[Samba] Re: SAMBA/PDC + LDAP HELP please? => For your profiles.

Fri Oct 7 17:04:10 GMT 2005

On Friday 07 October 2005 07:51, Louis van Belle wrote:
> realy,
>
> thank you for notifing me..
>
> but why is this then in the manual
> http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html
> Windows XP Service Pack 1
> There is a security check new to Windows XP (or maybe only Windows XP
> service pack 1).
> It can be disabled via a group policy in the Active Directory. The policy
> is called:
> Computer Configuration\Administrative Templates\System\User Profiles\
>           Do not check for user ownership of Roaming Profile Folders
> ( is same as  CompatibleRUPSecurity"=dword:00000001 )
> And yes this is also in SP2.

This was user contributed documentation. The HOWTO document is a broad 
collection of tips, explanations, hints, and detailed explanations of the 
inner workings of Samba. I have re-read the chapter and believe the 
information is still useful, though it could do with some updating. Please 
take note though, the HOWTO is NOT a deployment guide.

Is anyone volunteering to review and revise this chapter? I do not have time 
right now.

Detailed example configurations for Samba, support software and Windows 
clients is provided in the book "Samba-3 by Example" ISBN 013188221X, 
available from Amazon.Com and in PDF from:

	http://www.samba.org/samba/docs/Samba3-ByExample.pdf

"Samba3 by Example" is a prescriptive guidance document that provides 
detailed, step-by-step, deployment information for complete networking 
solutions. The book, "The Official Samba-3 HOWTO and Reference Guide" is NOT 
a deployment guide, but it provides detailed documentation of the various 
capabilities and components of Samba - without showing detailed deployment 
steps.

Cheers,
John T.

>
> I used this to avoid problems, and it works for me.
> As i see in the sambalist lots of people have the same problems and
> questions
> so therefor i give them my working config, And this is what i did.
> that of the requiresignorseal / signsecurechannel i didnt know,
> so im going to test this in my 2e office location. thank you voor notifing
> me for that.
>
> the "ExcludeProfileDirs" is used in my default user profile.
> and this are the default directories :
> Geschiedenis, Local Settings, Temp en Temporary Internet Files
>
> default there is also "Local Settings".. and i want these to move also
> in to the profile dir on the server, there are files in i need
> when users move to an other pc.
> for example.
> %USERPROFILE%\Local Settings\Application Data\Microsoft\Outlook  (
> extend.dat )
> Stores a reference to which extensions (addins) you have loaded.
>
> %USERPROFILE%\Local Settings\Application Data\Microsoft\Credentials
> Contains setting of my users, so i excluded this out of the
> excludeprofiledir
>
> just some comment..
>
> Louis
>
> >-----Oorspronkelijk bericht-----
> >Van: samba-bounces+louis=van-belle.nl at lists.samba.org
> >[mailto:samba-bounces+louis=van-belle.nl at lists.samba.org]
> >Namens Craig White
> >Verzonden: vrijdag 7 oktober 2005 14:39
> >Aan: samba at lists.samba.org
> >Onderwerp: RE: [Samba] Re: SAMBA/PDC + LDAP HELP please? =>
> >For your profiles.
> >
> >On Fri, 2005-10-07 at 08:54 +0200, Louis van Belle wrote:
> >> when this is done.
> >>
> >> add 2 registry keys.
> >> /cut_here
> >> REGEDIT4
> >> ; do not roam the following folders
> >> [HKEY_CURRENT_USER\Software\Microsoft\Windows
> >
> >NT\CurrentVersion\Winlogon]
> >
> >> "ExcludeProfileDirs"="Temporary Internet Files;History;Temp"
> >
> >;--------------------------------------------------------------
> >-----------
> >
> >> ; force Windows XP Professional clients to accept Samba as a PDC
> >
> >[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\
> >Parameters]
> >
> >> "requiresignorseal"=dword:00000000
> >> "signsecurechannel"=dword:00000000
> >
> >;--------------------------------------------------------------
> >-----------
> >
> >> ; Do not check for user ownership of Roaming Profile Folders
> >> [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
> >> "CompatibleRUPSecurity"=dword:00000001
> >> /cut_here
> >
> >-----
> >I hate to see people encouraged to apply unnecessary fixes that were
> >suggested to work around issues that were created as temporary
> >solutions
> >to the moving target of Windows.
> >
> >requiresignorseal / signsecurechannel issues have long since been fixed
> >in Samba - no need for those registry changes - this was a Samba 2.x
> >issue.
> >
> >I am pretty certain that the 'CompatibleRUPSecurity' registry patch
> >isn't needed any longer as well, I think that was an issue created from
> >original release of WinXP SP1
> >
> >The 'ExcludeProfileDirs' - those folders should have been excluded
> >automatically.
> >
> >Craig
> >
> >
> >--
> >This message has been scanned for viruses and
> >dangerous content by MailScanner, and is
> >believed to be clean.
> >
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228
Samba-3 by Example, 2 Ed., ISBN: 0131882221X
Hardening Linux, ISBN: 0072254971
Other books in production.