Topic: smeserver as domain controller

[Daniel]

Just having problems joining the domain with windows xp pro machines after making our sme server a domain controller.
situation:
1. rightclick on "My Computer" & selected "properties"
2. clicked "Computer Name" tab and hit "change"
3. selected domain and then typed the domain name that I had specified in sme
4. after reading sme manual I selected "admin" as the user and used correct password
5. success, the user admin has joined the domain and machine re-boots.
6. PROBLEM, I cannot log on to the domain with any of the user accounts that I have specified in the smeserver and it seems that I can olny join the domain as user "admin". The manual talks about NT4/W2K users:
***********
Select the box "Create a Computer Account in the Domain". When prompted, enter "admin" and the administrative system password.
***********

There is no such box in Windows XP PRO.
Anu suggestions, what am I doing wrong?

[Andrew Hodgson]

Hi,

1.  Log on locally as administrator, go into control panel, user accounts.
2.  Now add the users that you want to be able to connect to the relevant computer through the add button (when asked for the domain enter your domain) - this will then show up in the user list as

domain\user

After you do this you can then log into the relevant domain as the specific granted user.

I have no idea whether enabling roming profiles would fix this.

Hope this helps,
Andrew.

[Daniel]

Thanks Andrew,

After doing this I get the following message:

The user could not be added because the following error has occurred
The trust relationship between this workstation and the primary domain has failed.


Tricky, huh,

[Daniel]

After looking at the release notes on ver 5.6 of sme server I noticed this:

***********

Windows file sharing support:
The Windows (SMB/CIFS) file sharing support has been upgraded to Samba version 2.2.5 which provides improved support for printing from Windows XP clients and for running Microsoft Access executables directly from a server share.
Windows networking opportunistic file locks have been enabled which provide improved read and write performance.
Windows XP requires an interoperability patch if domain logins are used. This patch is made available via the web server, via the URL http://servername/server-resources/.

**********

This may be my problem, I have not been able to browse to this folder, it does not exist on my server, Google shows me nothing about a patch either.
Anybody had any luck with WINXP ????Daniel wrote:
>
> Just having problems joining the domain with windows xp pro
> machines after making our sme server a domain controller.
> situation:
> 1. rightclick on "My Computer" & selected "properties"
> 2. clicked "Computer Name" tab and hit "change"
> 3. selected domain and then typed the domain name that I had
> specified in sme
> 4. after reading sme manual I selected "admin" as the user
> and used correct password
> 5. success, the user admin has joined the domain and machine
> re-boots.
> 6. PROBLEM, I cannot log on to the domain with any of the
> user accounts that I have specified in the smeserver and it
> seems that I can olny join the domain as user "admin". The
> manual talks about NT4/W2K users:
> ***********
> Select the box "Create a Computer Account in the Domain".
> When prompted, enter "admin" and the administrative system
> password.
> ***********
>
> There is no such box in Windows XP PRO.
> Anu suggestions, what am I doing wrong?

[Andrew Hodgson]

Hi,

That patch does need applying - you cannot unfortunately get it by the means specified in the release notes.  I obtained a copy using psftp and found the file there, and it is also backed up as part of the desktop backup, so if you have Winzip or somesuch you can unpack the winxp.reg file from the archive and run it to apply the patch.

Andrew.

[Bob Todd]

this sounds like the problem I had some months back with SME 5.5 and XP Pro. The solution was to make a couple of changes to the registry. I assume the utility you are looking for does pretty much the same job.

http://e-smith.org/bboard/read.php?v=t&f=1&i=24978&t=24959

Try that see how you get on.

[Bill Talcott]

Yes, this is the same registry change that has been needed for several versions. By default, XP will only accept "signed" connections, which Samba doesn't support. So you have to tell XP not to require signed connections. Win2k by default does not require signed connections, so it works without any changes.

I believe someone posted that there is a checkbox option somewhere to disable the signed connection requirement, but I don't remember the specifics. Either way it does the same thing, but the checkbox might be a bit easier if you're not familiar with the registry.

[Daniel]

Thanks everyone for all the help, I used the registry hack to get the XP PRO machine to join the domain.
I think these guys should update the manual to reflect XP and its problems with samba.
Our SME Server is now a very valuable member of our IT infrastructure. I just have to find a buyer for our over-exspensive 2000 server software!

[Ray Mitchell]

See the post below, and remember to expand the template
Altrenatively you can just copy these files from the server-resources folder to a users home folder, and then access them via Windows Explorer.
cp /home/e-smith/files/server-resources/regedit/* /home/e-smith/files/users/username/home

There is also this howto which exlains the process of connecting to a domain quite nicely. It refers to Win2k but I believe the process is identical for WinXP. Remember to disconnect all shares first.

http://mirror.contribs.org/smeserver/contribs/dmay/mitel/howto/samba-howto.html

Regards
Ray Mitchell


http://forums.contribs.org/index.php?topic=16317.msg63084#msg63084

 Re: http://servername/server-resources/
Author: Jon Blakely (jblakely_AT_khunjarnet.com)
Date:   01-27-03 07:03

I have sent the following bug report to bugs@e-smith.com

Fault: Accessing http://servername/server-resources/ results in a 403 browser error with the following error

message in httpd error logs
[Mon Jan 27 23:31:55 2003] [error] [client 192.168.2.65] Directory index forbidden by rule:

/home/e-smith/files/server-resources/

Resolution:

Modify /etc/e-smith/templates/etc/httpd/conf/httpd.conf/ 85ServerResourcesAccess from

# Server resources access configuration


order deny,allow
deny from all
{
$OUT .= " allow from $localAccess\n";
}


to include Options Indexes

# Server resources access configuration


Options Indexes
order deny,allow
deny from all
{
$OUT .= " allow from $localAccess\n";
}


Cheers,

Jon Blakely
 
Author: Vinnie (v.degroot_AT_tiscali.nl)
Date:   02-03-03 13:44

Did you perform a post-upgrade AFTER you changed the template
(/sbin/e-smith/signal-event post-upgrade)

Vinnie