On Mon, 2003-07-28 at 20:51, Gil Freund wrote: > Arik Baratz wrote: > > >>1. Do you get a valid responce when do: > >>nmblookup <win2000host> > > > > [snip] > > Hostname resolution seems ok. > > >>Also check the following: > >> > >>1. Has the share (mount) been unused for over a week? (Windows cycles > >>host credentials once a week) > > > > > > It's been mounted for over a week, but used during this period. How come my Win2K > > can maintain a share window open for this amount of time but SAMBA can't? And if > > the credentials are incorrect, why can't I unmount?
Actually, in properly configured AD both W2K and Linux will be denied access. Search the net for "Enforce password history". The default on W2K is to remember 1 old password. > Windows updates host credential at least once a week. Both the server > and the workstation have to be online for this to happen. The default for machine account password renewal is 60 days. The renewal process is much like DHCP: half lease, quoter lease... > This is the theory. In practice, I noticed that windows 2k pro will > cache server credentials for longer peroids of time, even to a point > where a loptop user who has dissconnected and reconncted to the network, > while his password has expired, managed to contiune working with the > ssupposidle expired password. > > You are mixing here machine and user accounts. Those are two different stories. The user passwords are cached as long as you are logged in or explicitly refreshed. Default user password max age is 42 days. Windows clients maintain a per session connection. You can connect to one share, change password, connect to another share and still be able to access both shares. To clear the cache and drop all session to a specific server on Windows you can use: net use \\remote_server\ipc$ /delete > > > >>2. Has the user information under which the mount taken place changed? > > > > > > Now that you've mentioned it, I recently replaced my password (in Active > > Direcory). I will test it again, because I am pretty sure that I have had that > > happen even between password changes (our policy is 45 days). > > > > And then again: So the credentials don't match; so what? Why prevent me from > > unmounting it? Can I change the credentials in smbmount while the folder is > > mounted? > You have to remmeber that Unix network mount types (such as NFS) are [snip] > More to the point: > You cannot change credentials on a monted CIFS share. Even in Windows, > if you changed your password while logged in, you will find that network > shares will act in an unpredicted manner (Some will work, some will not, > as windows caches the credentials). > the smbmount command is acts as a proxy between the unix mount and the > CIFS file system. If the credentials have changed, samba cannot > determine the state of the share and returns the actual mount (or > umount) an invalid state. > > I usually try to keep smbmount within the scope of a login session (more > like AutoFS or AMD), this is what a CIFS session expects. > You CAN change the password without loosing the mount point IF you are using Kerberos rather then NTLM authentication (Samba 3.x). In this case, the TGT is refreshed automatically (or manually on demand) and the session is not lost. To do that, you have to join your linux machine to W2K Kerberos realm. One more thing to mention: W2K tends to drop idle sessions. The default is 15 minutes on W2K Server and not defined on Pro. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/gp/563.asp (now someone will want to slap my wrists for giving an MS links...) Some other workarounds might involve statically registering the W2K machine in WINS. BTW, do you have DDNS on site ? is W2K a DHCP client ? (you can play with DHCP lease and DNS scavenging timer) Personally, I doubt this is a name resolution issue. I have been using Samba 3.x for quite a while in AD environment and must admit that it does much better job handling things like that. -- Guy ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
