[Samba] Mac OS X and AD

Rune Tønnesen rune at tonnesen.org
Sat Jan 20 16:52:20 GMT 2007


David A. Toth skrev:
> I have a question about integrating MAc OS X and Windows 2003 AD Domain. Getting the machine to join the doamin is easy. But when I try to map the home drives, I can see them but not access them. There was a note that implied this is due to sending encrypted vs non-encrypted with samba and that Win 2K3 server SP1 broke that. It says to disable kerberos authentication on the Windows side. Is that the case or is there a fix for Samba that re-enables this feature. Sorry I don't have the version of Samba it is using but just wondering if anyone on the list can point me in the right direction. Thanks!
>   
Known issue with mac os x (using samba 3.0.14) If you want it to work
you will have to disable encrypted communication on the windows server.

Windows Server 2003 Authentication

By deafult Windows Server 2003 will try to encrypt everything sent to
and from it. With this enabled you will not be able to log in to the
share from your Mac.
To fix this there are a couple of options.
Case 1, your server is nothing more than a regular file server. In this
case open up regedit (Start > Run > "regedit" {return}), and navigate to
HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \
LanManServer \ Parameter \ RequireSecuritySignature, and set it's value
to "0".
Case 2, your server is also a Domain Controller. In which case you need
to open the DC's Security Policy (Administrative Tools > Domain
Controller Security Policy). Navigate to Local Policies > Secuiry
Options, and disable "Microsoft network server: Digitally sign
communications (always)" & "Microsoft network server: Digitally sign
communications (if client agrees)". Reboot your sever, and you should be
good to go.

-- 
Best Regards
Rune Tønnesen




More information about the samba mailing list