[Samba] Laptop users as domain members; profiles

Thu Sep 4 22:25:48 GMT 2003

Go ahead and add them to the domain.

Once they have logged on to the domain once, they can disconnect from the
domain and still log onto it.  They will get a message that "No Domain
Controller Was Available to Authenticate Your Logon .  .  . You have been
logged on with cached information."

Profiles will get handled properly - when they come back to the domain, the
local profile is newer than the server-based one, so it will use the local
one, and write it back to the server when they log off.

madmac

----- Original Message ----- 
From: "Scott Werschke" <scott at werschkes.com>
To: <samba at lists.samba.org>
Sent: Thursday, September 04, 2003 4:28 PM
Subject: [Samba] Laptop users as domain members; profiles

I would like to implement Samba as a PDC in our organization, but am
wrestling with how to handle laptop users.

If I join them to the domain and give them a domain account, I will still
need to allow them a local account so that they can logon on the road.  This
means that they will have two distinct accounts and two distinct profiles.
I could initially make the two profiles identical by copying the existing
profile to the domain profile or copying the existing profile to the default
profile before the domain profile is created, but subsequent changes to the
local profile would not be reflected in the domain profile and vice versa.
I anticipate that this could cause great headaches for users and
administrators.  If a user created or edited documents, added e-mail
contacts or messages in outlook express or outlook, etc. as a domain user
while in the office, these changes would not be seen when they logged in on
the road as a local user.  I am aware that I could have the users login on
the road as domain users using cached credentials, but to my knowledge (and
experiments seem to verify this) caching domain credentials is limited to
the use of roaming profiles.  I would like to avoid what seem to me to be a
lot of headaches with roaming profiles, i.e., potential loss of data,
extensive logon time, etc.  Further, there appears to be a limit to the
number of previous logons to cache - 50.  I don't have the power to limit
the time of the trips our executives take or the number of times they are
allowed to logon on the road.

The best solution I can come up with now is to remap there My Documents
folder, Oulook express store folder and Outlook .pst files for both accounts
to locations outside of the profiles.  This is O.K. except the additional
work in setting up the client, the potential that I have missed something
critical that should be "non-exclusive" to the two profiles, and that I
don't have anyway of forcing them to login to the domain when they are in
the office.  They could accidentally or intentionally login as a local user
in the office, and I would not be able to track usage in the office or
utilize logon scripts.

I am aware that some organizations seem to have a policy of simply not
adding laptops to the domain, but with Samba this would also prevent me from
utilizing logon scripts.

Any ideas would be appreciated.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba