off - the machine is not able to fully sync the
> profile to the network storage location due to files (or the registery)
> being in use, and the locally cached copy is deleted when the user logs
> on again.
>
> The stuck process could be anything, and in my experience *has been
> anything* - any and all Mozilla products, IE, various MS Office
> components, OpenOffice, etc etc etc. At my office the Mozilla products
> are probably the biggest offenders.
>
> The best solution would be to:
> a) ditch roaming profiles - definitely for the laptops, maybe for the
> desktops as well
> b) redirect the Desktop and My Documents folder to SMB shares - all
> users on all machines, period end of story.
>
> You can then use offline files so that the laptop-equipped users can get
> to their files when they have their laptops with them off-site.
>
> Redirecting the Desktop and My Documents will also greatly shorten login
> and logout times.
>
> You should also consider redirecting Application Data to an SMB share as
> well, at least for the desktops.
>
> <warning keptin, flame war incoming!!!>
> And, dare I say it, if you are using Samba as a domain controller (you
> didn't explicitly say so, but it sounds like it), ditch it. At best it
> is a poor replacement for an NT4 domain controller. The specific piece
> of functionality you need - flexible group policies - didn't exist under
> NT4. They were introduced with Windows 2000 and Active Directory in 1999
> - almost 10 years ago!
>
> Most of what you want to do is trivial in an Active Directory
> environment, which Samba won't be able to provide until the mythical 4.0
> is released. And I don't see that happening until 2009 at the earliest,
> and very easily won't be until the next decade.
> </flame war warning disabled>
>
> Alternatively, you could configure the local group policy via gpedit.msc
> (this requires an XP Professional machine), and manually copy the
> policies (stored under C:\WINDOWS\System32\Security\Templates) to the
> other machines. IME the XP Pro templates work fine on XP Home.
>
> However, DO NOT mix the templates between different Windows versions, ie
> don't put the XP templates on a 2000 machine, or XP templates on a Vista
> machine, or Vista templates on an XP machine, etc etc etc. I don't know
> what the affect will be.
>
> Craig Wolf wrote:
> > So, here is the situation.  Setup the Opensuse server running samba
> > and roaming profiles.  This has worked GREAT up until just recently.
> > They started adding laptops to the mix and as I understand it, with
> > roaming profiles, when you login, it overwrites what is on the local
> > station by bringing down your profile from the server.  This has
> > caused lost files on the laptop, yes just disappeared from the users
> > desktop and/or My Docs.
> >
> > Looking for ideas to get around this.  Three I have thought of are:
> > 1. removing roaming profiles completely after informing them of such
> > 2. selective people having roaming profiles
> > 3. selective machines getting roaming profiles
> >
> > I know that 1 will work but half of the 10 person office do not have
> > laptops so that is not the first choice.  I have not found any info
> > for 2 or 3.  Looking for help on what people have done, if numbers 2
> > or 3 can work, or maybe a better idea for my laptop users.
> >
> > Signed, getting confused...
> >
> > Thanx for any replies!!
> --
>
> Phil Brutsche
> phil at brutsche.us
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>



More information about the OLUG mailing list