Difference between revisions of "SAMBA Domain Controller"

From wiki.breedveld.net
Jump to: navigation, search
Line 16: Line 16:
 
  Restart, and you should be able to log on with your Samba username and password.
 
  Restart, and you should be able to log on with your Samba username and password.
  
For Windows7 and Server 2008R2, also edit the registry:
+
Samba Domain on Windows7:
  HKLM\System\CCS\Services\Netlogon\Parameters
+
  Start->run->MMC
  add DWORD RequireSignOrSeal = 0
+
  ->File->add/remove snap-in->Add
  add DWORD RequireStrongKey = 0
+
  -->Add
Reboot after this
+
  --->Group Policy Object Editor->Add
 +
  ---->(Group Policy Object must be 'Local Computer')->Finish
 +
--->Close
 +
-->OK
 +
->Local Computer Policy
 +
->Computer Configuration
 +
->Windows Settings
 +
->Security Settings
 +
->Local Policies
 +
->Security Options
 +
->Disable "Domain Member: Digitally encrypt or sign secure channel data (always)"
  
Optional
+
save this as samba_w7.reg, and load it in the registry:
  HKLM\System\CCS\Services\LanmanWorkstation\Parameters
+
  Windows Registry Editor Version 5.00
  DWORD DomainCompatibilityMode = 1
+
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\lanmanserver\parameters]
  DWORD DNSNameResolutionRequired = 0
+
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\lanmanworkstation\parameters]
Also reboot after change
+
  "DNSNameResolutionRequired"=dword:00000000
 +
  "DomainCompatibilityMode"=dword:00000001
 +
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\netlogon\parameters]
 +
  "DisablePasswordChange"=dword:00000001
 +
"RequireSignOrSeal"=dword:00000001
 +
"RequireStrongKey"=dword:00000001
 +
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
 +
"dontdisplaylastusername"=dword:00000001
 +
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
 +
"Start"=dword:00000003
 +
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
 +
"SlowLinkDetectEnabled"=dword:00000000
 +
"DeleteRoamingCache"=dword:00000001
 +
"WaitForNetwork"=dword:00000000
 +
"CompatibleRUPSecurity"=dword:00000001
 +
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
 +
"EnableLUA"=dword:00000000
 +
"LocalAccountTokenFilterPolicy"=dword:00000001
 +
[HKEY_LOCAL_MACHINE\SYSTEM\Setup]
 +
"RestartSetup"=dword:00000000
 +
"SetupType"=dword:00000000
 +
"SystemSetupInProgress"=dword:00000000
 +
"SetupPhase"=dword:00000000
 +
"CmdLine"=""
 +
"OOBEInProgress"=dword:00000000
 +
 
 +
Reboot after this
  
List users
 
wbinfo -u
 
  
 
add user
 
add user

Revision as of 12:16, 5 January 2014

Samba Domain on XP: 

Start->run->MMC
->File->add/remove snap-in->Add
-->Add
--->Group Policy Object Editor->Add
---->(Group Policy Object must be 'Local Computer')->Finish
--->Close
-->OK
->Local Computer Policy
->Computer Configuration
->Windows Settings
->Security Settings
->Local Policies
->Security Options
->Disable "Domain Member: Digitally encrypt or sign secure channel data (always)"
Restart, and you should be able to log on with your Samba username and password.

Samba Domain on Windows7: 

Start->run->MMC
->File->add/remove snap-in->Add
-->Add
--->Group Policy Object Editor->Add
---->(Group Policy Object must be 'Local Computer')->Finish
--->Close
-->OK
->Local Computer Policy
->Computer Configuration
->Windows Settings
->Security Settings
->Local Policies
->Security Options
->Disable "Domain Member: Digitally encrypt or sign secure channel data (always)"

save this as samba_w7.reg, and load it in the registry: 

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\lanmanserver\parameters]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\lanmanworkstation\parameters]
"DNSNameResolutionRequired"=dword:00000000
"DomainCompatibilityMode"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\netlogon\parameters]
"DisablePasswordChange"=dword:00000001
"RequireSignOrSeal"=dword:00000001
"RequireStrongKey"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"SlowLinkDetectEnabled"=dword:00000000
"DeleteRoamingCache"=dword:00000001
"WaitForNetwork"=dword:00000000
"CompatibleRUPSecurity"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=dword:00000000
"LocalAccountTokenFilterPolicy"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\Setup]
"RestartSetup"=dword:00000000
"SetupType"=dword:00000000
"SystemSetupInProgress"=dword:00000000
"SetupPhase"=dword:00000000
"CmdLine"=""
"OOBEInProgress"=dword:00000000

Reboot after this


add user 

smbpasswd -a <user>

add machine 

smbpasswd -a -m <machine>

delete user 

smbpasswd -x <user>

machine verwijderen en vervolgens opnieuw aanmelden 

pdbedit -x CLIENT-PC$
userdel CLIENT-PC$
Retrieved from "https://wiki.breedveld.net/index.php?title=SAMBA_Domain_Controller&oldid=6872"