The policy you want to edit (type gpedit.msc in the Run... dialog) on the client machines are in:
Local Computer Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options
The ones to edit are:
Domain member: Digitally encrypt or sign secure channel data (always) Domain member: Digitally encrypt secure channel data (when possible) Domain member: Digitally sign secure channel data (when possible)
All of these should be disabled.
The howto you want to follow is:
http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection.html#SAMBA-PDC
And if you just trust it and cross your fingers it should work. Roaming Profiles are a bad idea though.
If you can swing it I'd try using real ACLs on the filesystem. EXT3 supports this now right? There's an option that controls whether Samba will use them. This may make WinXP happier.
Read up on file locking and how to make it work 'cause XP will ask for locks and bad things might happen if they aren't set up right.
RedHat 8.0's Samba package comes with registry files in /usr/share/doc/samba-2.2.7/docs/Registry The one you want for XP is /usr/share/doc/samba-2.2.7/docs/Registry/WinXP_SignOrSeal.reg
Honestly though the policy may overwrite this. That's one reason it's better to use the policy.
Michael Halcrow wrote:
We just recently set up Samba as a PDC in our research lab. Byron is the resident expert on this, and he helped us out. We had a tough time getting it working, and eventually one of the guys searched Google to find some obscure information on getting it set up right. There are some magic values to put in your smb.conf file, and there are a couple of registry entries in Windows that need to be edited by hand. But now it's working. You might want to search Google for the answers...
Mike
On Wed, 2003-03-12 at 19:09, David Smith wrote:
PDCs are tough to setup. But, Samba has come a long long way and it works very very well. I can't take credit for the setup in the CS department, but we've got 100+ Win2k clients and a WinXP client authenticating with thousands of users to a Samba PDC on RedHat7.3 (using LDAP) and it works wonderfully. The only problem we've had is roaming profiles, but we don't think it's a Samba problem. Let's face it: multi-user in Windows is an afterthought and a hack. Having to download the whole profile on login and re-upload the whole thing on log-out is just plain dumb. But, these sorts of design problems exist regardless of the backend.
So, in a nutshell: Samba works awesome with both Win2k and XP. There are not that many good HOWTOs out there, but you'll need one.
--Dave
<quote who="Arthur Moore">
Has anyone used Samba as a PDC for Windows2000 and WindowsXP professional? I've heard that it doesn'twork that great with Windows 2000, and only works with a big fat prayer with Windows XP. But that could have been older versions, and it's hard to keep up with Samba development. Anyone got any hints to getting it to work? Any experience like "Yeah it works great you just got to configure it correctly", or "Man I had the hardest time with that, I still curse it to this day!". I haven't really delved into it much, I just want to know if there is anything I need to watch out for.
____________________
BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________
List Info: http://phantom.byu.edu/cgi-bin/mailman/listinfo/uug-list
____________________
BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________
List Info: http://phantom.byu.edu/cgi-bin/mailman/listinfo/uug-list
