Topic: More XP domain issues

[Andrew Hodgson]

Hi,

Everything else now is working on the me box: email, mail2news gateways, and mailing lists.

However, I just _cannot_ get the domain controler to work, in XP pro, I am using the domain joining wizzard, in the username field I enter admin, in the password field I enter the admin password, and in domain I have entered hodgsonfamily.org, brookfield.hodgsonfamily.org, and the current workgroup which is hodgson.  I should point out that before this I changed the workgroup in XP to "workgroup" as suggested in a private email to me on this topic, but still it tells me that the controler cannot be found, and looking at the details view, it looks as though it is trying to get a load of srv records from the dns.  I also applied the XP patch and rebooted to see if this works, but still no go.  I have roming profiles set to no, but pdc set to yes, should this matter?

Thanks,
Andrew.

[Tony Howden]

Hi

If I understand your problem there is a registry hack on the XP desktop to connect to an SME/Samba domain controller

edit or create

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Parameters

value 'requiresignorseal' data = 0

and

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Parameters

value 'requirestrongkey' data = 0

Do this in each of ControlSet001, ControlSet002 and CurrentControlSet

i.e. 6 different reg keys all set to 0

From memory I had to create one of the value keys but not the other.

This changes the method of communicating between the newer XP desktop and the older Samba controller.

Hope this helps.

cheers
Tony

[Rick]

This section of the manual may help point you in the right direction, you don't mention which version you are using but I used this as a guide with 5.6 and XP pro and it worked first go. I had tried before this and had no luck getting it to work as I wasn't sure what settings went where etc, but after reading your post thought I would give it another go, and then realised i should have looked in the manual in the first place.

This is copied straight out of the manual (the admin guide) that comes with 5.6, hope it is of some help.




On the 6000 MAS panel shown in the preceding section, you can specify whether the server should be the domain
master for your Windows workgroup. Most sites should choose "Yes" unless you are adding a server to an existing
network which already has a domain master.
Note
Once you join the domain, you do not need to create local accounts on each Windows NT/2000 box. When
you first log in after joining the domain you will need to manually select the Domain of the 6000 MAS
rather than the default (which is to log in locally on the NT machine). You can also join when you install
the client's system.
If you do configure your system to be the domain master, a special Windows share called NETLOGON is created with
a DOS batch file called netlogon.bat. This batch file is executed by Windows clients that have been configured
to "Logon to domain". The netlogon.bat file we provide by default does very little, but advanced users can, if they
wish, modify this script to set environment variables for their clients or provide automatic drive mappings.
As the NETLOGON share is only writable by the "admin" user, you modify the netlogon.bat script by logging on to
a Windows system as "admin", connecting to the share and then modifying the script using a Windows text editor.
Be aware that the NETLOGON share will not be visible in Network Neighborhood or other similar tools. As the
"admin" user, you will need to connect to the share or map a drive to it, by using the specific path:
\servername\NETLOGON\
The sample file contains a few examples of setting the system time for each machine and also for mapping a common
drive for all Windows client.
The sections below define the steps that must be executed on various Windows versions to join domains.
3.3.1.1. Windows 9x
To join a Windows 9x machine to the domain, follow these steps:
14
1. Navigate to the Network section of the Control Panel (Start->Settings->Control Panel->Network).
2. Select the Configuration tab.
3. Highlight "Client for Microsoft Networks", and then click "Properties".
4. Check "Log onto Windows NT Domain", and enter the domain name in the text field.
5. Click all the "OK" buttons and reboot.
3.3.1.2. Windows NT 4
To join a Windows NT 4 machine to the domain, follow these steps:
1. Navigate to the Network section of the Control Panel (Start->Settings->Control Panel->Network).
2. Select the Identification tab.
3. Click "Change" and then enter the computer name and the domain name. Click "Create a Computer Account in
this Domain", enter "admin" as the user name and then enter its password.
4. Click "OK".
5. After a short pause (0-10 seconds), you should be greeted by a "Welcome to DOMAIN" message and asked to
reboot.
6. Log in on a domain account.
3.3.1.3. Windows 2000
To join a Windows 2000 machine to the domain, follow these steps:
1. Navigate to the Network section of the Control Panel (Start->Settings->Control Panel->Network and Dial-up
Connections).
2. Click "Network Identification".
3. Click "Properties", enter your computer name and domain name, and then click "OK".
4. You will be prompted for a user account with rights to join a machine to the domain. Use "admin" as the user
name, and enter the password.
5. After a short pause (10-30 seconds), you should be greeted by a "Welcome to DOMAIN" message and asked to
reboot.
6. Log in on a domain account.
3.3.1.4. Windows XP Professional Edition
To join a Windows XP machine to the domain, follow these steps:
1. Navigate to the Network section of the Control Panel (Start->Settings->Control Panel).
Chapter 3. Configuration
15
2. Click "Network and Internet Connections".
3. Click "Network Connections".
4. Select "Advanced" -> "Network Identification".
5. On the Computer Name tab, click "Change".
6. Select "Domain" and then enter your domain name.
7. Enter "admin" and the password

[Nathaniel Brown]

Basically the problem is that XP Pro REQUIRES encryption! This doesn't work ith NT or Samba

Here's how you disable it:

Control Pannel -> Performance and Maintiance -> Administration Tools -> Local securty Policy::Local Policies -> Security Options

Set "Domain member: Digitally encrypt or sign secure channel data (always)" to Disable (right click and select properties)

Done.