Sysrep win 7 join samba NT domain
-
Hi all, is here somebody who is able to join win 7 automatically via sysprep (or maybe other way) to samba based NT domain (samba ver. 3.6)? I can do it manually, but am not sure how to automate this. Is it possible using sysprep?
Or, is FOG client able to join only AD domain or can it join NT domain also?
I searched this forum and didn’t found others with this issue.
Thanks.
-
I haven’t really played too much with samba domain stuff, but I imagine if you can set it up to act in a similar method to Microsoft AD, you’d have no problems. You’d have to do the legwork on the samba AD server, but once that’s good to go everything else should be just as it is normally. You can do it with sysprep and/or use it with the FOG Client theoretically. I’ll see if I can build a samba AD server just to test this with.
-
Thanks for reply. I know, but I’m bit afraid of converting to Samba 4 (lot of work and uncertain results?). I know I will have to do it someday, but I just wanted to try it with my current setup since manual joining works (and if nothing works, just convert to AD). Now, I’m almost in the end - not using sysprep, but Power Shell script in c:\windows\setup\scripts\ which is called by setupcomplete.cmd - it works when I’m normally logged in as Administrator, but not during (or after?) sysprep process…
-
Hi,
do not forget renaming host and joining domain at same time should not work. Does your script rename the host and perform a domain join at same time?
Why not using fog client for joining domain?
Regards X23
-
Hi X23, I discarded this way (scripts in c:\windows\setup\scripts) - I forgot about renaming before joining, so when I finally made these scripts working I realized this and since I didn’t figure out how to accomplish this renaming using powershell or sysprep, I decided that I make snapin which consists of these scripts and will run after FOG client renames hosts. It seems to work, I just need to test it all together with sysprep.
And what do you mean by using fog client for joining? Is it possible to join win 7 to NT4 based (samba v 3.6) domain? I initially thought I will try it, but then just took the snapin way.
Thanks, Rado.
-
Hi, bit delay, but I’m almost in the end (will post howto - maybe it helps somebody), but would like to know how this snapin subsystem works. It seems that when FOG client starts first time (after deploying), it automatically downloads associated snapins and run them (without creating snapin task).
How does FOG client know it starts first time? And, will this work?: I create master image, upload it, deploy it (with snapins automatically downloaded and applied), then next semester use this same image (with updates and perhaps software changes), upload it, deploy it with snapins (again) correctly applied. If yes, it would be really nice
I tried to search here this but didn’t find anything - if this was already discussed, feel free just to post link.
Thanks.
-
snapin tasks are automatically created when you specify a standard download. all snapins assigned to that host will be tasked to run. you can see these snapins to be deployed under the Active Snapin Tasks section of the task management page. the fog client runs the exact same way every time it’s run, the only thing that makes it behave differently is the information it receives from the server when it checks in.
the way of using fog you describe is exactly what it’s designed to do. -
Ok, sorry for delay, here is what we use to make win7 join Samba NT4 domain (maybe it helps somebody):
- after sysprep, fog automatically renames host (it’s done fairly early after sysprep, so there is little or perhaps no chance that computer will join domain with bad name), then it restarts and
- downloads associated snapin - I named it setup_complete_snapin - which contains 2 scripts:
[LIST=1]
[]setupcomplete.cmd
[]join_domain.ps1 (powershell script)
[/LIST]
SETUPCOMPLETE.CMD:
[CODE]
@echo off
rem delete unattend files
del /Q /F c:\windows\system32\sysprep\unattend.xml
del /Q /F c:\windows\panther\unattend.xmlrem delete dir with additional drivers (those which win didn’t install automatically - needs registry update for win to look here)
rd /S /Q c:\Driversrem win activation
cscript //b c:\windows\system32\slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
cscript //b C:\windows\system32\slmgr.vbs -atorem office 2010 activation
cscript “c:\Program Files\Microsoft Office\Office14\ospp.vbs” /actrem registry changes
:: enable self deffense (registry protection) for NOD Endpoint Antivirus 5.0 - disabled before sysprep, because of sysprep crashes with this enabled
REG ADD “HKLM\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000001\Profiles@My profile” /v selfdefense /t REG_DWORD /d 0x1 /f
:: for win7 to join Samba NT4 domain
REG ADD “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters” /v DomainCompatibilityMode /t REG_DWORD /d 0x1 /f
REG ADD “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters” /v DNSNameResolutionRequired /t REG_DWORD /d 0x0 /f
:: fixes problems with login (source: https://lists.samba.org/archive/samba/2010-October/158591.html)
REG ADD “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters” /v DisablePasswordChange /t REG_DWORD /d 0x1 /frem domain join
:: didn’t work without cd
cd \windows\temp\setup_complete_snapin
powershell set-executionpolicy remotesigned
powershell .\join_domain.ps1
powershell set-executionpolicy allsignedrem extends partition to whole disk
diskpart /s .\diskpart.txt:: sleep a la MS Windows
::ping -n 10 1.1.1.1rem restart
shutdown -r -f -t 120Exit
[/CODE]
For domain join, really needed are only sections: domain join, registry changes (for win7 to join Samba NT4 domain) and perhaps restart.JOIN_DOMAIN.PS1:
[CODE]user and pass - pass has to be in apostrophes, quotation marks didn’t work
$User = “DOMAIN\USER”
$Pass = ConvertTo-SecureString ‘PASSWORD’ -AsPlainText -Forcecreate credentials
$Credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User,$Pass
join domain with loggin to file
#add-computer -domain DOMAIN -credential $Credentials 2>&1 > join_domain.log
join domain
add-computer -domain DOMAIN -credential $Credentials
[/CODE]
