I'm new to the OSX world, so please forgive me for not having too many details. A couple things you might try is from the mac, type dscl to get to the directory services command line interface. You can use ls or dir (I don't remember which) and cd to traverse through your A/D OU's to see if you can see a list of users or servers. If you can't, verify DNS. Nslookup on both the client name and IP address to make sure both reverse and forward zones are configured correctly. I don't remember the kerebos commands other than klist and kdestroy. I know there are some other commands associated to check the kerebos tickets on the OSX client. Sorry I'm not much more help than this. If I think of something else, I'll post it. Maybe this will spur your or someone else's brain to the solution. Clay
________________________________ From: Ken Schaefer [mailto:[EMAIL PROTECTED] Sent: Sun 11/9/2008 6:56 AM To: NT System Admin Issues Subject: RE: OSX machines suddenly can't connect to Win2003 PDC Have you tried Wireshark? Cheers Ken From: Mike Gill [mailto:[EMAIL PROTECTED] Sent: Saturday, 8 November 2008 10:40 AM To: NT System Admin Issues Subject: RE: OSX machines suddenly can't connect to Win2003 PDC Still stuck on this. If anyone can think of some methods I could use to trying figure out at what level the server is denying communications to the OSX clients that would be helpful. -- Mike Gill From: Mike Gill [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2008 4:59 PM To: NT System Admin Issues Subject: OSX machines suddenly can't connect to Win2003 PDC Recently all our Apple computers (10.4 and 10.5) are unable to browse the shares of our Windows 2003 domain which was working grate for a couple years. Two of these machines are bound to the domain and the others are owned by interns. I've double checked that the Domain Controller Security Policy: Microsoft Network Server: digitally Sign Communications (always) is set to Disabled and double checked the corresponding registry value also set. DNS and reverses seem to be working just fine as I can ping to and from the server from a Mac and resolve IP's on both ends. The event logs in Windows don't indicate anything wrong. The console on my test Mac shows mount_smbfs: negotiate phase failed: syserr = Connection Refused, in which the resultant Googling sends me back to the digitally signed policy. If I use smbclient on the command line I can connect to the server and list files. Trying to connect to the server using the finder gives me The alias could not be opened... etc. The people using the Mac's can't narrow it down to when this happened, only saying it's been like this for a couple weeks "they think". I'm wondering if this is a side effect of the MS08-067 (out of band) patch released. Looking for ideas from people, or a good Win/Mac/AD list. -- Mike Gill ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
