Frank Thomas
2007-Jun-25 13:36 UTC
[Samba] Problems with samba and windows 2000 professional
Good day,
I'm having issues with a small company with the following setup...
1. Windows 2003 active directory server (server.company.local)
2. samba 3.0.25 linux server (serve2.company.local)
3. windows xp and windows 2000 professional clients. All clients are part
of the ads structure.
What's happening is the client's running windows xp can access the samba
shares with no issues what so ever, but the windows 2000 professional
clients keep popping up an "incorrect password" window asking for a
proper
username and password to access the server and it's shares. Even if you
enter a correct username, it rejects it.
I see no errors with the linux/samba server tied to the domain. It just
seems that I'm missing something in regards to the windows 2000
professional clients passing username/password info.
I'm totally stuck at this point. Here is the config files from the
linux/samba server.
/etc/samba/smb.conf
-----------------------------------------------------
[global]
workgroup = company
server string = Company File Server
security = ads
printcap name = /etc/printcap
load printers = yes
cups options = raw
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
password server = SERVER
realm = COMPANY.LOCAL
encrypt passwords = yes
winbind enum users = yes
winbind enum groups = yes
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
log level = 10
# template shell = /bin/false
;[homes]
; comment = Home Directories
; browseable = no
; writable = yes
; template shell = /bin/false
; winbind use default domain = no
[apps]
comment = Application Share
path = /home/samba/apps
writeable = yes
browseable = yes
inherit acls = yes
inherit permissions = yes
create mask = 700
directory mask = 700
valid users =@"COMPANY+Domain Users"
admin users =@"COMPANY+Domain Admins"
[share]
comment = Company Central Share
path = /home/samba/share
writeable = yes
browseable = yes
inherit acls = yes
inherit permissions = yes
create mask = 700
directory mask = 700
valid users =@"COMPANY+Domain Users"
admin users =@"COMPANY+Domain Admins"
[images]
comment = Company Desktop image files
path = /home/samba/images
writeable = yes
browseable = yes
inherit acls = yes
inherit permissions = yes
create mask = 700
directory mask = 700
valid users =@"COMPANY+Domain Users"
admin users =@"COMPANY+Domain Admins"
--------------------------------------------------------
/etc/krb5.conf
--------------------------------------------------------
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = COMPANY.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[realms]
COMPANY.LOCAL = {
kdc = server.company.local
admin_server = server.company.local
default_domain = company.local
}
[domain_realm]
.company.local = COMPANY.LOCAL
company.local = COMPANY.LOCAL
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
---------------------------------------------------------
Thanks ahead of time.
Frank Thomas
Possibly Parallel Threads
Wisdom of the Ancients
