Topic: Domain Controller & Messenger

[Jan]

Hi all,

Here's what my setup looks like:
Server only behind a seperate hardware gateway/firewall
Server is domain controller and has roaming profiles enabled
Server is a SME 5.5

Here's what I did:
I did the 4 reghacks in my WinXPpro client using regedit
I logged into my XP client's administrator account and logged into the domain controlled by the SME using the admin account.
I then logged into XP using an account that is identical to the account on the SME and went and added this one to the domain.

So now I can log into SME's NT domain and that seemed to work untill I tried using MSN messenger. It just won't start. I ran the MSN passport wizzard succesfully .... still I can't login. When I log off and log in using local (non SME-NT) logon messenger works fine.... strange?

Any thoughts? I really would like to use MSN-messenger again I just don't know how to fix this.

Any help is more than welcome.

Regards,

Jan

[Jan]

Hi again,

I forgot to mention I also assigned administrator rights to all who log into the SME-domain. I did this using the howto from Greg Zartman (http://www.softwaredynamics.biz/support/howto/sambasecurityhowto/)

I did this because I wanted to be able to run and install all programs on my client machine without any restrictions.

regards,

Jan

[Greg Zartman]

I'm a bit confused on where you are at with this.  I'm assuming you have successfully joined the client machine in question to your SME domain.  If this is the case, log into to your client a standard user account, open a command prompt window, and issue the following:

c:\net user greg
User name                    Greg
Full Name                    
Comment                      Built-in account for administering the computer/domain
User's comment              
Country code                 000 (System Default)
Account active               Yes
Account expires              Never

Password last set            5/15/2001 1:40 PM
Password expires             Never
Password changeable          5/15/2001 1:40 PM
Password required            Yes
User may change password     Yes

Workstations allowed         All
Logon script                
User profile                
Home directory              
Last logon                   11/29/2001 9:05 PM

Logon hours allowed          All

Local Group Memberships      *Administrators      
Global Group memberships     *None                
The command completed successfully.
---------------------------------------------------------------------
(remember to replace greg with what ever username you are using)
Note that I'm(i.e., username greg) logged into my worstation under the local windows group Administrators.  As should be given my setup.

To verify that SME is setup correctly, open a terminal on your SME box and issue the following command:  

[root@server root]# testparm | grep domain

        allow trusted domains = Yes
        domain admin group = @domain_ad
        domain guest group =
        domain logons = Yes
        domain master = True
        winbind use default domain = No

Note that on my server, samba is using the group domain_ad as the domain administor group.   My SME user account greg is set to be a member of the SME group domain_ad.

Hope this helps.

Greg

[Jan]

Hi and thank you for your comments,

Using the dosprompt I get bassically an identical info list on the domain. So it does seem to be logged in and has administrator rights.

When I log into the SME box and enter the testparm | grep domain  I get not output at all. Am I doing something really stupid here?

Thank you in advance for any help given.

regards,

Jan

[Jan]

Yep I did do something stupid .... patience. OK enter command and then press enter again and I get a similar output except @domain_ad is called admin.


regards,

Jan

[Greg Zartman]

Jan,

If your client is telling you that you are a memeber of the administrators group, then you should be able to perform just about any task you'd like.   Maybe try reinstalling the app that was giving you problems while logged in on your domain account.

Greg

[John Gray]

Jan

What is the reghack you mention?

Thanks

John

[Jan]

Greg,

Have checked and I supposedly have admin rights but cannot reinstall. I will attempt a complete reinstall of XP because íts become somewhat of a mess. Just wondering if I'm in for a nasty surprise wuth e-smith not letting me rejoin the NT domain. Will do the install tomorow I think.



John,

The reghacks I found on the forum, not sure where exactly but here they are:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Parameters]
"requiresignorseal"=dword:00000000
"requirestrongkey"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Netlogon\Parameters]
"requiresignorseal"=dword:00000000
"requirestrongkey"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"requiresignorseal"=dword:00000000
"requirestrongkey"=dword:00000000

I seem to remember reading about these reg settings in a howto as well.


Will keep you posted,

Regards,

Jan

[Greg Zartman]

You won't have a problem re-joining the domain.    Follow the howto located here:
http://myezserver.com/downloads/mitel/howto/samba-howto.html

The reg hacks are also listed in this howto.

Greg