Peter Luk's Blog

A cat lover's weblog

Enable fully qualified domain names in DFS

To enable fully qualified domain names in DFS:
1.. If the DFS server hosts a DFS root or replica, remove it from the server. (If you accidentally activated the DfsDnsConfig parameter without removing configuration information, you can clear it by typing dfsutil /clean: computername.
2.. Start Registry Editor and open the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dfs
3.. If you find a DfsDnsConfig value, click Edit Value on the Edit menu, and then change the value to 1. If there is no DfsDnsConfig value, click Add Value on the Edit menu, and then add the following information value:
Value Name: DfsDnsConfig
Data Type: REG_DWORD
Value Data: 1

Windows 7 and mandatory profile

http://support.microsoft.com/kb/973289

http://theitbros.com/sysprep-a-windows-7-machine-%E2%80%93-start-to-finish

http://benosullivan.co.uk/windows/how-to-image-and-deploy-windows-7-a-complete-guide/

My unattend.xml for copying the default user profile generated using the Windows System Image Manager tool for a x64 Win7 enterprise seed

<?xml version=”1.0″ encoding=”utf-8″?>
<unattend xmlns=”urn:schemas-microsoft-com:unattend”>
<settings pass=”specialize”>
<component name=”Microsoft-Windows-Shell-Setup” processorArchitecture=”amd64″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”>
<CopyProfile>true</CopyProfile>
</component>
</settings>
<cpi:offlineImage cpi:source=”catalog:c:/users/administrator/desktop/install_windows 7 enterprise.clg” xmlns:cpi=”urn:schemas-microsoft-com:cpi” />
</unattend>

Batch print pdf files with Acrobat

Batch Printing PDFs (and other files) using Acrobat 9

Setting Up the IIS 6 Password Change Site – IISADMPWD

http://blogs.msdn.com/b/friis/archive/2009/03/24/setting-up-the-iis-6-password-change-site-iisadmpwd.aspx

Windows 2008 R2 DC and samba

If you encountered the below error after you have joined your samba as a member to the Windows 2008R2 AD :

[2011/07/27 09:31:04, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
rpc_api_pipe: Remote machine your_WINDOWS_DC pipe \NETLOGON fnum 0x4returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED

It is a samba bug, upgradeto samba 3.4.x or above

MacOSX ignore samba create mode and directory mode

putting “unix extensions = no” in the [global] section of your smb.conf file.

Reference :

http://dossy.org/2010/07/annoying-change-in-macos-x-10-5-samba-clients/

Joining Samba 3 to Active directory as member using ADS security mode

1. The key config of smb.conf :

client use spnego = yes
client signing = yes
realm = YOUR.ADS.DOMAIN
security = ADS

;only used if the ads user will login the samba member
;winbind uid = 10000-20000
;winbind gid = 10000-20000
;winbind enum groups = yes
;winbind enum users = yes

2. The /etc/krb5.conf

[libdefaults]
default_realm = IEPCLAN.IE.CUHK.EDU.HK
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes

[realms]
YOUR.ADS.DOMAIN = {
kdc = ip.of.your.dc
default_domain = your.ads.domain
}

[domain_realm]
.your.ads.domain = YOUR.ADS.DOMAIN
your.ads.domain = YOUR.ADS.DOMAIN

3. kinit administrator (enter the administrator password when prompted). The klist command should then list a ticket.

4. edit /etc/hosts file, add your host ip and your.ads.domain if you got the below error :

Using short domain name — YOURADDOMAIN
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Deleted account for ‘HOSTNAME’ in realm ‘YOUR.AD.DOMAIN’
Failed to join domain: Type or value exists

5. net ads join -U Administrator

6. store your winbind credentials with : net setauthuser -U winbind (enter winbind password in AD)

7. restart samba and winbindd

8. use wbinfo -u to check the winbindd works or not

References :

http://www.section6.net/wiki/index.php/Configuring_Samba3_to_be_a_Windows_Domain_Member

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#id2560123