[Samba] PDC SAMBA + WIN2K problem join domain.
georgi sotirov
soteks at gmail.com
Tue Jun 21 17:26:30 GMT 2005
piaff33z wrote:
> Hi,
>
> I had success to join a samba domain with a win2K Station a few days
> ago. But today when a try to log with an another account, my station
> win2K say me she can't contact my PDC. I does not know what occurred
> since the last time.
>
> I disjoin my domain and after i has try to join again but with no
> success.
>
> The client Win2K and serveur PDC samba are on same network and switch
> thus no problem of network.
> The samba server starts and his logs says to me that is the PDC of my
> domain, but Win2K does no want to see it.
>
> somebody has an idea ?
Are you sure to do this follows, before try join win2k pc in your SAMBA PDC:
[source http://nic.phys.ethz.ch/readme/145]
*Changes for Windows 2000 to join the Samba Domain
The following steps have to be done with an local administrator or a
member of the local Administrators group.
This steps must be done before joining the Samba Domain (D-PHYS
Domain Logon):
Changes for Windows 2000 (Service Pack 4 and later)
To re-enable writing back the Roaming Profile to the home drive on
our samba file server in the Group Policy Editor
(C:\WINNT\system32\gpedit.msc) under Local Computer Policy/Computer
Configuration/Administrative Templates/System/Logon the settings for
Do not check for user ownership of Roaming Profiles Folders has to
be enabled. It can also be done with the following script:
* On X:\D-PHYS\Domain-Logon\ (How to connect to the X: drive)
double click the Win2kXP-fix.cmd
Now Windows 2000 is ready to join the Samba Domain (D-PHYS Domain
Logon).
*
And check this just for prevent future problems with WinXP Pro machines:
Changes for Windows XP to join the Samba Domain
The following steps have to be done with an local administrator or a
member of the local Administrators group.
This steps must be done before joining the Samba Domain (D-PHYS
Domain Logon):
Changes for Windows XP (all versions)
* Start the Administrative Tools (Start / Settings / Control
Panel / Administrative Tools). From there start the Local Security
Policy.
* In the Local Security Policy open Local Policies and then
Security Options.
* Disable the following entries:
o Domain member: Digitally encrypt or sign secure channel
data (Always)
o Domain member: Digitally encrypt secure channel data
(when possible)
o Domain member: Digitally sign secure channel data (when
possible)
o Domain member: Require strong (Windows 2000 or later)
session key
* In the Group Policy Editor (C:\windows\system32\gpedit.msc)
enable the following entry:
o Computer Configuration\Administrative
Templates\System\User Profiles\do not check for user ownership of
roaming profiles folders
Now Windows XP is ready to join the Samba Domain (D-PHYS Domain Logon).
More information about the samba
mailing list