Topic: M$ 2003 Server as member server in an SME v6.01-01 Domain

[colwyn]

I posted this in the general forum, probably needed to go in this forum....

Having an issue adding a Win 2003 Server to my SME server V6.01-01 Domain.

During the Win 03 install everything works great and I am able to join the Win server to the domain with no error.

When I try to log on to the Win 03 server with a account that is in the domain, but not a local account to the NT server I get an error saying that the domain is not availiable.

I am able to login to the domain with all my other computers so it is not an SME domain issue.

If I create local accounts on the Win 03 server that are the same username and password as those on the SME domain I am able to connect to shares from the SME server, but I cannot connect to any shares on the 2003 server from any workstation no matter if the account is a domain account or an admin account.

I get an error saying there is no domain trust relationship even thought the windows server is just a member server in the SME domain.

It does not appear to be a WINS problem because I can resolve netbios names. It use to work with a Win 2k server set up the same way but not with a win 03 server.

Thanks for any ideas !!!

P.S I tried the reg update for XP, does not work on server...

Colwyn

[Franco]

I don't have a MS2003 to test, so I'll just pass what I have read somewhere and hope this helps.
When you go into the LAN Properties of a Win2003, there's a checkmark that states to use IEEE standards, uncheck it and reboot the machine. See if you can logon.

[colwyn]

Thanks for the response stuntshell, I tried that but it did not help.

I did find the solution to my problem thought, it turns out that Win 2k3 server by default expects a secure channel be set up between the domain controller and the member server. If the DC cannot support a secure channel the session will fail. Win2k will automatically try an unsecure channel if it cannot establish the secure one. This is because Win2k was designed to work with NT 4.0 domains.

To fix this you have to go into the \HKLM\System\Currentcontrolset\Services\Netlogon\Parameters
and set the Requiresignorseal entry to 0 .

Everything works great now..thanks to everyone that answered my post.

Colwyn

[Franco]

Great,
I've seen the signorseal Registry around somewhere.
Always good to know for future reference.

Regards,

[ryan]

colwyn,

Assuming you have a full backup of 2003, treat it as a XP box.  Run the registry insert located on your SME server and modify the domain security settings as described by several postings to add 2k/XP to SME domain.  

If stock SME, (samba < 3), beaware that ALL SME users are added to the administrators group on the Windows box.  I suggest removing the linux users group and adding root, admin, and any other accounts you want to have full admin privs....

ryan