Web lists-archives.com

Re: [Samba] XP auto enrollment error; TEMP profile

On 10/02/2017 07:59 AM, Rowland Penny via samba wrote:
On Mon, 2 Oct 2017 10:37:34 -0400
Gaiseric Vandal via samba <samba@xxxxxxxxxxxxxxx> wrote:

The auto enrollment messages seems to be indicate that the client
machine thinks it is connecting to an AD domain.

The profile messages is indicative of a domain membership problem,
whether or not you are using roaming profiles.

Workgroup method is probably simplest-  although my past experience
was that even at 5 machines managing multiple users on multiple
machines gets tricky.     In theory, you have 30 passwords to set.
If most people only use computer then this is less of an issue.

Try doing this with 12 machines with multiple users on most of the PCs,
spread over a large area. 5 machines is easy ;-)

This I can identify with.

For a small domain, I think the "classic PDC"  cane simpler than a
Samba AD domain controller.  However I have not actually tried
implementing a samba AD domain controller primarily because it would
not play well in our environment.     Also, it relies Heimdal
Kerberos, which is not included in fedora.    I don't think the XP
problems here are related to classic vs AD.    That being said, I do
understand that the "classic" domain model is not a long term

Believe me, when you get over the initial setup, an AD DC is easier,
in this case, a new AD domain would be simple, it is the classupgrade
that gives the most problems.

No specifically a samba issue but remember the idea of "defense in
depth."   Many people think "I have a firewall, my network is safe"
and "I have antivirus, my PC's are safe."     You need a mix client
antivirus, system patching, application updates, backups, e-mail spam
filtering, and user education.     None of these have to be
expensive. I think you can still run free Sophos AV on XP.   Make
sure no one is logging in with admin rights.     The biggest threat
vector-  at least in my work-  seems to be e-mail (either with
malicious attachments or phishing links.) Anyway, that is my pitch
from my soap box.   You can take it or leave it.

All good advice.

As the old machines wear out, the XP issue will solve itself.

I wouldn't bank on it, I have dealt with people like the OPs customer,
and they will do anything to cut costs, including buying old computers.

Kicking an screaming!


Computers are like air conditioners.
They malfunction when you open windows

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba