Topic: Roaming Profiles & XP

[p-jones]

Probably a dumb question to many but something I have always struggled with.

Is there a good A-Z document somewhere regarding authenticating a Windows box to an SME Server(V6.x.x) and enabling roaming profiles ??

I have searched through the archives and elsewhere etc and found bits and pieces. lots of them, but not the whole picture. Now I am really confused and need a straightforward A-Z to help sort my thoughts out.

Thanks
Peter

[irian]

Enable roaming profiles in the server-manager.
The XP boxes will put the profiles in the user Home directory at first logon.
The home dir will have a directory called profile or .profile (hidden)

That is all. Be sure to have enabled roaming profiles in XP itself.

Martijn

[p-jones]

Thanks for the reply. I am still not totally clear.
1 I am going to apply the regedit
2 Join the PC into the domain
3 Log the user into the domain

All this assumes the user has an account on the PC, and account on the server.

OK There are some profile setting required in the window client. Correct ?? EXACTLY how will thety look ??

What have I missed here ??

Peter

[Brave Dave]

look

the docmentation is pretty clear

don't enable them unless you know what you are doing

but at it's most simplistic, windows copies it user settings to the server at logoff

when it logs on, it restores the settings, this pretty well includes everything in
c:\my documents\<my name> .. but not the outlook express files .. not sure, meaybe the outlook files...... maybe other stuff

which is great when every workstation is the same

so why wouldn't you use it;
 - well maybe some workstations are XP, some 2k
 - well maybe some MS Offices are 2k, some 2003, some 2003, some 97 --- oooooh, aaaagg (technical term)

well, i like them - so i turn them on

but, i reinstall workstations at the drop of a hat,,,,,,,,, or virus ........ do you ?


oh yeah .. so your reinstalled the workstation .. watch out, those settings come back ....


do do do do ........


if your wonderin .... turn em off

[arthurhanlon]

Here is what I understand about profiles, it may or may not help.

I liked the fact that SME Server had roaming profiles so enabled them as I wanted to find out more about them. I had Windows 2k installed and all was fine there (have WindowsXP Pro now and haven't tried since wind2k).

Joined domain on SME box using admin username and password set at install, perfect, able to log onto domain and also the individual computer. As long as the user has an account on the SME box, they do not need an account that matched this on the machine connecting to it ie. they do not have to have the same account on both machines.

Profiles are very difficult to work with so like David says, don't enable them unless you know what you are doing or wish to experiment.

Profiles are taken from c:\Documents and Setting\"username" and stored in /home/e-smith/files/users/samba/profiles (I think )

Hope this helps,

Arthur

[sbryan]

Just some thoughts on what we did.
We had Roamning Profiles on our NT system some mandatory some individual. It turned out to be quite a pain to replicate this on the SME server. We are a school and want all students to use one profile and all staff to have their own nonmandatory one. We have ended up using the %G option in the smb.conf file to use the users group as their profile and then some fancy editing of the passwd file so that staff  had their UID and GID the same but students had their own UID and the GID of the 'student' group. Problem is, every time we add a staff member we have to then manually edit the passwd file.

This now means that staff can save their favourites in IE and setup their desktop the way they want including background and shortcuts as well as Outlook etc. Whilst students can't change anything, well at least it doesn't stick, any changes the make are not saved when they logout - in fact some policy settings prevent them from makng to many changes. I use a couple of scripts onthe server to distribute new desktop shortcuts to all users, all staff or just students.

When the user logs out their profile is supposed to be deleted from the workstation, sometimes it doesn't and can cause issues for that user when they login to that computer again.

We do as someone else mentioned, re-image at the drop of a hat, so users are warned not to save anything locally.

[p-jones]

I understand well how roaming profiles are supposed to work and as David suggest, re imaging "at the drop of a hat" is where I want to go. Also the down sides of mixed OS's and non existant applications and the like.

With a group of identical PC running identical apps, one image and the ability to re image is a very rapid way of resolving a number of issues and maintaining a consistent enviroment. I worked with this model on NT4 and Novell enviroment with 800 or so  PC's but setting it up wasnt my responsiblity so I recall little of the detail. I want to head in that direction again.

What I want to know now EXACTLY what am I going to put in the user account for profiles on the windows client so when a valid SME user logs in, the profile will traverse between the local machine and the users home directory on the SME Box. Dave what settings do you have ?

I know it can be done becasue I have done it by accident previously and cannot duplicate it now some considerable time later. I have read a lot Samba stuff and some M$ books but I am getting various permission errors and the like. Somewhere I am missing some minor detail which is the key to making this work.

[mdo]

Thanks for the reply. I am still not totally clear.
1 I am going to apply the regedit
2 Join the PC into the domain
3 Log the user into the domain

All this assumes the user has an account on the PC, and account on the server.

No, do not create (local) user accounts on the PC, you don't want this. Your server (domain controller) only is responsible for (user) and (machine) accounts. After joining the domain, just login with a valid userid which has been defined on the server.

Regards,
Michael

[p-jones]

Thanks peoples for the input. With the help of the bits an pieces here I think I have it nutted out.

I have made some notes and will produce my own A-Z and reorganise my thinking on this subject.

Ta

[sbryan]

Just for the record, AFAIK, we put nothing in the profile path of the windows client - let Samba handle it

[Brave Dave]

What I want to know now EXACTLY what am I going to put in the user account for profiles on the windows client so when a valid SME user logs in, the profile will traverse between the local machine and the users home directory on the SME Box. Dave what settings do you have ?

I do absolutely nothing to the client machine, as another post suggested, do not add any accounts to the machine.

I modify the 11domainAdminGroup template
(copy to /etc/e-smith/templates-custom/etc/smb.conf/11domainAdminGroup) to read
domain admin group = admin @shared

also: the profiles are stored in
/home/e-smith/files/samba/profiles/

if you have trouble with a user's settings and need to clear a profile, be sure to clear the users folder here (empty the folder - don't remove it), as well as from every client machine. Of course empty means you will remove files, so be careful, you can delete a users last copy of a file - maybe empty means move the data out of it.

The biggest problem I have is after applying service pack 2 - quite often have had to delete the profile from both client and server to get logged on again.

Also worth noting, a most handy tool is the "Files and Settings Transfer Wizard"

oh and [50,000 other things], email ... Outlook and Outlook express files are not saved, be careful of big profiles, look out for "logging on as temporary user" and losing everything from the session, that pesky [desktop settings] notepad ....

but if your users do run a clean ship - roaming profiles are a most rewarding feature.

[p-jones]

Thanks for the tips David. I found the settings transfer wizard very useful The only thing I still need to resolve and I have not had time to look too hard for, is the automatic mapping of the users home drive to Z: I think that is in the samba conf and corrosponding template fragment somewhere. Outside of this I have most of this working the way I want now.

I have found roaming and mandatory profiles useful in other lives and a very tidy way of keeping downtime a small workgroup (and a big one for that matter) to a minimum.

Again - thanks to everyone for the missing pieces to my jig-saw.

Peter

[p-jones]

B.T.W - have you had a look at the Microsoft UPHClean utility from microsoft for those stubborn profiles that dont/wont unload properly ? It solved some issues for me.

[Hans]

if you do get Z: as home drive i assume you are using SME < 6.5, there ist has changed to H:. yes you are right, Z: is mapped in /etc/smb.conf with the statement

logon drive = z:

.
since this thread is about profiles, has anyone managed to copy profiles of existing local users on an MS system to SME server without manual intervention?
my experience is that windows insists on removing existing profile directories and the newly created does have the wrong permissions, e.g. it does not belong to <user>.<user>.