Topic: Domain-controller

[Messias89]

Hi my name is Martin and i really need some help here. I'm kinda not really good at sme, or any other Linux for that mather. I have a small LAN, that i am currently controlling with a sme-server. The automatic functions, such as dhcp and stuff works perfect, so do the installed programs, ex hlds. My problem is that I don't have any controll over the network nor the internet, so i decided to make it a domain-controller (correct me if it's not called that, it's when you connect to a domain when you log into windows). My problem here is that I can't connect, even thou i have changed the settings to yes in both the questions on the workgroup. It goes fine when it wants to connect to the domain, but won't accept the username/password i have created. I have created the user in the "users-link" in the top of the menu and activated it. Every time I write the username and password it tells me this:

The following error occurred attempting to join the domain "testdomain":
The specified domain either does not exist or could not be contacted.

I have tryed remaking my account for not accidentally making a spelling misstake, but after several remakes of my account, I made the conclusion that some thingels was wrong. Where's the error I'm making?

[cactus]

What version of windows are you using?

Try joining with the admin account, normal users have no rights to join the domain.

[Messias89]

It worked as admin when i connected with my viritualbox that had windows xp, but my original windows (windows 7) can still not connect. How do i create users that can connect to the domain then?

[cactus]

It worked as admin when i connected with my viritualbox that had windows xp, but my original windows (windows 7) can still not connect. How do i create users that can connect to the domain then?

Windows 7 is still beta and might there fore not work. There are some posts in the forums on it and perhaps in the bugtracker.

To create a group of admins please read this: http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter9#Setting_admin_rights

[Messias89]

That helpes wonders =)

Thanks for that fast and easy-to-follow instructions.

[erroneus]

Windows 7 is no longer beta and I have installed it on an old machine and it's working "ok I guess." 

I am able to browse the network including samba shares on the SME server.  But I am unable to get it to join the domain at this time.  Any suggestions?

Just found this:

http://forums.contribs.org/index.php/topic,43266.msg213533.html#msg213533

I made the changes listed.  Results pending.

No reboot of Windows 7 needed.  Made changes and then joined domain!

Uh oh... After rebooting and attempting to log in using an account from the SME server and it tells me there is an error with the trust relationship.  Suggestions?

[cactus]

Windows 7 is no longer beta and I have installed it on an old machine and it's working

I think you are informed incorrectly as after the beta no new releases have been released and AFAIK the official release is scheduled for October 22nd, see also: http://www.microsoft.com/presspass/features/2009/Jun09/06-02SteveGuggenheimer.mspx

[erroneus]

Windows 7 is "RTM" (release to manufacturing) now and is being distributed to Microsoft partners.  I have a relative who is a partner and shared his license key with me.  The only changes anyone will see in Windows 7 from this point forward is in online updates.  No updates to distribution media are expected.

[MSmith]

If I'm not mistaken, Windows 7 *requires* Active Directory and cannot join an old-style domain; Active Directory is not supported in SME 7.  You didn't write which version you're using so I *assume* it's not SME 8 Beta.

[erroneus]

The problem would be resolved with Samba 3.3.x and some registry hacks I have learned.  So it's hack in my own Samba upgrade... not something I want to do at all.  Actually, SME8 uses Samba 3.0.33 which is the same version as in SME7.4 with latest updates so that question is nearly irrelevant.

It is my understanding that Samba package updates are coming down from CentOS which in turn comes down from RedHat.  RedHat hasn't done this yet and so we don't have it yet.  That said, I have found this:

http://enterprisesamba.org/index.php?id=64

It seems these packages might work but may also break all sorts of other things in SME7.4 or even SME8bx.  (My god!  How long has SME8 been in beta?!)

[Stefano]

Uh oh... After rebooting and attempting to log in using an account from the SME server and it tells me there is an error with the trust relationship.  Suggestions?

from: http://ggts.net/2009/05/17/joining-a-windows-7-system-to-a-samba-domain/

# The following key needs to be changed or you will receive an error when trying to login using a domain accout of “The trust relationship between this workstation and the primary domain failed.”

HKLM\SYSTEM\CurrentControlSet\services\Netlogon\Parameters
RequireStrongKey = 0

did you try?

