Solved

Mac OS X Panther Server Share in an Active Directory environment gives error

Posted on 2004-03-22
10
1,603 Views
Last Modified: 2013-12-23
We have an XServe running Panther.  This server is a domain member of our Windows 2000 Active Directory.  I shared out a folder on the XServe and gave all of active directory users read/write permissions to it.  The problem is when an active directory user tries to connect to this share, they get an error "the account is not authorized to log in from this station".  I have enabled "send unecrypted password to connect to 3rd party SMB servers" on our domain security policy but it didn't fix this error.  I can login using any active directory user account on the XServe (physically go there) with no problems but can't go there over the network.  I can ping the XServe from any workstation.  NSlookup also works.  How do I fix this error?  
The work around we're doing right now is to use the "map network drive" and click on connect using a "different user name" then use the local admin user of the XServe.  We would like our users to be able to just connect to the XServe without having to remember 2 different user name and password.
0
Comment
Question by:jlenon15
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
10 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 10652025
I am not sure this is the case - but what happens when you add AD usernames as OSX users ???
0
 

Author Comment

by:jlenon15
ID: 10652084
In Workgroup Manager in the XServe, I was able to create a local group and added AD users in to that group without problems.  I assigned that group to the share I created for our AD users.  We are using our XServe mainly as a file server only.
0
 
LVL 62

Expert Comment

by:gheist
ID: 10652793
I guess this is not so popular SAMBA, but samba is able to authenticate users against NT pdc. Maybe you can find such a option around.
0
Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

 

Author Comment

by:jlenon15
ID: 10653155
We do not have any NT machines.  We are on native mode on our Windows 2000 AD.
0
 
LVL 62

Expert Comment

by:gheist
ID: 10653514
AD is almost same PDC renamed...

I found german document on apple site which talked about LDAP plugin pointing to AD ...
0
 
LVL 9

Expert Comment

by:Alf666
ID: 10658714
0
 

Author Comment

by:jlenon15
ID: 10658746
The XServe is already authenticating through our AD Domain Controllers, like I said before I can login on the XServer machine using any of our AD user with no problems.
0
 
LVL 9

Expert Comment

by:Alf666
ID: 10659604
Yes, I understand that. But, on XServer (OS X), the netbios protocol is handled by samba. And it's not because you are already authenticating properly on the unix side (locally), that the samba setup has been properly done.

In this article, you will find instructions on how to configure your samba to authenticate your users against the AD. And more specifically, how to add the samba server to your domain (as you would with any domain participating client). What makes me believe that your problem might be about this is the following message :
"the account is not authorized to log in from this station".

I assumed that, maybe, "this station" is the samba server itself. In the referred to article, beginning in point 3), you will find a way to join your server to the AD.

I might be completely wrong, but I "smell" something like this.
0
 

Author Comment

by:jlenon15
ID: 10660212
I'll read the article and give it a try tonight...Thanks!
0
 
LVL 9

Accepted Solution

by:
Alf666 earned 500 total points
ID: 10682077
Hi,

Did you get a chance to have your config working ?
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question