Re: [Bug 1064] samba configuration needs to be corrected for domain logons
i only had troubles using "roaming" profiles. I think thats the correct
samba-term for the feature.
roaming profiles, are really bad.
- if no quota is uses, users will use massive space on the server
- if quota on the server is used:
- normal users aren't aware that their windows profile is accounted as
space for their profile
- users wonder why their login will take sometimes minutes..
- users wonder why their quota is exceeded
- if the quota is exceed, no login is possible on the windows machine, it
will login in some "rescue mode" with an new empty profile
- there are no good tools to my knowledge to "clean" a windows profile
from garbage, like local "outlook" folders, an endless growing registry..
- some windows programms are really broken, they simple do not work when
profiles are active, worse, they break completly.
i believe "best practise" would be, to disable profiles at all, and tell the
users to save their work in the home directory on the server.
And if someone has many windows machines, and whats to use profiles, document
it in the wiki how to do it right.
> ------- Additional Comments From firstname.lastname@example.org 2007-10-30 21:09 -------
> I'm not too fond of too many changes in the samba config. Reasons are manyt,
> i'll try to explain some.
> In order not to encourage the use of a operating system without security updates
> for a long time (like win98) we should realy keep support to the new (NT and
> later) way of dealing with profiles only. Most of this bug is about win9x.
> - profile dir includes desktop and myfiles which are synced at logon
> This is the windows default, and many sites may very well wish this to be the
> behaviour, especialy for desktop. I do not have statistics showing how many of
> the sites would want this feature or not. My point beeing: If we change the
> default behaviour, a different group of admins must implement changes to get
> their desiered behavior. And this group would have a harder time implementing
> common changes from online documentation and howto's since the starting point of
> samba's configuration would divert a lot more from the samba default.
> - profile directory should be put to its own share (especially if
> you are interested in one centralised mandatory profile).
> This is also very site spesific, unix users get their own homedir, with their
> own configuration for various software, why should samba users be different ?
> Personaly i want the profile dir within the homedir, to keep user files in one
> location and ease quota management. I find it better to stick with samba's
> default then to invent our own default, that admins anyway must tweak into their
> desired configuration.
> Most importantly. Keep the number of changes as low as possible between default
> and our own.
> the only change i dont mind is changing profile into .profile, But I do not
> see the big advantage, (security by obscurity = no security)
> I suggest closing as WONTFIX
> Ronny Aasen