Martin, None of these changes are necessary if the Samba 3.0.x server is correctly configured. I have extensively documented Samba PDC configuration in my book "Samba-3 by Example". This book can be obtained from:
http://www.samba.org/samba/docs/Samba3-ByExample.pdf PS: This is part of the official Samba documentation. I would like to believe that it is up to date, given that I spent the past 5 months full-time updating all the official documentation. If there are problems with the documentation (and I am not say claiming that they are error or defect-free) please let me know so it can be fixed. - John T. On Tuesday 12 July 2005 08:31, Martin Petersen wrote: > Hi Nicola (again :), > > found what You were looking for: > > > Some information I found in the Unofficial Samba HowTo > (http://hr.uoregon.edu/davidrl/samba.html) on XP Pro clients. > > Extract from there follows: > > ############## EXTRACT ############## > > Windows XP Clients > > To force Windows XP Professional clients to accept Samba as a PDC, use > the built-in XP Group Policy editor (gpedit.msc) and locate the Computer > Configuration\Windows Settings\Security Settings\Local Policies\Security > Options branch. Make sure to disable the following policies: > > Domain Member: Digitally encrypt or sign secure channel data (always) > Domain Member: Digitally sign secure channel data (when possible) > > Alternately, you can make the following change to the registry: > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] > "requiresignorseal"=dword:00000000 > "signsecurechannel"=dword:00000000 > > To disable annoying Event Viewer notifications about "Automatic > ertificate enrollment for local system failed to contact the active > directory" every eight hours, locate the Computer Configuration\Windows > Settings\Security Settings\Public Key Policies branch and select "Do not > enroll certificates automatically" under Autoenrollment Settings. Note > that this policy won't be available until after the XP machine has > joined the domain. > > If you'd like to use Roaming Profiles with Windows XP clients that have > Service Pack 1 or later installed, use the built-in XP Group Policy > editor (gpedit.msc) and locate the Computer Configuration\Administrative > Templates\System\User Profiles branch. This is described in Microsoft's > Technet Q327462. Make sure to enable the following policy: > > Do not check for user ownership of Roaming Profile Folders > > Alternately, you can make the following change to the registry: > > [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] > "CompatibleRUPSecurity"=dword:00000001 > > Alternately as well, you can make the following addition to your > smb.conf file: > > [profile] > profile acls = yes > > Windows XP Home Edition does not support logging into a Primary Domain > Controller, so you'll have to use Windows XP Professional instead. > > ############## END EXTRACT ############## > > Ciao, > > Martin -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
