[Samba] XP auto enrollment error; TEMP profile
ToddAndMargo
ToddAndMargo at zoho.com
Sat Sep 30 01:27:29 UTC 2017
Dear list,
Help!
I just upgrade a samba server.
Server:
Fedora 26
samba-4.6.8-0.fc26.x86_64
Workstations (5 of them):
XP Pro SP3
The old server was set up as a Domain controller. I copied the
smb.conf over to the new server.
The XP workstations can see and mount everything.
On the workstations, I removed myself from the old domain and rebooted,
powered off the old server, reattached to the domain.
Problem: when I log into the domain, I get the following in my error log
and I get a stinking TEMP directory/profile.
Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 15
Date: 9/29/2017
Time: 4:33:10 PM
User: N/A
Computer: CURTIS-SCREW
Description:
Automatic certificate enrollment for local system failed to contact the
active directory (0x8007054b). The specified domain either does not
exist or could not be contacted.
Enrollment will not be performed.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Removing the temp profile for the registry and erasing the
TEMP director from Doc and Setting and rebooting does not help.
What am I doing wrong?
-T
my smb.conf:
[global]
workgroup = xxxxx
server string = Fedora Samba Server
volume = Fedora Core, %v
comment = Samba (NetBIOS) Server on FedoraServer.xxxx.com
netbios name = FedoraServer
dns forwarder = 192.168.255.12
allow dns updates = nonsecure
interfaces = eno1 127.0.0.1
hosts deny = ALL
hosts allow = 192.168.255. 127.0.0.
lanman auth = yes
ntlm auth = yes
printcap name = /etc/printcap
show add printer wizard = No
load printers = yes
printing = BSD
guest account = pcguest
log file = /var/log/samba/samba-log.%m
log level = 4 passdb:10 auth:10
follow symlinks = yes
wide links = no
locking = yes
strict locking = no
security = user
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passdb backend = smbpasswd
username map = /etc/samba/smbusers
os level = 64
domain logons = yes
domain master = yes
local master = yes
preferred master = yes
idmap config * : backend = tdb
idmap config * : range = 1000000-1999999
add user script = /usr/sbin/useradd -m -G users '%u'
delete user script = /usr/sbin/userdel -r '%u'
add group script = /usr/sbin/groupadd '%g'
delete group script = /usr/sbin/groupdel '%g'
add user to group script = /usr/sbin/usermod -A '%g' '%u'
add machine script = /usr/sbin/useradd -s /bin/false -d
/var/lib/nobody '%u'
logon script = scripts/logon.bat
logon path = /exports/netlogon
logon drive = X:
wins support = yes
name resolve order = host
dns proxy = yes
deadtime = 20160
force create mode = 0000
create mode = 0777
force directory mode = 0000
directory mode = 0777
map archive = yes
map system = yes
map hidden = yes
[profiles]
# https://www.ccs.uky.edu/docs/samba.htm
# create mode = 0600
# directory mode = 0700
create mode = 0777
directory mode = 0777
path = /exports/profiles/
profile acls = yes
read only = no
writable = yes
[public]
comment = Public on xxxxx FedoraServer -- Mount as F:
path = /exports/public
valid users = @users
write list = @users
force group = users
force user = public
locking = yes
oplocks = no
fake oplocks = no
level2 oplocks = no
strict locking = no
blocking locks = no
public = no
writable = yes
printable = no
browseable = yes
create mode = 0777
force directory mode = 0000
directory mode = 0777
map archive = yes
map system = yes
map hidden = yes
[homes]
comment = %u.%G' Home/Documents Directory -- Typically mount as G: (UH)
path=/home/%u/Documents
valid users = @users
write list = @users
read only = no
create mode = 0750
public = no
writable = yes
printable = no
browseable = no
create mode = 0777
force directory mode = 0000
directory mode = 0777
map archive = yes
map system = yes
map hidden = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
public = yes
guest ok = no
writeable = no
printable = yes
[netlogon]
comment = Network Logon Service (X:)
path = /exports/netlogon
public = no
writeable = no
# set browable to "no" if you don't want everyone to be able to
browse the scripts
browsable = yes
More information about the samba
mailing list