Topic: XPPro clients and SME5+ Domains ??

[JerryKarn]

First, I regret that I haven't had the time to answer this question on my own.

It seems there isn't a "definitive" Howto regarding the setup of XP (Pro) clients with SME5+ servers.

I continue to have problems getting domain connections to occur.  The problem always shows up when "Joining the machine to the domain" and asking for domain admin/pwd.  
           -If I enter root/rootpwd/domainname, I get "unknown username pwd".
           -If I enter admin/rootpwd/domainname, I get "The Procedure Name is out of range"

I've seen a hodgepodge of advice, ranging from Registry changes:
    ....did that,  doesn't help.

To Samba Upgrades (for E-Smith 4.x).  
    ...does the Samba on SME5+ need upgrading?

Also, I know that XPHome doesn't work.  I'm talking about XPPro.

If any of you have dealt with XP Clients and SME5+ successfully, I would be very grateful for any hints/tips you can offer.

And, with XP Clients becoming more and more common, I think the need for a through Howto is becoming greater.  I'd write it myself if I had the time

Many Thanks, as always, for any advice anyone can offer.

[Dr PieXII]

try this on your XP client (it's necessary to do it to successfully join a Samba Domain) only if the same login/password/domain works on a W2K client machine.

edit a .reg file with only this content, and apply it before a reboot.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Parameters]
"requiresignorseal"=dword:00000000
"requirestrongkey"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Netlogon\Parameters]
"requiresignorseal"=dword:00000000
"requirestrongkey"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"requiresignorseal"=dword:00000000
"requirestrongkey"=dword:00000000

[ryan]

Jerry,  

I have set up several XP pro boxes on an SME 5.1.2 samba domain controller.  If your 5.5 server is running samba 2.2.5, it should behave the same as a 5.1.2 server running samba 2.2.5 (I think).  I have found that not doing the fix Dr. Pie posted will not prevent your XP machine from joining the domain, but it will prevent domain logins.  

Anyway, I have found that adding a root samba user with the same password as your linux root account allows things to work better.  

Add root user:

At root command line type:  smbpasswd -a root
  Enter your root password twice.

To make sure account is enabled:  smbpasswd -e root

On your XP boxes, first do the registry fix as local administrator.  

NOTE1: You must first join your XP box to a workgroup with the same name as your domain.  Also set your desired computername.  After the reboot, attempt to join your domain.  Use username:  root     Password:  (roots password)

NOTE2:  After joining the domain and rebooting, log in with the local administrator account to fix your group membership.  Be aware that a new group 'unix users' will be in your administrator and user groups on the XP box.  You might not want domain users to have admin privs on your XP box, so consider deleting 'unix users' from the administrators group.  When I do this, I always add the domain\root user to the administrators group so you can remotely administrate this machine on the network....(logged in as root, or using root credentials).  When prompted to add domain\root account, use same username & password for joining the domain.


Hope this helps.

I am not aware of any problems creating a root smb user.  The documentation I have suggests using the admin account to join the domain.  You might consider researching this if the environment your setting up is a critical/sensitive one.

Ryan

[Andrej]

I thing you missed sometjing in How-To. I made this mistake a couple off years ago (Win NT client and NT server).

FOLLOW THIS:

1. Check if your client is in a same WORKGROUP (name) as you new domain is !
2. If Q1 is YES then change it to something else (like adding _ELSE at the end)
3. REBOOT that this settings take effect
4. NOW join your new client to DOMAIN (PDC is SME) using Username:root with suitable password !!!

Thats all !!!

Cheers,

Andrej

P.S.
5 min job can take day or two. So leave it after 30 min and do it next day

[Jerry Karn]

Many Thanks for all your advice.  I'll try it out next week when I'm back in the office.  I really appreciate it.

Sheesh.  Has anyone at Mitel ever HEARD of XP or W2K Pro?

You'd think the product would ship with either a proper hack built in or detailed instructions on making it work.....

....Whatever.

[Bill Talcott]

Jerry Karn wrote:
>
> Sheesh.  Has anyone at Mitel ever HEARD of XP or W2K Pro?
>
> You'd think the product would ship with either a proper hack
> built in or detailed instructions on making it work.....

We have an NT4 PDC, so we're not using the SME for that. But from other stuff I've read, and the responses posted here, it seems the only thing you need to do differently is the registry change for XP. This is because XP defaults to allowing only "secured" networks, which Samba must not support or something. Other than that, it sounds like the standard joining-a-PC-to-a-domain procedure. Am I missing something?

[Bill Talcott]

P.S. The registry file is now included on the SME even. http://forums.contribs.org/index.php?topic=16317.msg63072#msg63072

[Andrej]

I think that some of you must read this: http://myezserver.com/downloads/mitel/howto/samba-howto.html

Cheers,

Andrej

[Bruce]

I went through the steps you outlined in your message.  I was able to join the domain with the xp pro machine.  But when I log on with the administrator account for the xp pro machine I do not see the unix user group you mentioned.

Even if I logon with the SME admin account I can't see that account in user/group management.  Everything seems to be working ok.  If I logon with any network user accounts on the domain, it requires me to enter the correct passwd for that user, but it doesn't bring in the roaming profile.  I also can't see the user to change from local to roaming.

Thanks for the help.

[ryan]

Bruce,

Every win2k and XP pro box I have added to a SME samba domain puts the 'unix group' (global) into the local administrators group and local users group giving any domain user full admin rights on the local computer.  

I have used the roaming profile option which is set under the domain/workgroup link in server manager.  All users are either roaming or not (I think).  When you say you can't see the user to change the profile I am guessing you mean on the local XP machine.  If so, this is because the user account is on the SME domain controller, not the local machine.  The user is allowed to log on through the "unix users" SME group.


ryan