[mdlug] Samba/Server2003 Active Directory integration problems after time update

[greenproc]

Mike wrote:
> greenproc wrote:
>> After updating a suse box running LDAP with the new timezone data, there
>> appears to be a problem where clients on the network that try to access
>> SMB shares on the linux box are denied access when the method is
>> \\servername\sharename (as in access denied for unknown user)
>>
>> When the access method is \\ip.x.y.z\sharename access is granted, no
>> problems.
>>
>> There is a two second clock skew between the Suse SMB/LDAP box and the
>> Win2003 AD server -- is this enough of a clock skew to throw timestamps
>> off enough to make auth go whacky?
>>
>> Or does it make sense that the problem lies elsewhere?
> 
> I've actually seen this before, with Windows XP machines accessing shares
> on other Windows machines.
> 
> I have yet to find a cause or a solution to solve this problem.  2 sec.
> clock skew really isn't enough to do that much, even with Kerberos
> authentication.
> 
> Do the samba logs reveal anything?  Does this happen to all Windos 2000(or
> whatever) machines, or is it just a single incident?

I am squeezing more information from the person that actually owns the problem.  It happens to any SMB client that tries to access shares on the linux samba server via netbios name -- including the win2003 server.  When a client references the share using an ip address everything is cool.

My gut feeling is that when clients access via IP, they are using the linux server for authentication and it works, but if the clients query netbios, they get directed to different ip for authentication.  Again, I am squeezing more information from the individual who owns the problem, having them tail log files, etc.

Thanks Mike

> 
> Thanks
> 
> Mike
> 
> 
> _______________________________________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/listinfo/mdlug
>