[Samba] suse 8.2 Samba 3 LDAP :Cannot Log onto Domain Member Workstation After Joining Domain

John H Terpstra jht at samba.org
Thu Jan 1 21:16:01 GMT 2004


Sundaram,

The Windows 2000 Group Policy Editor is launched by:

1. Click Run, enter MMC, Click Ok.
2. Click menu bar Console -> Add/Remove Snap-in...
3. Click Add
4. Scroll down to and then click "Group Policy"
5. Click Add
6. Click Finish, this completes the addition of the Group Policy Editor to
the Microsoft Management Console.
7. Click Close, this closes the Add Standalone Snap-in panel.
8. Click Close, this closes the "Add/Remove Snap-in panel.
9. Click through to:
Computer Configuration\Administrative Templates\System\User Profiles

10. Select the policies you wish to change.


- John T.

On Thu, 1 Jan 2004, Sundaram Ramasamy wrote:

> In my windows 2000 machine I don't have Group Policy Editor , User
> Profiles not there, after chaning this setting also, I was not able to
> login.
>
> Refrence:
>
> ======================
> I had the same problem and the following steps executed on the Win2K system
> as Administrator did it for me:
>
> Start the Administrative Tools (Start / Settings / Control Panel /
> Administrative Tools). From there start the Local Security Policy.
> In the Local Security Policy open Local Policies and then Security Options.
> Disable the following entries:
> Domain member: Digitally encrypt or sign secure channel data (Always)
> Domain member: Digitally encrypt secure channel data (when possible)
> Domain member: Digitally sign secure channel data (when possible)
> Domain member: Require strong (Windows 2000 or later) session key
>
> In the Group Policy Editor (C:\windows\system32\gpedit.msc) enable the
> following entry:
> Computer Configuration\Administrative Templates\System\User Profiles\do not
> check for user ownership of roaming profiles folders
>
> ======================
>
>
> > Hi,
> >
> > Now I was not able to login to the samba3 domain from windows 2000, after
> > refreing this document
> >
> > http://us3.samba.org/samba/docs/man/samba-pdc.html#id2888010
> >
> > Here is my smb.conf setting.
> >
> >         client schannel = Auto
> >         server schannel = Auto
> >         client signing = auto
> >         server signing = No
> >
> > What should I change to login to the domain. I am attaching smb.conf file.
> >
> > [global]
> >         workgroup = TUX-NET
> >         passdb backend = ldapsam:ldap://localhost
> >         debuglevel = 3
> >         time server = yes
> >         interfaces = 127.0.0.1 eth0
> >         bind interfaces only = true
> >         printing = cups
> >         printcap name = cups
> >         load printers = yes
> >         wins support = Yes
> >         unix charset = LOCALE
> >         local master = yes
> >         domain master = yes
> >         domain logons = yes
> >         security = user
> >
> >               add user script = ldapsmb -a -u "%u"
> >            delete user script = ldapsmb -d -u "%u"
> >            add machine script = ldapsmb -a -w "%u"
> >              add group script = ldapsmb -a -g "%g"
> >           delete group script = ldapsmb -d -g "%g"
> >      add user to group script = ldapsmb -j -u "%u" -g "%g"
> > delete user from group script = ldapsmb -j -u "%u" -g "%g"
> >      set primary group script = ldapsmb -m -u "%u" -gid "%g"
> >         ldap admin dn           = cn=Manager,dc=sfgroup,dc=com
> >         ldap suffix             = dc=sfgroup,dc=com
> >         ldap machine suffix     = ou=People
> >         ldap group suffix       = ou=Groups
> >         ldap user suffix        = ou=People
> >
> > -SR
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
>

-- 
John H Terpstra
Email: jht at samba.org


More information about the samba mailing list