[Samba] Samba PDC problem
Martin Petersen
martin.petersen at picturepuzzlemedien.de
Tue Jul 12 14:31:07 GMT 2005
Hi Nicola (again :),
found what You were looking for:
Some information I found in the Unofficial Samba HowTo
(http://hr.uoregon.edu/davidrl/samba.html) on XP Pro clients.
Extract from there follows:
############## EXTRACT ##############
Windows XP Clients
To force Windows XP Professional clients to accept Samba as a PDC, use
the built-in XP Group Policy editor (gpedit.msc) and locate the Computer
Configuration\Windows Settings\Security Settings\Local Policies\Security
Options branch. Make sure to disable the following policies:
Domain Member: Digitally encrypt or sign secure channel data (always)
Domain Member: Digitally sign secure channel data (when possible)
Alternately, you can make the following change to the registry:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"requiresignorseal"=dword:00000000
"signsecurechannel"=dword:00000000
To disable annoying Event Viewer notifications about "Automatic
ertificate enrollment for local system failed to contact the active
directory" every eight hours, locate the Computer Configuration\Windows
Settings\Security Settings\Public Key Policies branch and select "Do not
enroll certificates automatically" under Autoenrollment Settings. Note
that this policy won't be available until after the XP machine has
joined the domain.
If you'd like to use Roaming Profiles with Windows XP clients that have
Service Pack 1 or later installed, use the built-in XP Group Policy
editor (gpedit.msc) and locate the Computer Configuration\Administrative
Templates\System\User Profiles branch. This is described in Microsoft's
Technet Q327462. Make sure to enable the following policy:
Do not check for user ownership of Roaming Profile Folders
Alternately, you can make the following change to the registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"CompatibleRUPSecurity"=dword:00000001
Alternately as well, you can make the following addition to your
smb.conf file:
[profile]
profile acls = yes
Windows XP Home Edition does not support logging into a Primary Domain
Controller, so you'll have to use Windows XP Professional instead.
############## END EXTRACT ##############
Ciao,
Martin
More information about the samba
mailing list