Topic: creating windows domain

[captain]

how to setup domain for xp clients ...i keep getting error that the domain controller cannot  be contacted.....

any help will do...thANKS

[crazybob]

You must apply the reg file (/home/e-smith/files/server-resources/regedit/winxplogon.reg) on the client.

Bob

[captain]

hey thanks ..i did that based on post i saw was able to join but after restarting i was unable to log on...domain not available

[captain]

please advise how to configure domain ..both on sme and clients {xp} so that i do it right

[bpivk]

Well you have to set the *.reg file on your computers and have to set your workgroup in configuaration/workgroup

[captain]

Thanks for everyones help...hee the summary of the setting...

workgroup:
windows workgroup: CAC
Server name: cac1
WOrkgroup and domain controller: yes
roaming profiles: no

is this al that is neede to configure a windows Domain called CAC?
If not what else is required...any DNS settings?

Ok on the XP local machine I have done the following
1. run reg edit to set RequireSignorSeal equal to all zeroa
2. set my connection to "enable netbios over TCP/IP"
3. Set my wins server to the IP of the sme box...

Results
1. Sometimes I can joing the domain, after rebooting the xp maxhine I cannot locate the Domain Controller to log into the domain.

Questions:
1. What am iI doing wrong.
2. should it be so dificult to setup a windows PDC

Need help ASAP

[cool34000]

I never installed SME in domain controller, but I can say that there are no wins server on SME !

Maybe you should set DNS to SME's IP on your workstations
For 2000/2003 servers it's needed !

On your workstations, your domain should looks like cac.yourdomain.com and not cac "alone" - Again, I have not tested this mode so maybe I am thinking just like M$ taught me

I guess the best you can do is activate DHCP server on SME so that you don't need to worry for your workstations' configurations - Just set it to DHCP !


Hope this helped

[CharlieBrady]

I never installed SME in domain controller, but I can say that there are no wins server on SME !

You can say that, but it wouldn't be correct. SME does provide a WINS server.

[cool34000]

Oups, my mistake...

But I've done a

Code: [Select]

# rpm -qa | grep wins and it gave me nothing... Is it installed by default ?

[CharlieBrady]

Oups, my mistake...

But I've done a

Code: [Select]

# rpm -qa | grep wins and it gave me nothing... Is it installed by default ?

There is no package called wins. The WINS service is provided by samba.

[stephen noble]

>windows workgroup: CAC

your server settings are ok

>Ok on the XP local machine I have done the following
>1. run reg edit to set RequireSignorSeal equal to all zeroa
>2. set my connection to "enable netbios over TCP/IP"
>3. Set my wins server to the IP of the sme box...

I don't do any of the above

1.  enable DHCP, check no network drives are attached, reboot
2.  control panel > system >
    join domain  'CAC'
    enter 'admin' + 'adminPassword'

[crazybob]

Doesn't winxplogon.reg have to be applied to the XP workstation ?

Bob

[stephen noble]

> Doesn't winxplogon.reg have to be applied to the XP workstation ?

maybe, but what is it supposed to do,
I can use domain logins without it

What i can't do is
- change the sme password from XP
- be a domain admin without adding a seperate user [stephen/domain] to the workstation

this may be normal, the docs aren't very clear

[crazybob]

I think it had/has something to do with samba used as a in a domain controller configuration. I don't know if it is needed any more. I know you had to use it with SME6.01

Bob

[mercyh]

snoble,

- be a domain admin without adding a seperate user [stephen/domain] to the workstation

From an slords post located here http://forums.contribs.org/index.php?topic=31009.0

If you are using SME Server as a domain controller and the workstations have joined the domain then the following is possible.

The domain always has three groups created, "Domain Admins", "Domain Users", "Domain Guests". These are usually assigned to as follows:

Domain Admins => admin
Domain Users => shared (everyone)
Domain Guests => nobody

However if you create a group and name it whatever you want but put one of the above for the description then the newly created group will replace the above mapping.

So if you create a group called "admins" and give it a description of "Domain Admins" then anyone you assign to this group will be a domain admin and also a local admin on ANY box that has joined the domain.

[stephen noble]

> Domain Admins => admin
yes, this does work now
after rejoining the domain ..., but why should i need to rejoin

this may be the same as the above question ie.

>Results
>1. Sometimes I can joing the domain, after rebooting the xp maxhine I cannot locate the >Domain Controller to log into the domain.

related bugs

http://bugs.contribs.org/show_bug.cgi?id=1836
After upgrade, some machines can no longer join domain

http://bugs.contribs.org/show_bug.cgi?id=2141
SME acting as PDC won't accept authentication from networked pcs

[stephen noble]

The following implies to me the regedit is no longer needed, sme7 uses samba3

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch10_:_Windows,_Linux,_and_Samba

Note: With Samba version 2 you may also have to make a few changes to your system's registry using the regedit command and reboot before continuing.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"requiresignorseal"=dword:00000000
"signsecurechannel"=dword:00000000

[andy_wismer]

Hello

A few background infos on the Registry thingy for XP.

Windows XP with no SP or SP1 can easily log on to a SME Windows Domain.

After SP2, the Sign&Seal Packet Signing feature is a requirement for Windows XP. Server 2003 also needs it, if used as a "Member Server" on a SME Windows Domain. XP or Server 2003 can join the Domain, but after the required reboot can still only log on locally.

SME does provide WINS Service, but only if SME is Domain Master. That's done in the templates for Samba.conf...

The "Netlogon" share is created by SME when set as Domain Controller. However, SME sets it to be invisible. Microsoft, on the other hand, has had visible Netlogon directories visible since before Windows NT 3.51 and up to Windows 2000 Server, that was the standard. This can be enabled easily in SME, by creating (or coping the original) a template for Netlogon, and setting "browsable = yes".

Logon scripts belong there, and if NT or Win9x clients are used, you can actually also put in policy files in there too. A good idea is putting a copy of the registry file there too, for easy access after adding a PC to the domain. The admin can also easily edit logon scripts as by default he has access to this share.

The newer "Group Policys" will not work unless using Nitrobits commercial Group-Policy product.

But not everything M$ does should be followed. UNIX still doesn't have the "Run Virus.exe as administrator" bit set by default...

Wishing all a smooth 2007 with SME71!!!