slow file browsing with MS Office - reply_spnego_kerberos(250)

Mon Jan 21 13:54:17 GMT 2008

Hi,

We had a similar problem at our department. Our samba based file server was
integrated in the AD but the winbindd had a *special* configuration: On the
server itself a sid<->uid mapping was only avaiable for the regular  users,
not for the computer accounts. At the beginning this seemed to work, but
from time to time the machine was very slow too. 
We had similar errors in our log file. It seems like the client computers
try to log in with their own computer account to the share. But as there was
no uid mapping the login request was rejected. These login attempts happened
quite often and it seemed that access from the clients was halted during
these attempts.
We solved this problem with a username mapping script, which mapped all
computer accounts to nobody.

Christoph

Wolfgang.968 wrote:
> 
> 
> James Peach-2 wrote:
>> 
>> On 18/01/2008, Wolfgang.968 <wstahn at proderm.de> wrote:
>>>
>>> I have a weird issue with Samba 3.0.10 on an MAC OS X Server 10.3.9 with
>>> AD
>>> integration:
>>>
>>> When accessing shares on the server from a Windows XP PC with explorer
>>> and
>>> browse thru the folders, all works fine.
>>>
>>> If i try the same using the FileOpen dialog from within MS Office (Word,
>>> Excel), the browsing (changing of folders up and down) is extremely
>>> slow.
>>> Browsing this way, the Samba log on the server shows me lots of error
>>> message of the form:
>>>
>>> reply_spnego_kerberos(250) Username DOMAIN/COMPUTERNAME$ is invalid on
>>> this
>>> system
>> 
>> This is almost certainly because there is no Computer record in Open
>> Directory named "DOMAIN/COMPUTERNAME$". Open up Workgroup Manager and
>> find the computer record that corresponds to the XP system. Add
>> "DOMAIN/COMPUTERNAME$" as an alias for this.
>> 
>> You might also have to mess with service ACLs if you are using them.
>> 
>> -- 
>> James Peach | jorgar at gmail.com
>> 
>> 
> 
> All client computers, as well as the servers, are members of the AD
> domain. Because all computer accounts are stored there, there should be no
> reason to add them in workgroup manager...
> 
> It's not that it isn't working at all. It's working, but slow and with
> error messages.
> 
> Update: I figured out that it seems to be a client problem, or to be
> precise, a MS Office problem. The described erroneous slow behaviour only
> happens if I try to browse the server folder by accessing it thru an UNC
> name (\\servername). If I map a drive letter to that share and access the
> server by this network drive, it's all very quick. I always thought,
> acessing a network share by network drive letter or via UNC path is the
> same, but obviously, it is not...
> 
> Wolfgang
> 
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/slow-file-browsing-with-MS-Office---reply_spnego_kerberos%28250%29-tp14955498p14997700.html
Sent from the Samba - samba-technical mailing list archive at Nabble.com.