[Samba] XP auto enrollment error; TEMP profile

Achim Gottinger achim at ag-web.biz
Sun Oct 1 22:06:41 UTC 2017


Seems to be an old problem

http://www.eventid.net/display-eventid-15-source-AutoEnrollment-eventno-1397-phase-1.htm


Am 30.09.2017 um 03:27 schrieb ToddAndMargo via samba:
> Dear list,
>
> Help!
>
> I just upgrade a samba server.
>
> Server:
>    Fedora 26
>    samba-4.6.8-0.fc26.x86_64
>
> Workstations (5 of them):
>    XP Pro SP3
>
> The old server was set up as a Domain controller.  I copied the
> smb.conf over to the new server.
>
> The XP workstations can see and mount everything.
>
> On the workstations, I removed myself from the old domain and rebooted,
> powered off the old server, reattached to the domain.
>
> Problem: when I log into the domain, I get the following in my error 
> log and I get a stinking TEMP directory/profile.
>
> Event Type:    Error
> Event Source:    AutoEnrollment
> Event Category:    None
> Event ID:    15
> Date:        9/29/2017
> Time:        4:33:10 PM
> User:        N/A
> Computer:    CURTIS-SCREW
> Description:
> Automatic certificate enrollment for local system failed to contact 
> the active directory (0x8007054b).  The specified domain either does 
> not exist or could not be contacted.
>   Enrollment will not be performed.
>
> For more information, see Help and Support Center at 
> http://go.microsoft.com/fwlink/events.asp.
>
>
> Removing the temp profile for the registry and erasing the
> TEMP director from Doc and Setting and rebooting does not help.
>
> What am I doing wrong?
>
> -T
>
> my smb.conf:
>
> [global]
>    workgroup = xxxxx
>    server string = Fedora Samba Server
>    volume = Fedora Core, %v
>    comment = Samba (NetBIOS) Server on FedoraServer.xxxx.com
>    netbios name = FedoraServer
>    dns forwarder = 192.168.255.12
>    allow dns updates = nonsecure
>    interfaces = eno1 127.0.0.1
>    hosts deny = ALL
>    hosts allow = 192.168.255. 127.0.0.
>    lanman auth = yes
>    ntlm auth = yes
>    printcap name = /etc/printcap
>    show add printer wizard = No
>    load printers = yes
>    printing = BSD
>    guest account = pcguest
>    log file = /var/log/samba/samba-log.%m
>    log level = 4 passdb:10 auth:10
>    follow symlinks = yes
>    wide links = no
>    locking = yes
>    strict locking = no
>    security = user
>    smb passwd file = /etc/samba/smbpasswd
>    unix password sync = Yes
>    passwd program = /usr/bin/passwd %u
>    passdb backend = smbpasswd
>    username map = /etc/samba/smbusers
>     os level = 64
>     domain logons = yes
>     domain master = yes
>     local master = yes
>     preferred master = yes
>    idmap config * : backend        = tdb
>    idmap config * : range          = 1000000-1999999
>    add user script = /usr/sbin/useradd -m -G users '%u'
>    delete user script = /usr/sbin/userdel -r '%u'
>    add group script = /usr/sbin/groupadd '%g'
>    delete group script = /usr/sbin/groupdel '%g'
>    add user to group script = /usr/sbin/usermod -A '%g' '%u'
>    add machine script = /usr/sbin/useradd -s /bin/false -d 
> /var/lib/nobody '%u'
>    logon script = scripts/logon.bat
>    logon path = /exports/netlogon
>    logon drive = X:
>    wins support = yes
>    name resolve order = host
>    dns proxy = yes
>    deadtime = 20160
>    force create mode = 0000
>    create mode = 0777
>    force directory mode = 0000
>    directory mode = 0777
>    map archive = yes
>    map system = yes
>    map hidden = yes
>
> [profiles]
>    # https://www.ccs.uky.edu/docs/samba.htm
>    # create mode = 0600
>    # directory mode = 0700
>    create mode = 0777
>    directory mode = 0777
>    path = /exports/profiles/
>    profile acls = yes
>    read only = no
>    writable = yes
>
> [public]
>    comment = Public on xxxxx FedoraServer -- Mount as F:
>    path = /exports/public
>    valid users = @users
>    write list = @users
>    force group = users
>    force user = public
>    locking = yes
>    oplocks = no
>    fake oplocks = no
>    level2 oplocks = no
>    strict locking = no
>    blocking locks = no
>    public = no
>    writable = yes
>    printable = no
>    browseable = yes
>    create mode = 0777
>    force directory mode = 0000
>    directory mode = 0777
>    map archive = yes
>    map system = yes
>    map hidden = yes
>
> [homes]
>    comment = %u.%G' Home/Documents Directory -- Typically mount as G: 
> (UH)
>    path=/home/%u/Documents
>    valid users = @users
>    write list = @users
>    read only = no
>    create mode = 0750
>    public = no
>    writable = yes
>    printable = no
>    browseable = no
>
>    create mode = 0777
>    force directory mode = 0000
>    directory mode = 0777
>    map archive = yes
>    map system = yes
>    map hidden = yes
>
> [printers]
>    comment = All Printers
>    path = /var/spool/samba
>    browseable = no
>    public = yes
>    guest ok = no
>    writeable = no
>    printable = yes
>
> [netlogon]
>    comment = Network Logon Service (X:)
>    path = /exports/netlogon
>    public = no
>    writeable = no
>    # set browable to "no" if you don't want everyone to be able to 
> browse the scripts
>    browsable = yes
>
>
>
>
>
>
>




More information about the samba mailing list