Koozali.org: home of the SME Server
Obsolete Releases => SME Server 9.x => Topic started by: k_graham on September 26, 2017, 07:49:08 PM
-
Save the Win10 registry patch (win10samba.reg) from https://your-server-ip/server-resources/regedit/ with your favourite web browser
I was trying to change from using a Workgroup to using a Domain on SME 9 ,
(without roaming profiles as if I recall with varied hardware that creates issues)
Anyway I don't see the mentioned patch file there.
Thanks,
Ken Graham
-
I was getting ready to ask the same question!
I have had to move to W10 without my usual testing and consideration. Due to the licenses I have there are upgrades from W7/64 that already have the W7 registry patches. I have also been using roaming profiles for years. If there is a better way to keep user information on the server I'm all ears!
The things I have found so far:
The W10 registry patch is missing as noted above. I don't know if something in that patch would help or not.
A W10/64 client seems to join a SME9 domain without any problems.
Since there are no V5 or V6 profile directories you have to create them yourself being sure that the user is owner and group and the directory is 700.
Simply copying a V2 directory seems to open a world of problems.
Once a W10 machine cannot connect to a profile directory properly due to name, owner, group or RWX (700) it seems to never be able to connect again and the machine must be reimaged.
-
the patch reg file is supposed to be there for SME9, and I see the v5 and v6 profile
# ll /home/e-smith/files/server-resources/regedit/
total 24
-rw-r--r-- 1 root root 856 24 mars 2017 win10samba.reg
-rw-r--r-- 1 root root 206 31 janv. 2013 win7samba.reg
-rw-r--r-- 1 root root 329 24 mars 2017 win8samba.reg
-rw-r--r-- 1 root root 126 9 août 2005 win98pwdcache.reg
-rw-r--r-- 1 root root 248 24 mars 2017 windows_samba_performance.reg
-rw-r--r-- 1 root root 121 9 août 2005 winxplogon.reg
# rpm -qf /home/e-smith/files/server-resources/regedit/win10samba.reg
e-smith-samba-2.4.0-24.el6.sme.noarch
# ll /home/e-smith/files/samba/profiles/jppialasse*
/home/e-smith/files/samba/profiles/jppialasse:
total 0
/home/e-smith/files/samba/profiles/jppialasse.V2:
total 0
/home/e-smith/files/samba/profiles/jppialasse.V3:
total 0
/home/e-smith/files/samba/profiles/jppialasse.V4:
total 0
/home/e-smith/files/samba/profiles/jppialasse.V5:
total 0
/home/e-smith/files/samba/profiles/jppialasse.V6:
total 0
-
This is what I get:
# ll /home/e-smith/files/server-resources/regedit/
total 20
-rw-r--r-- 1 root root 206 Jan 13 2014 win7samba.reg
-rw-r--r-- 1 root root 206 Jan 13 2014 win8samba.reg
-rw-r--r-- 1 root root 126 Aug 9 2005 win98pwdcache.reg
-rw-r--r-- 1 root root 248 Jan 13 2014 windows_samba_performance.reg
-rw-r--r-- 1 root root 121 Aug 9 2005 winxplogon.reg
# rpm -qf /home/e-smith/files/server-resources/regedit/win10samba.reg
error: file /home/e-smith/files/server-resources/regedit/win10samba.reg: No such file or directory
# ll /home/e-smith/files/samba/profiles/gardner*
/home/e-smith/files/samba/profiles/gardner:
total 0
/home/e-smith/files/samba/profiles/gardner.V2:
total 0
# cat /etc/e-smith-release
SME Server release 9.0
I suppose I need an update?
-
Ran just the one update for testing, will redo the servers with a more modern release and update before proceeding with production units. In many locations I have very limited bandwidth...
But after just running the e-smith-samba-2.4.0-24.el6.sme.noarch update my listings match Jean-Philippe's.
For those interested the reg file looks like this:
# cat /home/e-smith/files/server-resources/regedit/win10samba.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]
"DNSNameResolutionRequired"=dword:00000000
"DomainCompatibilityMode"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths]
"\\\\*\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProfSvc\Parameters]
"UseProfilePathExtensionVersion"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"SlowLinkDetectEnabled"=dword:00000000
"DeleteRoamingCache"=dword:00000001
"WaitForNetwork"=dword:00000000
"CompatibleRUPSecurity"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\f9d8cd0-1501-11d1-8c7a-00c04fc297eb]
"ProtectionPolicy"=dword:00000001
MANY THANKS!
