-------- Original Message -------- Subject: SUMMARY: [Samba] Samba as PDC with WinXP Clients -> headache!! Date: Thu, 05 Jun 2003 16:07:38 +0200 From: Daniel Zeiss <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] References: <[EMAIL PROTECTED]>
Hello All,
so lets summarize a bit the trouble which is out there with Samba and WinXP Pro using Samba as PDC. (Also something for the howto for John :-)
Trouble -------
* very unsatisfactory performace when clients log on
* trouble with "no domain controller" even because WinXP client didnt
really check
seems there are similar problems with NT4 servers :
http://groups.google.de/groups?hl=de&lr=&ie=UTF-8&oe=UTF-8&threadm=e%23bq23q7BHA.2080%40tkmsftngp05&rnum=9&prev=/groups%3Fq%3Dwin%2Bxp%2B%2Bnt4%26hl%3Dde%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3De%2523bq23q7BHA.2080%2540tkmsftngp05%26rnum%3D9
* simple folder redirection activates Windows Offline Files function (not always wanted)
* NEW! smbpasswd wont find a machine account in the LDAP database:
when not putting the machine account in /etc/passwd the command
smbpasswd -m -a machinename$ will fail, even with the same
entries in LDAP* WinXP clients which do just part of the netlogonscript and stop there
* samba log file which doesn tell much on why somethings fail
* many hours of "sort it once and for all" but no solution
Stuff to do on WinXP to use Samba (which I assume we all did): ------
* network encryption
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"requiresignorseal"=dword:00000000
"signsecurechannel"=dword:00000000
or
Group Policy editor (gpedit.msc)
Computer Configuration\Windows Settings\Security Settings\Local
Policies\Security Options
deactivate:
Domain Member: Digitally encrypt or sign secure channel data (always)
Domain Member: Digitally sign secure channel data (when possible)
* Network security: LAN Manager Authentication Level change to use "LM and NTLM"
*for roaming profiles:
run gpedit.msc
Select Computer Configuration > Administrative Templates >
System > User Profiles
* Do not check for user ownership of Roaming Profile Folders
- Enabled
or
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"CompatibleRUPSecurity"=dword:00000001
or
in smb.conf (RECOMMENDED!!)
[profile]
profile acls = yes
* delete local copies of roaming profiles Select Computer Configuration > Administrative Templates > System > User Profiles * Delete cache copies of roaming profiles
or HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Edit or add value DeleteRoamingCache as type REG_DWORD. Set it to 1.
* turn off slow link connection [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon] "SlowLinkDetectEnabled"=dword:00000000
* disable fast user switching it is done with the group policies. it should help windows to wait for the network to get online. sorry. cant find the link anymore.
* tell WinXP to use NTConfig.POL file from NETLOGON share http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q274478&; HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Update\NetworkPath value REG_SZ (UNC) path eg: \\Servername\Policies\Ntconfig.pol.
Solutions for "no domain controll" which worked somewhere ---------
* rejoining the domain (didnt work for me)
* reinstalling WinXP (not really an option)
Suggestions -----------
* GPL NTConfig.POL file which does the most important stuff (folder redirection etc)
* GPL gpedit.msc which is a proposal for everybody to use (applied manually at every workstation)
cool links: http://hr.uoregon.edu/davidrl/samba/ http://www.diariolinux.com/phorum/list.php?f=17
any more ideas?
bye Daniel
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
-- M.J. Beaton Miju Systems http://www.miju.com.au/ PO Box 176, Corinda Q 4075, Australia ABN 48 065 548 496
Email: [EMAIL PROTECTED] Phone: +61 0414 350 292 Fax: +61 7 3278 2343
Ryan Novosielski wrote:
Is there anything that one should be aware of when setting them up, other than the required sign or seal reg-hack?
---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - Jr. UNIX Systems Admin |$&| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630
On Wed, 11 Jun 2003, Ashley Burt wrote:
We have been running XP in a University environment for several months now and we have not had a single problem. We actually prefer XP over 2000.
--------------------------------------------------- Ashley F. Burt Network Administrator Veterinary Medicine Computer Group ---------------------------------------------------
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan Novosielski Sent: Wednesday, June 11, 2003 10:39 AM To: Samba Mailing List Subject: [Samba] WinXP support
I am ordering new workstations for my university, and my supervisor is requesting that the machines come with XP pre-installed. I am very tempted to recommend against this, as we make heavy use of Samba and I know from experience that trying to be current when using Samba is not a great idea.
Will I be at all sorry if I choose XP over 2000, or are they similar enough so that Samba support is very good for both?
Thanks for the input.
---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - Jr. UNIX Systems Admin |$&| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
-- Mal
http://mbeaton.id.au:5537/ :wq!
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
