Adding a windows xp client to a samba 3.0 domain
If you want to add a windows xp client to a samba 3.0 domain, you should keep the following things in mind:
- Change your smb.conf accordingly:
- Under [global] enter the following:
workgroup = <domain name>
passdb backend = tdbsam:<path to passdb.tdb>
os level = 33
preferred master = auto
domain master = yes
local master = yes
security = user
logon path = <path for profile data>
logon home = <path for home directory>
logon drive = <drive letter, under which the login home should be mapped>
wins support = yes
encyrypt passwords = yes
add machine script = /usr/sbin/useradd -d /var/lib/nobody -g <group for domain members> -s /bin/false -M %u
idmap gid = <group-id range for mapping>
idmap uid = <user-id range for mapping>
server signing = auto - Under [homes] enter the following:
valid users = %S
read only = No
inherit acls = Yes
browseable = No - Under [profiles] enter the following:
path = /var/lib/samba/profiles
read only = no
create mask = 0600
directory mask = 0700
store dos attributes = yes - Under [netlogon] enter the following:
path = /var/lib/samba/netlogon
write list = root
read only = yes
guest ok = yes
browseable = no
- Under [global] enter the following:
- To create computer account, a user must be created in the passdb backend, which has the permission, to create a new user with /usr/sbin/useradd. You can at best check that by using pdbedit -L.
Windows XP: Wenn Sie einen Computer in ihrem Netzwerk anpingen, erscheint viermal IP-Sicherheit wird verhandelt
Dies kann daran liegen, daß auf dem lokalen Computer IPSEC aktiv ist. Öffnen Sie Systemsteuerung, Verwaltung, Dienste oder starten sie services.msc und überprüfen den Status der IPSEC Services. Wenn dieser gestartet ist, so beenden sie ihn, und versuchen den ping dann erneut. Falls es funktioniert, haben sie den Schuldigen gefunden.
Der IPSEC Service kann durch das aktivieren einer IP-Sicherheitsrichtlinie auf dem Computer gestartet werden, und läuft auch nach dem deaktivieren der Richtlinie weiter.