Stefano

[erroneus]

Yes indeedy!  The other requisite is that Samba 3.3.x be used.  SME uses 3.0.33 in both SME8beta and SME7.4.

[Stefano]

Yes indeedy!  The other requisite is that Samba 3.3.x be used.  SME uses 3.0.33 in both SME8beta and SME7.4.

ok.. another reason to stay with windows XP or move to other O.S.

Stefano

[erroneus]

After some consideration, I sincerely hope that a 3.3.x version of Samba finds its way into yum repositories.  The ability to keep up with the latest Windows workstations is an important feature of Samba and especially of SME server.  It is forgiveable that registry entries are required to make it work to a certain point.  But not being able to work at all?  Well, that would shake the faith of a lot of people who don't understand the reasons why.  End users and quite often "higher ups" will only see stuff that doesn't work or isn't compatible.

[steever]

or move to other O.S.

Is there another OS that connects up to SME in the way that Windows XP does?  What I'd like to see is a SME Desktop (a linux distro especially designed to hook up to an SME Server).  Until then advice to "move to another OS" is counter-productive.

Steve

Edit ... and seeing as though Windows XP is 2002 technology, it would be great if SME Server supported a more modern version of Windows.  Since XP there's already been two more versions of Windows. 

[Stefano]

and seeing as though Windows XP is 2002 technology, it would be great if SME Server supported a more modern version of Windows.  Since XP there's already been two more versions of Windows. 

what's wrong with vista and SME? AFAIK it works

btw, ATM XP is reliable and is a fact that M$ took the decision to keep it live for a longer time than expected.. many big (HP, IBM etc) keep giving you the possibility of downgrading from vista to XP.. we don't need to move to windows 7..

another fact is that anytime M$ make a new OS, it breaks something, so it's not a SME/linux issue.

all, naturally, IMVHO
Stefano

[MSmith]

Yes, it would be great if SME 8 were out of beta and had incorporated CentOS changes that allowed full Active Directory participation ... but it isn't, and it hasn't.  Have *all* of you who say "It'd be great if SME did X, Y and Z that I want" *donated* to the project, or filed an actual bug report in Bugzilla, or done extensive testing of SME 8 Beta?  (Personally, I have done the first two, but to my shame, not the latter.)

[Stefano]

Yes, it would be great if SME 8 were out of beta and had incorporated CentOS changes that allowed full Active Directory participation ... but it isn't, and it hasn't.  Have *all* of you who say "It'd be great if SME did X, Y and Z that I want" *donated* to the project, or filed an actual bug report in Bugzilla, or done extensive testing of SME 8 Beta?  (Personally, I have done the first two, but to my shame, not the latter.)

forgive me, but I don't understand who you are answering to

Stefano

[MSmith]

I directed that post to everyone who's posted on the forums lately about how it'd be great if SME did this, and it'd be great if SME did that, and it should be easy to implement this or that feature.  Everything's easy if you're not the one who has to do it!  I don't have the programming skills to improve SME and my one and only HOWTO is now 5 years in the past.  SME will get the features it gets when the (few and busy) developers manage to set aside the time to make it happen.

My personal wish is for a server manager panel in SME 8 final to control shadow copy creation.  How much would a fair bounty be, I wonder?  $100?  $500?  Somewhere in between?

[Stefano]

I directed that post to everyone who's posted on the forums lately about how it'd be great if SME did this, and it'd be great if SME did that, and it should be easy to implement this or that feature.  Everything's easy if you're not the one who has to do it!  I don't have the programming skills to improve SME and my one and only HOWTO is now 5 years in the past.  SME will get the features it gets when the (few and busy) developers manage to set aside the time to make it happen.

ok.. that's clear and I totally agree with you

My personal wish is for a server manager panel in SME 8 final to control shadow copy creation.  How much would a fair bounty be, I wonder?  $100?  $500?  Somewhere in between?

you should subscribe the dev's ML and ask there.. you should also create a NFR in bugzilla

Ciao
Stefano

[erroneus]

Is there another OS that connects up to SME in the way that Windows XP does?  What I'd like to see is a SME Desktop (a linux distro especially designed to hook up to an SME Server).  Until then advice to "move to another OS" is counter-productive.

