[Lias] XP Pro Clients on Samba PDC

Phil Scarratt lias at draxsen.com
Tue Nov 26 09:04:01 UTC 2002


Some information I found in the UNofficial Samba HowTo
(http://hr.uoregon.edu/davidrl/samba.html) on XP Pro clients.

Extract from there follows:

############## EXTRACT ##############

Windows XP Clients

To force Windows XP Professional clients to accept Samba as a PDC, use the
built-in XP Group Policy editor (gpedit.msc) and locate the Computer
Configuration\Windows Settings\Security Settings\Local Policies\Security Options
branch. Make sure to disable the following policies:

Domain Member: Digitally encrypt or sign secure channel data (always)
Domain Member: Digitally sign secure channel data (when possible)

Alternately, you can make the following change to the registry:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"requiresignorseal"=dword:00000000
"signsecurechannel"=dword:00000000

To disable annoying Event Viewer notifications about "Automatic certificate
enrollment for local system failed to contact the active directory" every eight
hours, locate the Computer Configuration\Windows Settings\Security
Settings\Public Key Policies branch and select "Do not enroll certificates
automatically" under Autoenrollment Settings. Note that this policy won't be
available until after the XP machine has joined the domain.

If you'd like to use Roaming Profiles with Windows XP clients that have Service
Pack 1 or later installed, use the built-in XP Group Policy editor (gpedit.msc)
and locate the Computer Configuration\Administrative Templates\System\User
Profiles branch. This is described in Microsoft's Technet Q327462. Make sure to
enable the following policy:

Do not check for user ownership of Roaming Profile Folders

Alternately, you can make the following change to the registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"CompatibleRUPSecurity"=dword:00000001

Alternately as well, you can make the following addition to your smb.conf file:

[profile]
   profile acls = yes

Windows XP Home Edition does not support logging into a Primary Domain
Controller, so you'll have to use Windows XP Professional instead.

############## END EXTRACT ##############

-- 
Phil Scarratt
IT Consultant
0403 531 271




More information about the lias mailing list