More OS X goodness for the day. Everything appears to be working fine. All my DCs are Server 2003 and I have member servers that are Server 2003. I also have meber servers that are Server2003 R2. All member servers have the same security group policies applied to them.
The Mac clients can connect to the 2003 machines just fine and utilize Single Sign On. THey even get kerberos tickets. However, when trying to connect to a 2003 R2 Server, I am prompted for a user name and password. I am assuming that this has somthing to do SMB signing. ANyone want to confirm or deny ? This is probally my final hurdle to getting these things running properly. ________________________________ From: Jeremy Anderson [mailto:[email protected]] Sent: Thursday, February 19, 2009 9:32 AM To: NT System Admin Issues Subject: RE: OS X connecting to domain fileshare I am forced to support them, and I REALLY don't understand why the fan boys like them so much. They are no better and no worse than XP boxes, And they have an annoying UAC prompt whenever you change settings. My real issue is that I have not worked with them much, so even though I am troubleshooing complex issues such as Kerberos tickets and RDNS resoultion, i still cant figure out how to right click. But I am getting better...... ________________________________ From: John Hornbuckle [mailto:[email protected]] Sent: Thursday, February 19, 2009 8:33 AM To: NT System Admin Issues Subject: RE: OS X connecting to domain fileshare It's not that I view the problem as a Mac-specific issue-it's just that troubleshooting Mac OS issues is a burden on my staff, who already have to support Vista, XP, and even a few 9x machines (and with Win7 not far down the pike). From: Michael B. Smith [mailto:[email protected]] Sent: Thursday, February 19, 2009 8:39 AM To: NT System Admin Issues Subject: RE: OS X connecting to domain fileshare This exact problem can occur in the "Windows world" when you clone computers and do not run newsid (or similar) on them prior to joining them to a domain. From: John Hornbuckle [mailto:[email protected]] Sent: Thursday, February 19, 2009 6:42 AM To: NT System Admin Issues Subject: RE: OS X connecting to domain fileshare And thanks for reminding me of why I don't have Macs on my domain! ;-) John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us<http://www.taylor.k12.fl.us> From: Jeremy Anderson [mailto:[email protected]] Sent: Wednesday, February 18, 2009 6:06 PM To: NT System Admin Issues Subject: RE: OS X connecting to domain fileshare I think I got it. Apparently the machines were cloned. So no Kerberos machine tickets. I have one machine that seems to be ok, I am getting occasional prompts for user and password, but I am on the right track now. Thanks for listening to me.... ________________________________ From: Jeremy Anderson [mailto:[email protected]] Sent: Wednesday, February 18, 2009 1:13 PM To: NT System Admin Issues Subject: RE: OS X connecting to domain fileshare DNS is set to my AD servers. DCHP is from a *nix box, but all the windows PC's have the same DHCP server w/ no issues Hostname returns backup-OSX.local NOT backup-osx.company.com, and I see no way to get rid of the ".local" Kinit [email protected]<mailto:[email protected]> prompts for a password, and then returns cannot find KDC for reqested realm. Still struggeling with this..... ________________________________ From: Walker, Clay [mailto:[email protected]] Sent: Wednesday, February 18, 2009 11:09 AM To: NT System Admin Issues Subject: RE: OS X connecting to domain fileshare is your mac using dhcp/dns services from A/D? I ask to ensure that your mac's FQDN is the same as your A/D's FQDN. Your ticket maybe for ad-domain.domain.com but your mac may be trying to connect to ad-domain or domain.com. You can run a hostname from the command line to check the local mac's FQDN. ________________________________ From: Jeremy Anderson [mailto:[email protected]] Sent: Wednesday, February 18, 2009 11:07 AM To: NT System Admin Issues Subject: RE: OS X connecting to domain fileshare Just verified as well using Kerberos.app that I have a valid ticket that will expire in 9:58. Still being prompted for a user/pass when trying to connect to a share. ________________________________ From: Anders Blomgren [mailto:[email protected]] Sent: Wednesday, February 18, 2009 1:45 AM To: NT System Admin Issues Subject: Re: OS X connecting to domain fileshare To get SSO will depend on kerberos in this case. Start /System/Library/CoreServices/Kerberos.app and see if you have a TGT. If you don't try to manually acquire one with that tool. Otherwise your kerberos config file isn't properly setup, something that's been done automatically since 10.4 by directory services when you bind to an AD domain. -Anders On 2/18/09, Jeremy Anderson <[email protected]<mailto:[email protected]>> wrote: I have an OS X 10.5.6 and it is successfully had been bound to the domain. The account shows up and I can log in using any domain user and password. However; when I try to "mount" or browse a share (I press the apple key + k) and I type in SMB://server/fileshare it prompts me for a user name and password. I can type in my user name and password and successfully access the shared resource. I want to just be able to browse / mount shares with out having to enter the user name and password, Am I missing somthing here? Itsn't that the point of single sign on? I have NOT extended my schema, is that why? TIA Jeremy ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