I'll check back with success or failure....
-
Just for chuckles here are the changes if you had a W7 system that could connect but was upgraded.
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]
"DNSNameResolutionRequired"=dword:00000000
"DomainCompatibilityMode"=dword:00000001SAME
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths]
"\\\\*\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0"ADDED VALUE
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProfSvc\Parameters]
"UseProfilePathExtensionVersion"=dword:00000001ADDED VALUE
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"SlowLinkDetectEnabled"=dword:00000000
"DeleteRoamingCache"=dword:00000001
"WaitForNetwork"=dword:00000000
"CompatibleRUPSecurity"=dword:00000001ADDED VALUES
In case anyone cares...
-
Ran just the one update for testing, will redo the servers with a more modern release and update before proceeding with production units. In many locations I have very limited bandwidth...
But after just running the e-smith-samba-2.4.0-24.el6.sme.noarch update my listings match Jean-Philippe's.
For those interested the reg file looks like this:
# cat /home/e-smith/files/server-resources/regedit/win10samba.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]
"DNSNameResolutionRequired"=dword:00000000
"DomainCompatibilityMode"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths]
"\\\\*\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProfSvc\Parameters]
"UseProfilePathExtensionVersion"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"SlowLinkDetectEnabled"=dword:00000000
"DeleteRoamingCache"=dword:00000001
"WaitForNetwork"=dword:00000000
"CompatibleRUPSecurity"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\f9d8cd0-1501-11d1-8c7a-00c04fc297eb]
"ProtectionPolicy"=dword:00000001
When I go to import this I get the message "The key will be restored on top of key: Computer. All value entries and subkeys of this key will be deleted. Do you want to continue the operation?"
Okay I have also Exported my registry in case this doesn't work but am I importing correctly for it to go on top of key: Computer ?
Thanks,
Ken Graham
-
If you want to be super careful you can edit the keys yourself using regedit.
In other words run regedit as an administrator or equivalent and go see what is in each key. Make a note of what is there and then add or edit as needed.
What I saw when looking at mine (yours may be different!) is only ...\LanManWorkstation\Parameters had values. All the others pair values were added.
My feeling is you shouldn't have any ill effects from running this registry patch. I plan to in just a bit as soon as I get a fresh version of SME 9.2 x86_64 downloaded and installed for my test bed.
-
Save the Win10 registry patch (win10samba.reg) from https://your-server-ip/server-resources/regedit/ with your favourite web browser
Okay I confess my ignorance - I saw the link but really did not read it, I assumed it was pointing to a point on contribs.org and so trying to go to it was getting me nowhere, thus no file. Of course once reading the link I realized I was supposed to put in my server IP, that it was on my server.
Thanks to all for putting up with me.
Ken
-
No prob!
I didn't see win10samba.reg because I was on 9 without the e-smith-samba-2.4.0-24.el6.sme.noarch update and it wasn't there. Jean-Philippe Pialasse's well done post put me in the correct direction and was very helpful.
After testing yesterday and today's complete network upgrade (SME8->9.2, W7/32->W10/64) and hardware replacement (boxPCs->NUCs) I can say it works very well. Only had one slight bobble that was cleared by a client reboot. Without the upgrade and registry patch I can assure you it does not work well...
I have used roaming profiles for quite a few years now. I wouldn't imagine that there is much of an issue with hardware variations but there certainly would be in different OS's since the files are stored in different directories depending on OS versions. Roaming profiles work well as long as you know the limitations, primarily that users need to keep their profile sizes reasonable. Storing a lot of stuff on the directories that are synced at log on and off is sure to cause problems. Of particular note is desktop, documents, and downloads directories. Check what is stored in /home/e-smith/files/samba/profiles and you will get an idea. Those directories will be populated the first time a user logs off when roaming profiles are enabled in the SME GUI.
I hope your efforts with Windows Domains go as well as mine have. For me managing a network of beyond 4-5 machines/users is a PITA without using a Windows domain.