[Samba] XP auto enrollment error; TEMP profile

Rowland Penny rpenny at samba.org
Mon Oct 2 14:59:31 UTC 2017 

On Mon, 2 Oct 2017 10:37:34 -0400
Gaiseric Vandal via samba <samba at lists.samba.org> wrote:

> The auto enrollment messages seems to be indicate that the client 
> machine thinks it is connecting to an AD domain.
> 
> The profile messages is indicative of a domain membership problem, 
> whether or not you are using roaming profiles.
> 
> Workgroup method is probably simplest-  although my past experience
> was that even at 5 machines managing multiple users on multiple
> machines gets tricky.     In theory, you have 30 passwords to set.
> If most people only use computer then this is less of an issue.

Try doing this with 12 machines with multiple users on most of the PCs,
spread over a large area. 5 machines is easy ;-)

> 
> For a small domain, I think the "classic PDC"  cane simpler than a
> Samba AD domain controller.  However I have not actually tried
> implementing a samba AD domain controller primarily because it would
> not play well in our environment.     Also, it relies Heimdal
> Kerberos, which is not included in fedora.    I don't think the XP
> problems here are related to classic vs AD.    That being said, I do
> understand that the "classic" domain model is not a long term
> solution.

Believe me, when you get over the initial setup, an AD DC is easier,
in this case, a new AD domain would be simple, it is the classupgrade
that gives the most problems.
 
> 
> 
> No specifically a samba issue but remember the idea of "defense in 
> depth."   Many people think "I have a firewall, my network is safe"
> and "I have antivirus, my PC's are safe."     You need a mix client 
> antivirus, system patching, application updates, backups, e-mail spam 
> filtering, and user education.     None of these have to be
> expensive. I think you can still run free Sophos AV on XP.   Make
> sure no one is logging in with admin rights.     The biggest threat
> vector-  at least in my work-  seems to be e-mail (either with
> malicious attachments or phishing links.) Anyway, that is my pitch
> from my soap box.   You can take it or leave it.

All good advice.

> 
> 
> As the old machines wear out, the XP issue will solve itself.

I wouldn't bank on it, I have dealt with people like the OPs customer,
and they will do anything to cut costs, including buying old computers.

Rowland

More information about the samba mailing list