[Samba] Samba PDC problem

Martin Petersen martin.petersen at picturepuzzlemedien.de
Tue Jul 12 14:31:07 GMT 2005 

Hi Nicola (again :),

found what You were looking for:


Some information I found in the Unofficial Samba HowTo
(http://hr.uoregon.edu/davidrl/samba.html) on XP Pro clients.

Extract from there follows:

############## EXTRACT ##############

Windows XP Clients

To force Windows XP Professional clients to accept Samba as a PDC, use 
the built-in XP Group Policy editor (gpedit.msc) and locate the Computer
Configuration\Windows Settings\Security Settings\Local Policies\Security 
Options branch. Make sure to disable the following policies:

Domain Member: Digitally encrypt or sign secure channel data (always)
Domain Member: Digitally sign secure channel data (when possible)

Alternately, you can make the following change to the registry:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"requiresignorseal"=dword:00000000
"signsecurechannel"=dword:00000000

To disable annoying Event Viewer notifications about "Automatic 
ertificate enrollment for local system failed to contact the active 
directory" every eight hours, locate the Computer Configuration\Windows 
Settings\Security Settings\Public Key Policies branch and select "Do not 
enroll certificates automatically" under Autoenrollment Settings. Note 
that this policy won't be available until after the XP machine has 
joined the domain.

If you'd like to use Roaming Profiles with Windows XP clients that have 
Service Pack 1 or later installed, use the built-in XP Group Policy 
editor (gpedit.msc) and locate the Computer Configuration\Administrative 
Templates\System\User Profiles branch. This is described in Microsoft's 
Technet Q327462. Make sure to enable the following policy:

Do not check for user ownership of Roaming Profile Folders

Alternately, you can make the following change to the registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"CompatibleRUPSecurity"=dword:00000001

Alternately as well, you can make the following addition to your 
smb.conf file:

[profile]
    profile acls = yes

Windows XP Home Edition does not support logging into a Primary Domain
Controller, so you'll have to use Windows XP Professional instead.

############## END EXTRACT ##############

Ciao,

Martin

More information about the samba mailing list