Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Jan on August 29, 2002, 02:29:00 AM
-
Hi all,
Here's what my setup looks like:
Server only behind a seperate hardware gateway/firewall
Server is domain controller and has roaming profiles enabled
Server is a SME 5.5
Here's what I did:
I did the 4 reghacks in my WinXPpro client using regedit
I logged into my XP client's administrator account and logged into the domain controlled by the SME using the admin account.
I then logged into XP using an account that is identical to the account on the SME and went and added this one to the domain.
So now I can log into SME's NT domain and that seemed to work untill I tried using MSN messenger. It just won't start. I ran the MSN passport wizzard succesfully .... still I can't login. When I log off and log in using local (non SME-NT) logon messenger works fine.... strange?
Any thoughts? I really would like to use MSN-messenger again I just don't know how to fix this.
Any help is more than welcome.
Regards,
Jan
-
Hi again,
I forgot to mention I also assigned administrator rights to all who log into the SME-domain. I did this using the howto from Greg Zartman (http://www.softwaredynamics.biz/support/howto/sambasecurityhowto/)
I did this because I wanted to be able to run and install all programs on my client machine without any restrictions.
regards,
Jan
-
I'm a bit confused on where you are at with this. I'm assuming you have successfully joined the client machine in question to your SME domain. If this is the case, log into to your client a standard user account, open a command prompt window, and issue the following:
c:\net user greg
User name Greg
Full Name
Comment Built-in account for administering the computer/domain
User's comment
Country code 000 (System Default)
Account active Yes
Account expires Never
Password last set 5/15/2001 1:40 PM
Password expires Never
Password changeable 5/15/2001 1:40 PM
Password required Yes
User may change password Yes
Workstations allowed All
Logon script
User profile
Home directory
Last logon 11/29/2001 9:05 PM
Logon hours allowed All
Local Group Memberships *Administrators
Global Group memberships *None
The command completed successfully.
---------------------------------------------------------------------
(remember to replace greg with what ever username you are using)
Note that I'm(i.e., username greg) logged into my worstation under the local windows group Administrators. As should be given my setup.
To verify that SME is setup correctly, open a terminal on your SME box and issue the following command:
[root@server root]# testparm | grep domain
allow trusted domains = Yes
domain admin group = @domain_ad
domain guest group =
domain logons = Yes
domain master = True
winbind use default domain = No
Note that on my server, samba is using the group domain_ad as the domain administor group. My SME user account greg is set to be a member of the SME group domain_ad.
Hope this helps.
Greg
-
Hi and thank you for your comments,
Using the dosprompt I get bassically an identical info list on the domain. So it does seem to be logged in and has administrator rights.
When I log into the SME box and enter the testparm | grep domain I get not output at all. Am I doing something really stupid here?
Thank you in advance for any help given.
regards,
Jan
-
Yep I did do something stupid .... patience. OK enter command and then press enter again and I get a similar output except @domain_ad is called admin.
regards,
Jan
-
Jan,
If your client is telling you that you are a memeber of the administrators group, then you should be able to perform just about any task you'd like. Maybe try reinstalling the app that was giving you problems while logged in on your domain account.
Greg
-
Jan
What is the reghack you mention?
Thanks
John
-
Greg,
Have checked and I supposedly have admin rights but cannot reinstall. I will attempt a complete reinstall of XP because íts become somewhat of a mess. Just wondering if I'm in for a nasty surprise wuth e-smith not letting me rejoin the NT domain. Will do the install tomorow I think.
John,
The reghacks I found on the forum, not sure where exactly but here they are:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Parameters]
"requiresignorseal"=dword:00000000
"requirestrongkey"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Netlogon\Parameters]
"requiresignorseal"=dword:00000000
"requirestrongkey"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"requiresignorseal"=dword:00000000
"requirestrongkey"=dword:00000000
I seem to remember reading about these reg settings in a howto as well.
Will keep you posted,
Regards,
Jan
-
You won't have a problem re-joining the domain. Follow the howto located here:
http://myezserver.com/downloads/mitel/howto/samba-howto.html
The reg hacks are also listed in this howto.
Greg