[Samba] Classicupgrade FL 2012_R2 NTLM/Kerberos logon

Peter Milesson miles at atmos.eu
Thu Jun 20 11:11:28 UTC 2024

On 20.06.2024 9:28, Rowland Penny via samba wrote:
> On Wed, 19 Jun 2024 19:16:51 +0200
> Marco Gaiarin via samba <samba at lists.samba.org> wrote:
>> Mandi! Havany via samba
>>    In chel di` si favelave...
>>>> It sounds like you are still using the old, deprecated (by Windows)
>>>> roaming profiles, instead of Folder redirection.
>> ?! Some more clue, Rowland? I use roaming profiles *AND* folder
>> redirection, usually... ;-)
> It was just a comment, but from my understanding, you should use one or
> the other, not both.
>>> So, I think I will use the "classicupgrade" method. I will wait a
>>> few days to make sure everything works well before making the final
>>> decision and moving on to the next steps.
>> I think i'm late.
>> Con consider that if you have  the same user/login and password on
>> both domain (NT and AD), you can safely migrate machine (and users)
>> from NT to AD and keep user access the old server. You need only some
>> attention, eg keep enabled SMB1 in Ad to access the old server and
>> have a WINS server active on the network.
>  From experience, once a client has seen and connected to AD, it will
> never connect to an NT4-style domain again.
> Rowland
Hi folks,

I beg to differ about folder redirection and roaming user profiles.

Both of them can be applied simultaneously, but is generally considered 
a BAD thing. It can be a tricky beast to setup, however. You need to 
start with a clean user account where everything is stored on the local 
PC. Then you apply folder redirection, and really make sure that it 
works (which may not be that easy, particularly on huge profiles). The 
last step is to implement roaming profiles, but ONLY on AppData. Any 
other use is pointless. It's ugly as sin, and it may work.

I have got a setup where both concepts are applied of historical reasons 
(started as an NT domain about 20 years ago). It works. In current 
installations, I do not use roaming profiles, as they have got huge 
drawbacks. The way to go is to use folder redirection, or user profile 
disks (hopeless to restore individual files from backups).

In folder redirection, I always redirect AppData (Roaming), Desktop, and 
Documents.  Pictures and Videos depends on the users in question, and 
what's their main profession. General office users just create lots of 
bloat in those folders. The rest, including Music and Downloads is also 
left out of folder direction, as they contain user bloat to 99.99%. The 
folders remaining on the local PC is the responsibility of the user. If 
they care about some files, they are told to move those files to a 
redirected folder.

About redirection of AppData (Roaming), there are many different 
opinions. I prefer to redirect AppData (Roaming) to not loose user 
settings, if something happens. Reconstructing a user profile with all 
details can be quite time consuming. If it's not important, just leave 
that folder out from folder redirection.

Just my 5 cents...


More information about the samba mailing list