WindowsXP clients are unable to access shares from a Samba 3.0.0 server which is using ADS authentication against a Windows2000 AD running in native mode. Winodws2000 clients have no problems. I am almost certain the problem lies with security being locked down too tightly on the AD server. Everything works fine with another Samba server which is setup the same, aside from using another domain/AD server which isn?t locked down. As I don?t have administrator rights to the AD server that?s locked down, and I have to be specific when I request changes, I was hoping some one would be able to tell me what needs to be enabled/changed on the AD server to get WinXP clients working. The symptoms include WinXP clients being asked for a user/pass, which is then refused, when trying to access the shares. Looking in the samba logs I see that Win2K clients use Kerberos where as XP clients try to use LDAP. On the AD that isn?t locked down XP clients dont use LDAP. The event logs on the locked down AD show that an XP client is granted a Kerberos ticket however. I also notice an nmap scan of both AD servers show more ports open on the one that isn?t locked down. I an attempt to avoid ?you didn?t post enough information for us to diagnose the problem? replies, and stay under the 40K post limit, I am including the following information: Samba Server OS: FreeBSD 4.9-RELEASE Using Heimdal Kerberos V 0.6 (compiled from FreeBSD ports) With Samba 3.0.0 (compiled from FreeBSD ports) Both AD servers OS: Winodws 2000 Server sp4 1.) Nmap scan of open AD server 2.) Nmap scan of locked down AD server 3.) /etc/krb5.conf 4.) /usr/local/etc/smb.conf 5.) Event log from locked down AD server 6.) Samba log of WinXP client connecting to a share using the open AD server 7.) Samba log of WinXP client connecting to a share using the locked down AD server 8.) Samba log of Win2K client connecting to a share using the locked down AD server ..which can be found at: http://www.sfu.ca/~vhiebert/Win2K_works_but_WinXP_doesnt_using_ADS.txt Thanks for any help. -- Victor Hiebert mailto:vic@sfu.ca Network Technician, Operations and Technical Support Department Simon Fraser University, Surrey Campus --