[MDhaliwal]

Josh’s advice still applies

If these machines are just on continually and then your users sit down and manually login to various network shares, just control your idle time settings on the share.

Go into Server Admin -> AFP -> Settings -> Idle Users.

You can specify an amount of time for the share to stay live after a user becomes idle. Your even able to make exceptions for specific types of users and send a message to the client, so that they, if they were still using the computer, know that the share was disconnected on purpose and wasn’t simply a network glitch.

[MDhaliwal]

Are you only using the Xserve for authentication, or are you using an Active Directory in the background?

One trick I found with my AD was to specify a winbindseparator in the smb.conf file. I’ve also found that my Windows clients had more reliable, faster connections over SMB to my Xserve if they mapped the shares as network drives.

[MDhaliwal]

I guess the two things I would look at would be…consider if you are caching your user logins and if you are using wireless connections.

I’ve found that most portables running OS X, in my environment with user chaching turned on, won’t actually hit the AD over the wireless, but will just use the cached local info, which would leave your home folder and such not loaded as well.

[MDhaliwal]

Don’t feel bad. The same exact thing happened in my environment on my Xserve. I had all of my OS 9 users create aliases to the shares that they need on my Xserve and use those to connect.

I have the server set up to accept any method of authentication, but that doesn’t seem to be the trick. No one has been able to answer this one for me.

I came up with a very simple way to eliminate the problem though…I’m just gonna keep upgrading people to OS X as fast as I can!

[MDhaliwal]

Ok, so you touch on a few different things in your question…

Your issue doesn’t appear to be a problem with authentication, but maybe routing or DNS. We have the exact opposite happen in our environment. When our 2003 server is rebooted, Mac clients can’t browse for the shares being shared out over Services for Macintosh.

Does this affect your Mac clients? Remember, you’ll want to browse with the Macs over SMB, since your Windows clients will be using SMB, not AFP.

You mention a Windows 2003 DC…do you have a split environment? Like one 2003 DC and one 2000? It seems by how you posted that you might. If that’s the case, best practice is to create keytabs on the 2003 server. We found that out in my environment a couple months back.

Samba doesn’t require keytab files to be created to work with AD’s Kerberos. You simply need to edit your smb.conf file located in the /etc directory. If you want AD’s Kerberos to work with Mac OS X Server’s AFP service, then you have to create the keytab files and install it on your server.

[MDhaliwal]

Well, -5023 is a bad password error number…

I’ll see if I can dig anything up in my notes at work from my implementations for you tomorrow.

[MDhaliwal]

I do have that happen every once in a while in my environment, but in the newer Panther builds I don’t see to have this issue very often at all. What version of the OS are you using? Do you have caching enabled for your mobile users as well?

[Author]

Posts