Laptops, centralized authentication, and "roaming profiles"

Tony Shadwick tshadwick at
Wed Jun 8 00:09:31 GMT 2005

I have a question of theory that has been bugging me that I thought I 
would throw at the list.

Presume this configuration: a typical small to medium sized company, we'll 
say 25 workstations, all running some version of *nix, for sanity we'll 
presume all FreeBSD, but I see no reason some couldn't be linux or osx.

I could set up centralized authentication via NIS or LDAP without too much 
difficulty.  I'm aware of the differences in password schema that must be 
overcome, but I've learned to deal with this.  So now I can go workstation 
to workstation and log in, no problem.

NFS can be set up equally well.  No issues.  In the scenario with desktop 
machines, this quite simply isn't a problem so long as you are okay with 
working on everything across the network.  Something about that bugs me 
though...really.  You wind up eating up network resources constantly. :\ 
Anyway, that's a tangent to the real kicker.


They don't stay put!  (well duh)

Okay, so the user can log in to the "domain" if you will when in the 
office, and sure, NFS will automount, but what happens when the user 
leaves the office?  I've done some quick searching on "roaming profiles" 
(I actually googled 'linux roaming profiles' with little success).

So how should one play this out?  I personally am on a Powerbook, and have 
intentionally set up local user auth.  I open and close my laptop to sleep 
it, leave a network, open it and next thing you know you're on a new 
network.  Now, the fact that you generally only have 1 user per laptop 
makes this "kind of" okay, but your home directory is no longer 
centralized, you home directory doesn't get backed up, and now I'm dealing 
with a user that really isn't auth'ing against the domain, and having to 
alot permissions for such user, and having to manage local machine uid's 
and gid's.  Ugh!

You see the cluttered path my mind is wandering down here?

Is there already a solution to this, or is it still someone one must hack 
for themselves?

More information about the freebsd-questions mailing list