[Samba] XP auto enrollment error; TEMP profile

ToddAndMargo ToddAndMargo at zoho.com
Mon Oct 2 17:18:19 UTC 2017


On 10/02/2017 07:59 AM, Rowland Penny via samba wrote:
> On Mon, 2 Oct 2017 10:37:34 -0400
> Gaiseric Vandal via samba <samba at lists.samba.org> wrote:
> 
>> The auto enrollment messages seems to be indicate that the client
>> machine thinks it is connecting to an AD domain.
>>
>> The profile messages is indicative of a domain membership problem,
>> whether or not you are using roaming profiles.
>>
>> Workgroup method is probably simplest-  although my past experience
>> was that even at 5 machines managing multiple users on multiple
>> machines gets tricky.     In theory, you have 30 passwords to set.
>> If most people only use computer then this is less of an issue.
> 
> Try doing this with 12 machines with multiple users on most of the PCs,
> spread over a large area. 5 machines is easy ;-)

This I can identify with.


> 
>>
>> For a small domain, I think the "classic PDC"  cane simpler than a
>> Samba AD domain controller.  However I have not actually tried
>> implementing a samba AD domain controller primarily because it would
>> not play well in our environment.     Also, it relies Heimdal
>> Kerberos, which is not included in fedora.    I don't think the XP
>> problems here are related to classic vs AD.    That being said, I do
>> understand that the "classic" domain model is not a long term
>> solution.
> 
> Believe me, when you get over the initial setup, an AD DC is easier,
> in this case, a new AD domain would be simple, it is the classupgrade
> that gives the most problems.
>   
>>
>>
>> No specifically a samba issue but remember the idea of "defense in
>> depth."   Many people think "I have a firewall, my network is safe"
>> and "I have antivirus, my PC's are safe."     You need a mix client
>> antivirus, system patching, application updates, backups, e-mail spam
>> filtering, and user education.     None of these have to be
>> expensive. I think you can still run free Sophos AV on XP.   Make
>> sure no one is logging in with admin rights.     The biggest threat
>> vector-  at least in my work-  seems to be e-mail (either with
>> malicious attachments or phishing links.) Anyway, that is my pitch
>> from my soap box.   You can take it or leave it.
> 
> All good advice.
> 
>>
>>
>> As the old machines wear out, the XP issue will solve itself.
> 
> I wouldn't bank on it, I have dealt with people like the OPs customer,
> and they will do anything to cut costs, including buying old computers.

Kicking an screaming!

> 
> Rowland
> 


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




More information about the samba mailing list