greenbirdweb
Registered
Hello -
I have a 10.4 Server that I wish to integrate into an existing Windows domain. The Active Directory server is Windows 2003. All clients are either Win2K or XP machines. I want the clients to be able to browse shared folders from the Mac server through Network Places.
I have followed the instructions in Apple's Windows Services Administration Guide. The server is set up as "Connected to a Directory System" and has joined the Kerberos realm. However, it doesn't seem to be functioning properly (the Windows services and authentication) and there are a couple of things I find strange.
First, once the Kerberos realm has been joined, all mention of it disappears from the Settings->General area of the Open Directory service. Is that normal? I was expecting it to say something like, "Connected to Directory System" with "Joined to Kerberos Realm" or something similar below it.
Also, under the Windows service Settings->Access tab, I have to keep NTLM (v1) checked in order for the share points to be accessible to the Windows clients. If I deselect it (the service should be using v2 and Kerberos anyway, right?) then the client is given a UN/PW prompt and a message saying, "Incorrect password or unknown username". The user authenticates to the Active Directory domain when they log in to Windows, so the Mac isn't getting the correct information from Kerberos somehow. Strange, though, that the share is accessible if NTLM(v1) is enabled. It appears to me that the Mac is only using NTLM to authenticate, and not Kerberos. Also, entering the user's AD UN/PW if the prompt appears does not allow access.
Any ideas on what the problem might be? The AD admin said it looks as if the Mac server authenticates to Kerberos correctly, so I can't figure out what the problem is!
Thanks,
Jeff
I have a 10.4 Server that I wish to integrate into an existing Windows domain. The Active Directory server is Windows 2003. All clients are either Win2K or XP machines. I want the clients to be able to browse shared folders from the Mac server through Network Places.
I have followed the instructions in Apple's Windows Services Administration Guide. The server is set up as "Connected to a Directory System" and has joined the Kerberos realm. However, it doesn't seem to be functioning properly (the Windows services and authentication) and there are a couple of things I find strange.
First, once the Kerberos realm has been joined, all mention of it disappears from the Settings->General area of the Open Directory service. Is that normal? I was expecting it to say something like, "Connected to Directory System" with "Joined to Kerberos Realm" or something similar below it.
Also, under the Windows service Settings->Access tab, I have to keep NTLM (v1) checked in order for the share points to be accessible to the Windows clients. If I deselect it (the service should be using v2 and Kerberos anyway, right?) then the client is given a UN/PW prompt and a message saying, "Incorrect password or unknown username". The user authenticates to the Active Directory domain when they log in to Windows, so the Mac isn't getting the correct information from Kerberos somehow. Strange, though, that the share is accessible if NTLM(v1) is enabled. It appears to me that the Mac is only using NTLM to authenticate, and not Kerberos. Also, entering the user's AD UN/PW if the prompt appears does not allow access.
Any ideas on what the problem might be? The AD admin said it looks as if the Mac server authenticates to Kerberos correctly, so I can't figure out what the problem is!
Thanks,
Jeff