[Samba] Re: PDC, BDCs - how do you synchronize roaming profiles?

Sun Dec 12 21:43:06 GMT 2004

Tomasz Chmielewski írta:

> John H Terpstra wrote:
>
>>> I thought of this approach:
>>>
>>> - keep profile size to the minimum (20-30 megs),
>>
>>
>>
>> How will you control the size of the profile? I can not see a 
>> practical solution to do this.
>
>
> Didn't think of it yet.
>
> Several years ago, in a rather big university facility I saw something
> like that on Windows NT workstations: if student profile was too big,
> user was disallowed to logout until he/she deleted some data (there was
> a pop-up window "your profile is bigger than XY megabytes, you can't log
> out, delete some files etc.").
> The only way to logout was to delete some files and try again, or to
> poweroff the machine (which meant the profile was lost).
>
> Anyone knows what this could be?
>
>

NTConfig.POL made with NT4 policy editor saved to the root of the 
netlogon share can implement profile size limitations. I think one of 
the adm files distributed with poledit.exe can do the trick.

>>> - rsync changes of the profile to the other domain controllers when 
>>> user
>>> logs out.
>>
>>
>>
>> The trouble is that you have to do it from each WAN location and 
>> there is just no way to maintain data integrity with multiple source 
>> locations and multiple targets.
>
>
> Given the fact that one user can log in only once and in one place, I
> think it is doable: just rsync changes to other places using "postexec"
> %U script. There are some problems to be solved (what if changes can't
> be uploaded for some time and we have two different profiles?), but I
> think I have to live with that as I didn't think of anything better so 
> far.
>
>
> It would be great if there was some "profile-daemon" which could take 
> care of profile replication:
>
> 1) user logs out and uploads profile to a local Samba server,
>
> 2) "profile-daemon" notices that user logged out and finished 
> uploading profile locally,
>
> 3) "profile-daemon" attempts to copy profile to other location(s); if 
> upload successful, exit
>
> 4) if upload unsuccessful, retries,
>
> 5) if user wants to log in locally again - no problem; if user is a 
> olympic sprinter and managed to reach another building before the 
> profile was fully uploaded, he should be notified during login that 
> profile is not in sync (and ask what to do),
>
> 6) if upload unsuccessful because link broken, triggers dial-up and 
> notifies other locations that the profile is *not uploaded*,
>
> 7) now other locations know that profiles are not in sync, and won't 
> allow user to log in (or allow to log in, but warn that profile is not 
> in sync),
>
> 8) every 5 or 10 minutes "profile-daemons" should communicate and 
> exchange information; if they can't communicate, they know it, and 
> during login present a user a window explaining "last profile change 
> was on Friday, 11:34 etc., what to do"...
>
>
> This would need some additional software installed on a Windows side, 
> too I think.
>
>
> Anyway I think it could be a killer Samba feature, especially for 
> bigger organizations like universities.
>
>
>
>>> Do you think it's a good approach, or should I think of something else?
>>
>>
>>
>> I'd suggest local profiles for such mobile users. Remember you can 
>> use Windows XP Pro off-line folders to replicate data to a home server.
>
>
> But these mobile users can sit in front of a random workstation, so I
> can't do it like that.
>
>
> Tomek
>
Very nice, but very hard to implement.
Another idea:

There is coda (http://coda.cs.cmu.edu/), which was designed for 
disconected operation, you could try to make it interoperate with samba.
I think it is not trivial either, as coda uses its own 
authentication/authorization methods, with some support for kerberos.

Cheers,

Geza Gemes