Steve

Edit ... and seeing as though Windows XP is 2002 technology, it would be great if SME Server supported a more modern version of Windows.  Since XP there's already been two more versions of Windows.

Agreed.  For the same reasons that SME would be less usable if it only worked with Windows 3.11 for workgroups, it is less usable when limited to Windows XP.

And left be frank.  Vista is barely getting any use in the enterprise.  Windows 7, on the other hand is noticably better than Vista and only a little slower than Windows XP on the same hardware.  And since Samba 3.3.x will work with Windows 7, there should be some development and testing to adapt and adopt Samba 3.3.x or 3.4.x prior to RedHat>CentOS doing so.  There is good incentive to do so.

Non-technical users and management will see SME as "broken" if it doesn't work with the stuff they want it to work with even if the truth is quite a bit more complicated.

[Stefano]

And since Samba 3.3.x will work with Windows 7, there should be some development and testing to adapt and adopt Samba 3.3.x or 3.4.x prior to RedHat>CentOS doing so.  There is good incentive to do so.

well.. a good incentive, IMHO, is a BIG money amount to the developers or, if you prefer, your time to test the migration to samba 3.3/3.4.. naturally you should then mantain all the samba packages for SME because many, many (thousands) users would rely on them..

SME will never compile/rebuild any package because:
- there are no human resources to do
- it's designed with stability in mind, exactly as CentOS/RH.. RH will never be a bleeding edge distro

you/we just have to wait that upstream source gives us the right rpms

so, I repeat, if you wish samba 3.3/3.4 on your server to use windows 7
- do it yourself and share the results
- or pay someone to do it for you
- or change Server/Client OS

windows XP is pretty stable now, about 8 years from its release.. what make you think that windows 7 will be stable since its release?

another question: do you use SME in a enterprise or just at home? in the first case, do you really think to move in a short time your client pc to windows 7? for what? what's the pro?

finally, as broken compatibility is for sure a windows 7 issue and not a samba one, I suggest you to write to M$ to ask the reason why it doesn't work.. does windows 7 join a windows 2k domain? maybe not, I don't know, but I wouldn't be surprised if you need at least windows 2003 server to use windows 7

Stefano

[MSmith]

windows XP is pretty stable now, about 8 years from its release.. what make you think that windows 7 will be stable since its release?

another question: do you use SME in a enterprise or just at home? in the first case, do you really think to move in a short time your client pc to windows 7? for what? what's the pro?
Stefano

THREAD DRIFT ALERT!  Oh well, let's roll with it.  As much as we've all grown accustomed to XP, its crummy security and thus vulnerability to many, many varieties of malware signal that it's time for it to be retired.  Yes, Vista and 7 will have their own problems, but the vast majority of botnets are composed of XP machines and I, for one, won't be sorry to see the last of Windows XP.

[Stefano]

THREAD DRIFT ALERT!  Oh well, let's roll with it.  As much as we've all grown accustomed to XP, its crummy security and thus vulnerability to many, many varieties of malware signal that it's time for it to be retired.  Yes, Vista and 7 will have their own problems, but the vast majority of botnets are composed of XP machines and I, for one, won't be sorry to see the last of Windows XP.

the solution is pretty simple:
- use user privileges, not administrator ones
- change default browser to mozilla
- when/where possible, change email client to thunderbird
- when/where possible, use web/mail proxy
- monitor users' activities and teach them what they can do and what they can't do
- check machines' logs (with a service like ntsyslog logging to SME)


in the last 5 years I haven't seen a single virus/malware infection in my customers' lans

anyway, this 3ad is OT.. I will ask it to be moved to General Discussions

Stefano

[chris burnat]

Moving to General discussion where it is more appropriate.

[MSmith]

- monitor users' activities and teach them what they can do and what they can't do
Stefano

Must ... contain ... laughter ...

Yes, my customers on company LANs have very few malware problems as they are monitored and locked down -- except the managers and executives, of course, who do as they please.  And it's much more difficult to get home users to stay out of trouble, at least until they've paid once or twice to have nastiness removed from their machines.