Author Topic: Loading Roaming Profiles from Local Server, not over VPN?  (Read 726 times)

nickpiggott

  • Zen Apprentice
  • *
  • Posts: 18
  • Karma: +5/-0
    • View Profile
Loading Roaming Profiles from Local Server, not over VPN?
« on: May 28, 2018, 12:38:03 pm »
I'm hoping this is a common enough problem for people to have a few ideas about solving it.

I have users provisioned with Windows Roaming Profiles, and based on two sites linked with a (slow) VPN link. There is a PDC on one site, and a BDC on the other site, both running Zentyal 5.1. I use unison to keep the filesystems of the two machines continuously synchronised.

The profilePath item for the user in LDAP depends on which server I have created them - if I create the user on the PDC, it says \\pdc\profiles\username, if I create them on the BDC it says \\bdc\profiles\username

The problem comes when a user is working on the "other" LAN (e.g. someone who's profile was created on the BDC comes and works on the LAN with the PDC - which is linked to the other LAN using a slow VPN). Because their profile says \\bdc\profiles\username, it loads their Windows profile very very slowly (hours to login) over the VPN from the BDC, rather than loading it from the LAN on the PDC.

I've tried putting in local alias entries into the local DNS servers - FS pointing to the same ip address as the PDC on one lan, and pointing to the BDC on the other lan - and then manually editing the profilePath to point to \\fs\profiles\username - but Samba notices that it's an alias and refuses to load the profile. (I assume it's worried that a machine is spoofing the PDC / BDC)

Any thoughts on how I can put a workaround in for this problem?

nickpiggott

  • Zen Apprentice
  • *
  • Posts: 18
  • Karma: +5/-0
    • View Profile
Re: Loading Roaming Profiles from Local Server, not over VPN?
« Reply #1 on: May 29, 2018, 01:36:46 pm »
A follow up for later thread-readers.

I added a new host entry to each of the two servers by editing

/usr/share/zentyal/stubs/samba/smb.conf.mas

and adding the line

netbios aliases = fs

However, I still have a problem. If I add fs a hostname alias to the DNS server on both boxes, then they sychronise across the two sites, and it's pot luck which IP address I get when resolving fs / fs.DOMAIN.COM

My workaround is to add

192.168.x.y fs fs.domain.com

to the \windows\system32\drivers\etc\hosts file on each and every machine on the network, where it's hard coded to point to the local server for that LAN.

My idea solution would be for the local PDC / BDC to give out its local IP address as fs, but I can't see a way of adding a DNS record into SAMBA that doesn't replicate to the other site.