Re: [Samba] XP auto enrollment error; TEMP profile
- Date: Mon, 2 Oct 2017 15:59:31 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] XP auto enrollment error; TEMP profile
On Mon, 2 Oct 2017 10:37:34 -0400
Gaiseric Vandal via samba <samba@xxxxxxxxxxxxxxx> wrote:
> The auto enrollment messages seems to be indicate that the client
> machine thinks it is connecting to an AD domain.
> The profile messages is indicative of a domain membership problem,
> whether or not you are using roaming profiles.
> Workgroup method is probably simplest- although my past experience
> was that even at 5 machines managing multiple users on multiple
> machines gets tricky. In theory, you have 30 passwords to set.
> If most people only use computer then this is less of an issue.
Try doing this with 12 machines with multiple users on most of the PCs,
spread over a large area. 5 machines is easy ;-)
> For a small domain, I think the "classic PDC" cane simpler than a
> Samba AD domain controller. However I have not actually tried
> implementing a samba AD domain controller primarily because it would
> not play well in our environment. Also, it relies Heimdal
> Kerberos, which is not included in fedora. I don't think the XP
> problems here are related to classic vs AD. That being said, I do
> understand that the "classic" domain model is not a long term
Believe me, when you get over the initial setup, an AD DC is easier,
in this case, a new AD domain would be simple, it is the classupgrade
that gives the most problems.
> No specifically a samba issue but remember the idea of "defense in
> depth." Many people think "I have a firewall, my network is safe"
> and "I have antivirus, my PC's are safe." You need a mix client
> antivirus, system patching, application updates, backups, e-mail spam
> filtering, and user education. None of these have to be
> expensive. I think you can still run free Sophos AV on XP. Make
> sure no one is logging in with admin rights. The biggest threat
> vector- at least in my work- seems to be e-mail (either with
> malicious attachments or phishing links.) Anyway, that is my pitch
> from my soap box. You can take it or leave it.
All good advice.
> As the old machines wear out, the XP issue will solve itself.
I wouldn't bank on it, I have dealt with people like the OPs customer,
and they will do anything to cut costs, including buying old computers.
To unsubscribe from this list go to the following URL and read the