[Samba] XP auto enrollment error; TEMP profile
ToddAndMargo
ToddAndMargo at zoho.com
Mon Oct 2 17:18:19 UTC 2017
On 10/02/2017 07:59 AM, Rowland Penny via samba wrote:
> On Mon, 2 Oct 2017 10:37:34 -0400
> Gaiseric Vandal via samba <samba at lists.samba.org> wrote:
>
>> The auto enrollment messages seems to be indicate that the client
>> machine thinks it is connecting to an AD domain.
>>
>> The profile messages is indicative of a domain membership problem,
>> whether or not you are using roaming profiles.
>>
>> Workgroup method is probably simplest- although my past experience
>> was that even at 5 machines managing multiple users on multiple
>> machines gets tricky. In theory, you have 30 passwords to set.
>> If most people only use computer then this is less of an issue.
>
> Try doing this with 12 machines with multiple users on most of the PCs,
> spread over a large area. 5 machines is easy ;-)
This I can identify with.
>
>>
>> For a small domain, I think the "classic PDC" cane simpler than a
>> Samba AD domain controller. However I have not actually tried
>> implementing a samba AD domain controller primarily because it would
>> not play well in our environment. Also, it relies Heimdal
>> Kerberos, which is not included in fedora. I don't think the XP
>> problems here are related to classic vs AD. That being said, I do
>> understand that the "classic" domain model is not a long term
>> solution.
>
> Believe me, when you get over the initial setup, an AD DC is easier,
> in this case, a new AD domain would be simple, it is the classupgrade
> that gives the most problems.
>
>>
>>
>> No specifically a samba issue but remember the idea of "defense in
>> depth." Many people think "I have a firewall, my network is safe"
>> and "I have antivirus, my PC's are safe." You need a mix client
>> antivirus, system patching, application updates, backups, e-mail spam
>> filtering, and user education. None of these have to be
>> expensive. I think you can still run free Sophos AV on XP. Make
>> sure no one is logging in with admin rights. The biggest threat
>> vector- at least in my work- seems to be e-mail (either with
>> malicious attachments or phishing links.) Anyway, that is my pitch
>> from my soap box. You can take it or leave it.
>
> All good advice.
>
>>
>>
>> As the old machines wear out, the XP issue will solve itself.
>
> I wouldn't bank on it, I have dealt with people like the OPs customer,
> and they will do anything to cut costs, including buying old computers.
Kicking an screaming!
>
> Rowland
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the samba
mailing list