What's the version of the Mac OS X client? 10.4? 10.5? 10.5 handles SMB signing correctly. 10.4, not so much.
There is a good list for people who deal with the Macs, called Macenterprise. Find it at: http://lists.psu.edu Hope you find the answer's you're looking for. --Matt Ross Ephrata School District ----- Original Message ----- From: Jeremy Anderson [mailto:[email protected]] To: NT System Admin Issues [mailto:[email protected]] Sent: Thu, 19 Feb 2009 14:01:06 -0800 Subject: RE: OS X connecting to domain fileshare > More OS X goodness for the day. > > Everything appears to be working fine. All my DCs are Server 2003 and I > have member servers that are Server 2003. I also have meber servers that > are Server2003 R2. All member servers have the same security group policies > applied to them. > > The Mac clients can connect to the 2003 machines just fine and utilize > Single Sign On. THey even get kerberos tickets. However, when trying to > connect to a 2003 R2 Server, I am prompted for a user name and password. > > I am assuming that this has somthing to do SMB signing. ANyone want to > confirm or deny ? > > This is probally my final hurdle to getting these things running properly. > > > > ________________________________ > From: Jeremy Anderson [mailto:[email protected]] > Sent: Thursday, February 19, 2009 9:32 AM > To: NT System Admin Issues > Subject: RE: OS X connecting to domain fileshare > > I am forced to support them, and I REALLY don't understand why the fan boys > like them so much. They are no better and no worse than XP boxes, And they > have an annoying UAC prompt whenever you change settings. > > My real issue is that I have not worked with them much, so even though I am > troubleshooing complex issues such as Kerberos tickets and RDNS resoultion, > i still cant figure out how to right click. But I am getting better...... > > ________________________________ > From: John Hornbuckle [mailto:[email protected]] > Sent: Thursday, February 19, 2009 8:33 AM > To: NT System Admin Issues > Subject: RE: OS X connecting to domain fileshare > > It's not that I view the problem as a Mac-specific issue-it's just that > troubleshooting Mac OS issues is a burden on my staff, who already have to > support Vista, XP, and even a few 9x machines (and with Win7 not far down > the pike). > > > > From: Michael B. Smith [mailto:[email protected]] > Sent: Thursday, February 19, 2009 8:39 AM > To: NT System Admin Issues > Subject: RE: OS X connecting to domain fileshare > > This exact problem can occur in the "Windows world" when you clone computers > and do not run newsid (or similar) on them prior to joining them to a > domain. > > From: John Hornbuckle [mailto:[email protected]] > Sent: Thursday, February 19, 2009 6:42 AM > To: NT System Admin Issues > Subject: RE: OS X connecting to domain fileshare > > And thanks for reminding me of why I don't have Macs on my domain! > > ;-) > > > > John Hornbuckle > MIS Department > Taylor County School District > www.taylor.k12.fl.us<http://www.taylor.k12.fl.us> > > > > > From: Jeremy Anderson [mailto:[email protected]] > Sent: Wednesday, February 18, 2009 6:06 PM > To: NT System Admin Issues > Subject: RE: OS X connecting to domain fileshare > > I think I got it. Apparently the machines were cloned. So no Kerberos > machine tickets. > > I have one machine that seems to be ok, I am getting occasional prompts for > user and password, but I am on the right track now. > > Thanks for listening to me.... > > ________________________________ > From: Jeremy Anderson [mailto:[email protected]] > Sent: Wednesday, February 18, 2009 1:13 PM > To: NT System Admin Issues > Subject: RE: OS X connecting to domain fileshare > DNS is set to my AD servers. DCHP is from a *nix box, but all the windows > PC's have the same DHCP server w/ no issues > > Hostname returns backup-OSX.local NOT backup-osx.company.com, and I see no > way to get rid of the ".local" > > Kinit [email protected]<mailto:[email protected]> prompts for a password, and > then returns cannot find KDC for reqested realm. > > Still struggeling with this..... > > ________________________________ > From: Walker, Clay [mailto:[email protected]] > Sent: Wednesday, February 18, 2009 11:09 AM > To: NT System Admin Issues > Subject: RE: OS X connecting to domain fileshare > is your mac using dhcp/dns services from A/D? I ask to ensure that your > mac's FQDN is the same as your A/D's FQDN. Your ticket maybe for > ad-domain.domain.com but your mac may be trying to connect to ad-domain or > domain.com. > > You can run a hostname from the command line to check the local mac's FQDN. > > ________________________________ > From: Jeremy Anderson [mailto:[email protected]] > Sent: Wednesday, February 18, 2009 11:07 AM > To: NT System Admin Issues > Subject: RE: OS X connecting to domain fileshare > Just verified as well using Kerberos.app that I have a valid ticket that > will expire in 9:58. Still being prompted for a user/pass when trying to > connect to a share. > > ________________________________ > From: Anders Blomgren [mailto:[email protected]] > Sent: Wednesday, February 18, 2009 1:45 AM > To: NT System Admin Issues > Subject: Re: OS X connecting to domain fileshare > To get SSO will depend on kerberos in this case. Start > /System/Library/CoreServices/Kerberos.app and see if you have a TGT. If you > don't try to manually acquire one with that tool. Otherwise your kerberos > config file isn't properly setup, something that's been done automatically > since 10.4 by directory services when you bind to an AD domain. > > -Anders > > > On 2/18/09, Jeremy Anderson > <[email protected]<mailto:[email protected]>> wrote: > > I have an OS X 10.5.6 and it is successfully had been bound to the domain. > The account shows up and I can log in using any domain user and password. > However; when I try to "mount" or browse a share (I press the apple key + k) > and I type in SMB://server/fileshare it prompts me for a user name and > password. > > I can type in my user name and password and successfully access the shared > resource. > > I want to just be able to browse / mount shares with out having to enter the > user name and password, Am I missing somthing here? Itsn't that the point > of single sign on? I have NOT extended my schema, is that why? > > TIA > > Jeremy > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
