Re: [Samba] XP auto enrollment error; TEMP profile
- Date: Sun, 1 Oct 2017 13:43:32 -0700
- From: ToddAndMargo via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] XP auto enrollment error; TEMP profile
On 09/30/2017 08:21 AM, Gaiseric Vandal via samba wrote:
If this is a customer rather than your employer you may find that you
need to just part ways, which I know isn't easy. If you provide a
customer with your professional advice, and they choose to ignore it,
then I think you can't really help them.
Easier said than done. We are still suffering from the endless
recession out in these parts, although things have started to
SLOWLY change over the last 10 months. If I do not accommodate
the customer's wishes, I will not be able to feed my family. And
replacing the customer is impossible in this business climate.
Bear in mind that I am considered a unnecessary expense to be
eliminated. At least this customer has not accused me of writing
viruses so I can charge to remove them. I am between a rock and
a hard place. I either fix this or lose my shirt.
Is the customer using XP for all client machines or just select machines
that may run some legacy app?
The app will run on any version of Windows. The reason for the XP
is that the customer doesn't believe in fixing what ain't broke.
(That is a conspiracy to separate him from his money don't you know).
Do you have at least one Win 7 machine?
Not a single one!
I would validate the
connections with the win 7 machine before you start trying to fix
XP. That would at least prove that the server is correct and XP is
If this is a "classic" domain controller then you DO have to use NTLM
(but definately NOT lanman.) If XP supports NTLMv2 then I think it
will negotiate that with Samba. I think Microsoft released patches
for XP for WanaCry, even tho XP is otherwise unsupported. So some of
the security concerns are partially mitigated. Although you should
make sure that the antivirus is enabled and that the machine is ONLY
used for the absolutely essential functions (no web browsing, no e-mail.)
Some of the default "signing" options in smb.conf may have changed with
the newer versions of samba. You may need to turn "server signing" ,
"client signing" and "client ipc signing" to off. You may also want to
check the server and client min and max protocol options on samba. XP
may have problems with SMB2.
Can you try using smbpasswd or pdbedit to precreate the machine
accounts ? I found sometimes certain attributes weren't properly
created when joining machines to domains.
I used smbpasswd. And I am using DDNS (Dynamic Domain Name Service).
Each computer showed up in both my forward and reverse tables.
I am not much of a fan of Domain Controllers. This is five computers
and I just don't see that it is worth the effort for any "perceived"
extra functionality. So I am slowly reverting them back to a
Thank you for the help!
Oh and this server (Fedora 26) is an upgrade from his old
CentOS 5 server. Talk about out-of-date!
To unsubscribe from this list go to the following URL and read the