Connecting to a SAMBA Share from Windows XP

Linux, Network No Responses »
Feb 082010

I was working on a project that required the use of a mapped drive to a SAMBA share. This all went off without a hitch on my test PC running Windows 7 and I was about to tick the job off my list. But… when I attempted to replicate this on the staff members PC running Windows XP I ran into an issues with authenticating to the SAMBA share. I have read numerous pages and forums that provided many different ways around the issue. Below is what worked for me and allowed me to have the mapped drive reconnect at login without continuing to prompt the user for authentication:

  1. Edit the requiresignorseal registry setting:
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
    • requiresignorseal - Change hex value from 1 to 0
    • RESTART PC
  2. Map a drive to the SAMBA share and select “Reconnect at login“. Usually at this stage you would use the “Connect using a different user name” option. However, do not use this option as it will not allow you to save your credentials.
    MapDrive
  3. Click Finish and you will be prompted for your credentials. Input your user name and password (SAMBA sever credentials) and select “Remember my details“.

As I mentioned there are numerous solutions out there to resolve this issue. This is just what worked for me…

Posted by agreenlees at 9:11 pm Tagged with: , , , , , , , , , ,

Creating Group Policy ADM for Firefox Extension

Active Directory, Firefox, Group Policy, Network, Windows Server No Responses »
Feb 022010

At the school that I work for we have been using the Group Policy enabled version of Mozilla Forefox from FrontMotion for some time now. We have discussed the idea on several occasions whether or not to allow staff to install extensions. I have decided to set an allowed location (locally hosted) in group policy where staff can find approved extensions to install.

However, we still required the ability to control some of the settings within these extensions. I was able to achieve this by creating Group Policy ADM templates for these extensions. The ADM templates are written to control the about:config settings of the extension which can be found by browsing to about:config in Firefox and filtering for the desired extension. The preferences are set at as a MACHINE CLASS (Computer Policy) and are locked preferences. Below is an example and explanation of a couple of settings of an ADM template for the IEView extension (comments in red): [Complete ADM example attached at the end of this post]

- Define the CLASS type
CLASS MACHINE

- Set the main category name (folder under Administrative Templates in Group Policy)
CATEGORY “Mozilla Advanced Options for Extensions”

- Set the preferences to be locked preferences
KEYNAME “Software\Policies\Mozilla\lockPref”

- Set the category/extension name (level under main category)
CATEGORY “IEView”

Boolean type preference for the Close Page on Reload setting (On or OFF)

- POLICY = Setting name
POLICY “Close Page on Reload”
- EXPLAIN = Explanation of what the setting does
EXPLAIN “Enables or disables the close page after reload option”
- VALUENAME = about:config Preference Name for the setting
VALUENAME “ieview.closeReloadPage”
- VALUEON = The value for the setting when enabled in Group Policy
VALUEON 1
- VALUEOFF = The value for the setting when disabled in Group Policy
VALUEOFF 0
- END POLICY = Ends the options for the current setting
END POLICY

String type preference for the Filter List setting (string of values)

- POLICY = Setting name
POLICY “Filter List”
- EXPLAIN = Explaination of what the setting does
EXPLAIN “Sets list of sites to always open in IE. Sites are separated by spaces. Use * for wildcard.”
- PART = “list” EDITTEXT, sets the values for the “list” part of the setting and edits the current vales
PART “List” EDITTEXT
- DEFAULT = When the setting is enabled in Group Policy, the DEFAULT string values will automatically be filled in
DEFAULT “file:///* http://*update.microsoft.com/ http://www.windowsupdate.com/”
- VALUENAME = about:config Preference Name for the setting
VALUENAME “ieview.forceielist”
- END PART = Ends the options for the current PART of the setting
END PART
- END POLICY = Ends the options for the current setting
END POLICY

- END CATEGORY = Ends the extension name category
END CATEGORY

- END CATEGORY = Ends the main category
END CATEGORY

IEView_ADM

I hope that made at least a little bit of sense.

Find a complete example here.
Download the RAR file here.

Posted by agreenlees at 10:30 pm Tagged with: , , , , , , , , , , , , , ,

Moodle-Google Intergration

Network, Open Source / Freeware, web 2.0 No Responses »
Dec 022009

The school I work at currently uses Moodle as our chosen LMS for students. Moodle is linked with our School Management system to sync courses, assignments and course enrollments among other things. This greatly assists in minimising administration work, but more on this at another time…

Our school also uses Google Apps Education Edition to provide our students with Email accounts and usage of the other Google Apps services. Google provides a great LDAP sync tool that can easily sync users and groups memberships but lacks a way to sync users passwords (not secure). For this to be possible a Single Sign On (SSO) system must come into the equation. These systems can cost thousands of dollars (depending on user numbers) from 3rd party developers or require a large amount of IT admin time and server resources to perfect a solid solution. I searched long and hard for a suitable tool for this job and tried a number of solutions but none worked well enough for my liking.

At the same time that I was searching for solutions for this issue I was also browsing around for some useful Moodle plugins. This is where I came across the Moodle-Google Intergration plugin that would solve all my issues. The plugin provides a SAML based authentication method to allow users to use their LDAP credentials (LDAP must be configured in Moodle) to log into their Google Apps account. This plugin talks with the SSO feature built into Google Apps via SAML 2.0 post and the use of the generated keys and certificates for security. Users then login to Moodle and from there can access their Google Apps account.

More to come on the configuration of this plugin. Stay tuned…

Narradan

Posted by agreenlees at 10:09 pm Tagged with: , , , , , , , , , , ,

The WinMac Relationship (part 1)

Network, OS, OS X (Mac) No Responses »
Jun 172008

Recently our OS X Server crashed and burned. A Mac tech. and I tried put our heads together and attempted to bring the system back life and restore its previous state. The file system and user data was all intact however, we could not consistently keep the network services (AFP, Open Directory, etc.) running. We even went as far as trying a complete rebuild on an alternative XServe then restoring the OD and Directory Services settings but this was also to no avail. Let me give you some background as to how our Mac network WAS setup;

We are primarily a Windows based domain. The only pocket of Macs we have are for our Photography and Visual Arts departments (and an odd Mac Book here and there). The original setup was conceived well before my time at my current company so up until I was thrown into the guts of the Mac network when the whole system went down my knowledge of the server setup was on a need to know basis. The XServe had a Directory Services LDAP connection to our Windows 2003 LDAP server and had a custom binding to pull user information from Active Directory. I never completely explored the custom mappings but from what I have been told it was a fairly intense setup to provide the out of the ordinary needs at the time.

This is my first job where I have had to support Macs so my knowledge was very limited but from the start I found the setup to be somewhat odd. The Macs would always take a considerable amount of time to startup (which I worked out later was due to Directory Services taking an age to authenticate), user accounts would randomly stop working or be denied access to applications. The main method behind the madness was to allow users to maintain their Windows based home folders, but also have a network mapped home folder on the Mac server when logged into a Mac computer. I had always wanted to reconfigure the server myself but without the necessary time or expertise I stopped myself from opening that can of worms. But with the server now down for the count I was forced to commission my plan…

More blabbering to come….

Posted by agreenlees at 11:44 pm Tagged with: , , , , , , ,
© 2012 AG's Latest! Suffusion WordPress theme by Sayontan Sinha