I have an XServe running 10.3.9, that is connected to my campus AD domain using Apple's plugin. Users can sucessfully login to the box via the console, and SSH. However when trying to connect via Samba we have a break down. I have setup my smb.conf as described here and elsewhere and can sucessfully login when connecting from any AD bound Mac, and acoording to the debug this is all working thru Kerberos. The problem however comes into play when PCs and non-bound Macs try to connect. According to the debug the Samba finds the accounts in AD and pareses them fine, but when it trys to do the authentication step it's falling back to NTLMv1, and failing. I'm also not certain where Apple's Samba is looking for the NT MD4 hash as the debug isn't clear, but wherever it is, it is not finding it. Also I have setup the GPOs to disable signing on the Windows side as suggested.
Okay, now the really strange part is that, after a crash during an update, I had to reload my OS from scratch as several libraries were wiped. Before the crash this was all working quite well. I have restore the DirectoryServices configs as well as the samba configs from backup before the crash and compared them to where I'm out now and as far as I can tell the system is setup the same way.
I have attached a copy of my smb.conf file below for your review. If anyone has any ideas I would greatly appreciate it.
Thanks,
Shawn
workgroup = CS
display charset = UTF-8-MAC
print command = /usr/sbin/PrintServiceAccess printps %p %s
lprm command = /usr/sbin/PrintServiceAccess remove %p %j
security = ads
guest account = unknown
encrypt passwords = yes
printing = BSD
allow trusted domains = yes
preferred master = no
lppause command = /usr/sbin/PrintServiceAccess hold %p %j
netbios name = xserve
wins support = no
max smbd processes = 0
printcap =
wins server = XXX.XXX.XXX.10
server string = Mac OS X
lpresume command = /usr/sbin/PrintServiceAccess release %p %j
client ntlmv2 auth = no
domain logons = yes
lpq command = /usr/sbin/PrintServiceAccess jobs %p
passdb backend = opendirectorysam guest
dos charset = CP437
unix charset = UTF-8-MAC
realm = CS.UNIV.EDU
auth methods = guest opendirectory
local master = no
domain master = no
map to guest = Never
use spnego = yes
printer admin = @admin, @staff
defer sharing violations = no
log level = 9
winbind separator = +