[Samba] [Fwd: Problems with samba and windows 2000 professional]

Frank Thomas frank at thethomasproject.com
Sat Jun 30 21:53:27 GMT 2007 

By Goodness,

I am a dope. After much searching and frustration it turned out to be
something really silly. As it turns out, my windows xp boxes were able to
log in because their time was within 5 mins of the samba box, but the samba
box and the windows 2000 pro boxes were little more then 7 mins apart. After
I notice that the time on the samba server was slightly out, I adjusted the
time to match the server and windows pro boxes. Voila! Everything works. 

So to all those out there, time is VERY IMPORTANT TO MAKE IT ALL WORK!!!!

Frank. 

-----Original Message-----
From: Address for list subcriptions [mailto:lists at rmt.com.au] 
Sent: Tuesday, June 26, 2007 8:55 PM
To: Frank Thomas; samba at lists.samba.org
Subject: RE: [Samba] [Fwd: Problems with samba and windows 2000
professional]


Hi Frank,

i have just been reading through recent posts and reading Mike Petersen's
"Notes when changing network IP Addresses" and it occurs to me that you're
like to be dealing with the same problem.  XP and 2K deal with WINS
resolution in subtly different ways.  Worth looking at.

And thanks Mike, your post has already helped, though not in the way you
probably imagined  :)

Cheers,

m.


-----Original Message-----
From: samba-bounces+lists=rmt.com.au at lists.samba.org
[mailto:samba-bounces+lists=rmt.com.au at lists.samba.org]On Behalf Of Frank
Thomas
Sent: Wednesday, 27 June 2007 3:18 AM
To: samba at lists.samba.org
Subject: [Samba] [Fwd: Problems with samba and windows 2000 professional]



Good day, I've posted this request again, as it got hijacked and probably
ignored.

I'm having issues with a small company with the following setup...
1. Windows 2003 active directory server (server.company.local) 2. samba
3.0.25 linux server (serve2.company.local) 3. windows xp and windows 2000
professional clients. All clients are part of the ads structure.

What's happening is the client's running windows xp can access the samba
shares with no issues what so ever, but the windows 2000 professional
clients keep popping up an "incorrect password" window asking for a proper
username and password to access the server and it's shares. Even if you
enter a correct username, it rejects it.

I see no errors with the linux/samba server tied to the domain. It just
seems that I'm missing something in regards to the windows 2000 professional
clients passing username/password info.

I'm totally stuck at this point. Here is the config files from the
linux/samba server.

/etc/samba/smb.conf
-----------------------------------------------------
[global]
   workgroup = company
   server string = Company File Server
   security = ads
   printcap name = /etc/printcap
   load printers = yes
   cups options = raw
   log file = /var/log/samba/%m.log
   max log size = 50
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   dns proxy = no
   password server = SERVER
   realm = COMPANY.LOCAL
   encrypt passwords = yes
   winbind enum users = yes
   winbind enum groups = yes
   winbind separator = +
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   log level = 10
#   template shell = /bin/false

;[homes]
;   comment = Home Directories
;   browseable = no
;   writable = yes

;   template shell = /bin/false
;   winbind use default domain = no
[apps]
    comment = Application Share
    path = /home/samba/apps
    writeable = yes
    browseable = yes
    inherit acls = yes
    inherit permissions = yes
    create mask = 700
    directory mask = 700
    valid users =@"COMPANY+Domain Users"
    admin users =@"COMPANY+Domain Admins"

[share]
    comment = Company Central Share
    path = /home/samba/share
    writeable = yes
    browseable = yes
    inherit acls = yes
    inherit permissions = yes
    create mask = 700
    directory mask = 700
    valid users =@"COMPANY+Domain Users"
    admin users =@"COMPANY+Domain Admins"

[images]
    comment = Company Desktop image files
    path = /home/samba/images
    writeable = yes
    browseable = yes
    inherit acls = yes
    inherit permissions = yes
    create mask = 700
    directory mask = 700
    valid users =@"COMPANY+Domain Users"
    admin users =@"COMPANY+Domain Admins"
--------------------------------------------------------

/etc/krb5.conf
--------------------------------------------------------
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = COMPANY.LOCAL
 dns_lookup_realm = false
 dns_lookup_kdc = true
 ticket_lifetime = 24h
 forwardable = yes

[realms]
 COMPANY.LOCAL = {
  kdc = server.company.local
  admin_server = server.company.local
  default_domain = company.local
 }

[domain_realm]
 .company.local = COMPANY.LOCAL
 company.local = COMPANY.LOCAL

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }
---------------------------------------------------------

Thanks ahead of time.

Frank Thomas


Frank Thomas
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list