[Samba] Problems with samba and windows 2000 professional

Frank Thomas frank at thethomasproject.com
Mon Jun 25 03:30:46 GMT 2007


Good day,

I'm having issues with a small company with the following setup...
1. Windows 2003 active directory server (server.company.local)
2. samba 3.0.25 linux server (serve2.company.local)
3. windows xp and windows 2000 professional clients. All clients are part
of the ads structure.

What's happening is the client's running windows xp can access the samba
shares with no issues what so ever, but the windows 2000 professional
clients keep popping up an "incorrect password" window asking for a proper
username and password to access the server and it's shares. Even if you
enter a correct username, it rejects it.

I see no errors with the linux/samba server tied to the domain. It just
seems that I'm missing something in regards to the windows 2000
professional clients passing username/password info.

I'm totally stuck at this point. Here is the config files from the
linux/samba server.

/etc/samba/smb.conf
-----------------------------------------------------
[global]
   workgroup = company
   server string = Company File Server
   security = ads
   printcap name = /etc/printcap
   load printers = yes
   cups options = raw
   log file = /var/log/samba/%m.log
   max log size = 50
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   dns proxy = no
   password server = SERVER
   realm = COMPANY.LOCAL
   encrypt passwords = yes
   winbind enum users = yes
   winbind enum groups = yes
   winbind separator = +
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   log level = 10
#   template shell = /bin/false

;[homes]
;   comment = Home Directories
;   browseable = no
;   writable = yes

;   template shell = /bin/false
;   winbind use default domain = no
[apps]
    comment = Application Share
    path = /home/samba/apps
    writeable = yes
    browseable = yes
    inherit acls = yes
    inherit permissions = yes
    create mask = 700
    directory mask = 700
    valid users =@"COMPANY+Domain Users"
    admin users =@"COMPANY+Domain Admins"

[share]
    comment = Company Central Share
    path = /home/samba/share
    writeable = yes
    browseable = yes
    inherit acls = yes
    inherit permissions = yes
    create mask = 700
    directory mask = 700
    valid users =@"COMPANY+Domain Users"
    admin users =@"COMPANY+Domain Admins"

[images]
    comment = Company Desktop image files
    path = /home/samba/images
    writeable = yes
    browseable = yes
    inherit acls = yes
    inherit permissions = yes
    create mask = 700
    directory mask = 700
    valid users =@"COMPANY+Domain Users"
    admin users =@"COMPANY+Domain Admins"
--------------------------------------------------------

/etc/krb5.conf
--------------------------------------------------------
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = COMPANY.LOCAL
 dns_lookup_realm = false
 dns_lookup_kdc = true
 ticket_lifetime = 24h
 forwardable = yes

[realms]
 COMPANY.LOCAL = {
  kdc = server.company.local
  admin_server = server.company.local
  default_domain = company.local
 }

[domain_realm]
 .company.local = COMPANY.LOCAL
 company.local = COMPANY.LOCAL

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }
---------------------------------------------------------

Thanks ahead of time.

Frank Thomas


More information about the samba mailing list