[Samba] suse 8.2 Samba 3 LDAP :Cannot Log onto Domain Member Workstation After Joining Domain

[Sundaram Ramasamy]

In my windows 2000 machine I don't have Group Policy Editor , User
Profiles not there, after chaning this setting also, I was not able to
login.

Refrence:

======================
I had the same problem and the following steps executed on the Win2K system
as Administrator did it for me:

Start the Administrative Tools (Start / Settings / Control Panel /
Administrative Tools). From there start the Local Security Policy.
In the Local Security Policy open Local Policies and then Security Options.
Disable the following entries:
Domain member: Digitally encrypt or sign secure channel data (Always)
Domain member: Digitally encrypt secure channel data (when possible)
Domain member: Digitally sign secure channel data (when possible)
Domain member: Require strong (Windows 2000 or later) session key

In the Group Policy Editor (C:\windows\system32\gpedit.msc) enable the
following entry:
Computer Configuration\Administrative Templates\System\User Profiles\do not
check for user ownership of roaming profiles folders

======================


> Hi,
>
> Now I was not able to login to the samba3 domain from windows 2000, after
> refreing this document
>
> http://us3.samba.org/samba/docs/man/samba-pdc.html#id2888010
>
> Here is my smb.conf setting.
>
>         client schannel = Auto
>         server schannel = Auto
>         client signing = auto
>         server signing = No
>
> What should I change to login to the domain. I am attaching smb.conf file.
>
> [global]
>         workgroup = TUX-NET
>         passdb backend = ldapsam:ldap://localhost
>         debuglevel = 3
>         time server = yes
>         interfaces = 127.0.0.1 eth0
>         bind interfaces only = true
>         printing = cups
>         printcap name = cups
>         load printers = yes
>         wins support = Yes
>         unix charset = LOCALE
>         local master = yes
>         domain master = yes
>         domain logons = yes
>         security = user
>
>               add user script = ldapsmb -a -u "%u"
>            delete user script = ldapsmb -d -u "%u"
>            add machine script = ldapsmb -a -w "%u"
>              add group script = ldapsmb -a -g "%g"
>           delete group script = ldapsmb -d -g "%g"
>      add user to group script = ldapsmb -j -u "%u" -g "%g"
> delete user from group script = ldapsmb -j -u "%u" -g "%g"
>      set primary group script = ldapsmb -m -u "%u" -gid "%g"
>         ldap admin dn           = cn=Manager,dc=sfgroup,dc=com
>         ldap suffix             = dc=sfgroup,dc=com
>         ldap machine suffix     = ou=People
>         ldap group suffix       = ou=Groups
>         ldap user suffix        = ou=People
>
> -SR
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>