GPO with SAMBA as DC
I am working on a network of 500 Windows workstations with Linux servers. SAMBA 4 is in use as the domain controller.
Users can move between workstations, and as a results the contents of their profiles (including MyDocuments) appear to replicate everywhere they login, causing very slow login (up to 20 min)
Can I create and push out Windows Group Policies to force the contents of My Documents onto a network samba share (folder redirection)? If so, what tool do I use to create the GPO under Linux? (Debian)
Is there a better approach to solving this problem?
You create the group policy on one of the windows workstations:
- Download and install the Windows RSAT tools (link is for Win7, it's easy to find them for 8) on one of the windows workstations.
- Logged in as a domain admin, open Group Policy Management, either create a new policy or pick one that applies to the right users (I'm skipping over some GP concepts, you may need to look up the basics)
- Right-click and open the policy in Group Policy Management Editor
- Expand the User Configuration, then Policies, then Windows Settings, then select Folder Redirection.
- You probably want to select "Basic – Redirect Everyone’s Folder to the Same Location" as the target, but the details depend on your environment. There are lots of tutorials online or you can just try out different options and have the policy only appy to a couple test users.
A caveat for using any Group Policies with Samba is that you have to take care of sysvol replication yourself. Policies are created under the sysvol folder on DCs and in a Windows environment that's replicated among all the DCs. But with Samba you have to set up your own replication. If you follow the Samba.org wiki for setting up your domain and have the UIDs matched across your DCs, you can just rsync the sysvol folder.