Samba3.5.4 authentication questions

Matt Ficken (Insight Global) v-mafick at microsoft.com
Fri Dec 3 14:06:32 MST 2010 

Have you set the 'workgroup' and 'realm' parameters in the [global] section of the samba configuration?

Could you share a copy of your samba configuration here (minus any confidential info)?

-----Original Message-----
From: samba-technical-bounces at lists.samba.org [mailto:samba-technical-bounces at lists.samba.org] On Behalf Of MICHAEL BROWN
Sent: Friday, December 03, 2010 12:27 PM
To: samba-technical at lists.samba.org
Subject: Samba3.5.4 authentication questions

Greetings all.
We are using SAMBA 3.5.4 servers running on SLES 9 and 10 joined to Windows 2008 active directory servers.

Some things I am noticing are a little odd.

*) If I map a network drive using the FQDN of a SAMBA server, it works fine.  Example server and share:

\\myserver.mydomain.com\myshare

On the same machine that mapped the FQDN above, if I try to go to "run" and type in:

\\myserver\myshare

I get prompted for credentials.

What can I be missing to alert SAMBA that this "NETBIOS" name is the same server, kerberos key, etc., that I have
just mapped previously using the FQDN?  All server resolution, short, FQDN, is resolvable via DNS and NETBIOS.


*) We have users that have shortcuts to shares on their desktop.  We map the share names via "NET USE".  Later through the day,
the user clicks on the share, they get prompted for credentials.  The machine's time is correct and the same as the server's time so
I know it is not a time issue with keys.


*) Last thing is that it seems the NSCD process and SAMBA hate each other in that no users can authenticate after "X"
amount of time of NSCD running.  If I stop NSCD, it allows authentication.  No group/user additions or changes were made.
I have added a CRON job to stop that process every 1 min. and it seems to work OK but I was just wondering why I have to do this?


I *really* wished you guys would have not removed the ability for SAMBA to authenticate a user based off of the machine's name
and username.  I know this is Windows behavior but Windows is not always right =)

Thanks!

NOTICE - This communication may contain confidential and privileged information that is for the sole use of the intended recipient. Any viewing, copying or distribution of, or reliance on this message by unintended recipients is strictly prohibited.  If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer.

More information about the samba-technical mailing list