Web lists-archives.com

[Samba] XP auto enrollment error; TEMP profile




Dear list,

Help!

I just upgrade a samba server.

Server:
   Fedora 26
   samba-4.6.8-0.fc26.x86_64

Workstations (5 of them):
   XP Pro SP3

The old server was set up as a Domain controller.  I copied the
smb.conf over to the new server.

The XP workstations can see and mount everything.

On the workstations, I removed myself from the old domain and rebooted,
powered off the old server, reattached to the domain.

Problem: when I log into the domain, I get the following in my error log and I get a stinking TEMP directory/profile.

Event Type:	Error
Event Source:	AutoEnrollment
Event Category:	None
Event ID:	15
Date:		9/29/2017
Time:		4:33:10 PM
User:		N/A
Computer:	CURTIS-SCREW
Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Removing the temp profile for the registry and erasing the
TEMP director from Doc and Setting and rebooting does not help.

What am I doing wrong?

-T

my smb.conf:

[global]
   workgroup = xxxxx
   server string = Fedora Samba Server
   volume = Fedora Core, %v
   comment = Samba (NetBIOS) Server on FedoraServer.xxxx.com
   netbios name = FedoraServer
   dns forwarder = 192.168.255.12
   allow dns updates = nonsecure
   interfaces = eno1 127.0.0.1
   hosts deny = ALL
   hosts allow = 192.168.255. 127.0.0.
   lanman auth = yes
   ntlm auth = yes
   printcap name = /etc/printcap
   show add printer wizard = No
   load printers = yes
   printing = BSD
   guest account = pcguest
   log file = /var/log/samba/samba-log.%m
   log level = 4 passdb:10 auth:10
   follow symlinks = yes
   wide links = no
   locking = yes
   strict locking = no
   security = user
   smb passwd file = /etc/samba/smbpasswd
   unix password sync = Yes
   passwd program = /usr/bin/passwd %u
   passdb backend = smbpasswd
   username map = /etc/samba/smbusers
    os level = 64
    domain logons = yes
    domain master = yes
    local master = yes
    preferred master = yes
   idmap config * : backend        = tdb
   idmap config * : range          = 1000000-1999999
   add user script = /usr/sbin/useradd -m -G users '%u'
   delete user script = /usr/sbin/userdel -r '%u'
   add group script = /usr/sbin/groupadd '%g'
   delete group script = /usr/sbin/groupdel '%g'
   add user to group script = /usr/sbin/usermod -A '%g' '%u'
add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u'
   logon script = scripts/logon.bat
   logon path = /exports/netlogon
   logon drive = X:
   wins support = yes
   name resolve order = host
   dns proxy = yes
   deadtime = 20160
   force create mode = 0000
   create mode = 0777
   force directory mode = 0000
   directory mode = 0777
   map archive = yes
   map system = yes
   map hidden = yes

[profiles]
   # https://www.ccs.uky.edu/docs/samba.htm
   # create mode = 0600
   # directory mode = 0700
   create mode = 0777
   directory mode = 0777
   path = /exports/profiles/
   profile acls = yes
   read only = no
   writable = yes

[public]
   comment = Public on xxxxx FedoraServer -- Mount as F:
   path = /exports/public
   valid users = @users
   write list = @users
   force group = users
   force user = public
   locking = yes
   oplocks = no
   fake oplocks = no
   level2 oplocks = no
   strict locking = no
   blocking locks = no
   public = no
   writable = yes
   printable = no
   browseable = yes
   create mode = 0777
   force directory mode = 0000
   directory mode = 0777
   map archive = yes
   map system = yes
   map hidden = yes

[homes]
   comment = %u.%G' Home/Documents Directory -- Typically mount as G: (UH)
   path=/home/%u/Documents
   valid users = @users
   write list = @users
   read only = no
   create mode = 0750
   public = no
   writable = yes
   printable = no
   browseable = no

   create mode = 0777
   force directory mode = 0000
   directory mode = 0777
   map archive = yes
   map system = yes
   map hidden = yes

[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
   public = yes
   guest ok = no
   writeable = no
   printable = yes

[netlogon]
   comment = Network Logon Service (X:)
   path = /exports/netlogon
   public = no
   writeable = no
# set browable to "no" if you don't want everyone to be able to browse the scripts
   browsable = yes







--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba