[Samba] Re: PDC, BDCs - how do you synchronize roaming profiles?
Gémes Géza
geza at kzsdabas.sulinet.hu
Sun Dec 12 21:43:06 GMT 2004
Tomasz Chmielewski írta:
> John H Terpstra wrote:
>
>>> I thought of this approach:
>>>
>>> - keep profile size to the minimum (20-30 megs),
>>
>>
>>
>> How will you control the size of the profile? I can not see a
>> practical solution to do this.
>
>
> Didn't think of it yet.
>
> Several years ago, in a rather big university facility I saw something
> like that on Windows NT workstations: if student profile was too big,
> user was disallowed to logout until he/she deleted some data (there was
> a pop-up window "your profile is bigger than XY megabytes, you can't log
> out, delete some files etc.").
> The only way to logout was to delete some files and try again, or to
> poweroff the machine (which meant the profile was lost).
>
> Anyone knows what this could be?
>
>
NTConfig.POL made with NT4 policy editor saved to the root of the
netlogon share can implement profile size limitations. I think one of
the adm files distributed with poledit.exe can do the trick.
>>> - rsync changes of the profile to the other domain controllers when
>>> user
>>> logs out.
>>
>>
>>
>> The trouble is that you have to do it from each WAN location and
>> there is just no way to maintain data integrity with multiple source
>> locations and multiple targets.
>
>
> Given the fact that one user can log in only once and in one place, I
> think it is doable: just rsync changes to other places using "postexec"
> %U script. There are some problems to be solved (what if changes can't
> be uploaded for some time and we have two different profiles?), but I
> think I have to live with that as I didn't think of anything better so
> far.
>
>
> It would be great if there was some "profile-daemon" which could take
> care of profile replication:
>
> 1) user logs out and uploads profile to a local Samba server,
>
> 2) "profile-daemon" notices that user logged out and finished
> uploading profile locally,
>
> 3) "profile-daemon" attempts to copy profile to other location(s); if
> upload successful, exit
>
> 4) if upload unsuccessful, retries,
>
> 5) if user wants to log in locally again - no problem; if user is a
> olympic sprinter and managed to reach another building before the
> profile was fully uploaded, he should be notified during login that
> profile is not in sync (and ask what to do),
>
> 6) if upload unsuccessful because link broken, triggers dial-up and
> notifies other locations that the profile is *not uploaded*,
>
> 7) now other locations know that profiles are not in sync, and won't
> allow user to log in (or allow to log in, but warn that profile is not
> in sync),
>
> 8) every 5 or 10 minutes "profile-daemons" should communicate and
> exchange information; if they can't communicate, they know it, and
> during login present a user a window explaining "last profile change
> was on Friday, 11:34 etc., what to do"...
>
>
> This would need some additional software installed on a Windows side,
> too I think.
>
>
> Anyway I think it could be a killer Samba feature, especially for
> bigger organizations like universities.
>
>
>
>>> Do you think it's a good approach, or should I think of something else?
>>
>>
>>
>> I'd suggest local profiles for such mobile users. Remember you can
>> use Windows XP Pro off-line folders to replicate data to a home server.
>
>
> But these mobile users can sit in front of a random workstation, so I
> can't do it like that.
>
>
> Tomek
>
Very nice, but very hard to implement.
Another idea:
There is coda (http://coda.cs.cmu.edu/), which was designed for
disconected operation, you could try to make it interoperate with samba.
I think it is not trivial either, as coda uses its own
authentication/authorization methods, with some support for kerberos.
Cheers,
Geza Gemes
More information about the samba
mailing list