[Samba] XP auto enrollment error; TEMP profile

Gaiseric Vandal gaiseric.vandal at gmail.com
Mon Oct 2 14:37:34 UTC 2017

The auto enrollment messages seems to be indicate that the client 
machine thinks it is connecting to an AD domain.

The profile messages is indicative of a domain membership problem, 
whether or not you are using roaming profiles.

Workgroup method is probably simplest-  although my past experience was 
that even at 5 machines managing multiple users on multiple machines 
gets tricky.     In theory, you have 30 passwords to set.   If most 
people only use computer then this is less of an issue.

For a small domain, I think the "classic PDC"  cane simpler than a Samba 
AD domain controller.  However I have not actually tried implementing a 
samba AD domain controller primarily because it would not play well in 
our environment.     Also, it relies Heimdal Kerberos, which is not 
included in fedora.    I don't think the XP problems here are related to 
classic vs AD.    That being said, I do understand that the "classic" 
domain model is not a long term solution.

No specifically a samba issue but remember the idea of "defense in 
depth."   Many people think "I have a firewall, my network is safe" and 
"I have antivirus, my PC's are safe."     You need a mix client 
antivirus, system patching, application updates, backups, e-mail spam 
filtering, and user education.     None of these have to be expensive. 
     I think you can still run free Sophos AV on XP.   Make sure no one 
is logging in with admin rights.     The biggest threat vector-  at 
least in my work-  seems to be e-mail (either with malicious attachments 
or phishing links.) Anyway, that is my pitch from my soap box.   You can 
take it or leave it.

As the old machines wear out, the XP issue will solve itself.

On 10/02/17 10:01, ToddAndMargo via samba wrote:
> On 10/02/2017 12:32 AM, Reindl Harald via samba wrote:
>> Am 02.10.2017 um 07:25 schrieb ToddAndMargo via samba:
>>> On 10/01/2017 10:03 PM, Reindl Harald (mobile) via samba wrote:
>>>> sorry but to say it clear: to think a anti-virus can replace a 
>>>> solid operating system is a naive and dangerous attitude
>>> Uhhh,   Why do you not look at infections rates instead of
>>> marketing FUD.  WannaCry did not even touch XP.
>> so what - beause one specific malware did not proves nothing
> The "So What" is the aggregate, not a single instance.  You
> missed my point.
>>> Not looking at this from an infection rate standpoint and,
>>> instead, believing what the marketing weasels at M$ tell
>>> you is far more dangerous in my technical opinion.
>> you seem to confuse me with someone else - i don't use any microsoft 
>> stuff for a decade now and i am grown enough to not write M$
>>> That XP is so insecure is a lot of FUD. Again, look at the
>>> infection rates if you want to know what that truth is and
>>> not marketing FUD.
>> no wonder because nobody right in his brain is using XP any longer on 
>> machines connected with a network
> Again, it is the aggregate.

More information about the samba mailing list