Hello,

I've a linux server (Mandrake 9.1) with samba 3.0.1. I try to
authentificate smbclient connexion with an Active Directory which is
installed on a Win2k server.

I've installed the samba's source with the option : ads, ldapsam,
acl-support, ldap et krb5.

I've tested the config with "kinit essai@TOTO-LYON.FR" and my password
was accepted.
I've also create my linux server on the Win2k Active Directory with
"net ads join Organisation\Service\Sam\Machines

But when i do : smbclient //pc/test -Uessai -k
I enter my password and after i've the message :
tree connect failed : NT_STATUS_ACCESS_DENIED


Here is my smb.conf file :


# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command
"testparm"
# to check that you have not made any basic syntactic errors.
#
#======================= Global Settings
=====================================
[global]

workgroup = TOTO-LYON
netbios name = pc
server string = pc
log file = /var/log/samba/log.%m
max log size = 50
hosts allow = 195. 127.
security = ads
realm = TOTO-LYON.FR
password server = SERVERAD
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = 195.xxx.xxx.xxx/255.255.252.0
wins server = 195.xxx.xxx.xxx
dns proxy = no

#============================ Share Definitions
==============================

[test]
comment = Test avec Active DIrectory
path = /usr/local/atuer
users = essai@toto-lyon.fr essai
writable = yes
create mask = 0770
directory mask = 0770



Here is my krb5.conf file :

logging]
default = FILE:/var/log/kerberos/krb5libs.log
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmind.log

[libdefaults]
ticket_lifetime = 24000
# default_realm = MANDRAKESOFT.COM
default_realm = TOTO-LYON.FR
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
permitted_enctypes = des3-hmac-sha1 des-cbc-crc
dns_lookup_realm = false
dns_lookup_kdc = false
kdc_req_checksum_type = 2
checksum_type = 2
ccache_type = 1
forwardable = true
proxiable = true

[realms]
# MANDRAKESOFT.COM = {
# kdc = kerberos.mandrakesoft.com:88
# admin_server = kerberos.mandrakesoft.com:749
# default_domain = mandrakesoft.com
# }
TOTO-LYON.FR = {
kdc = serverad.toto-lyon.fr:88
}

[domain_realm]
# .mandrakesoft.com = MANDRAKESOFT.COM
.toto-lyon.fr = TOTO-LYON.FR



Is someone can help me ?

Thanks for your help and sorry for my bad english