jlenon15
asked on
Mac OS X Panther Server Share in an Active Directory environment gives error
We have an XServe running Panther. This server is a domain member of our Windows 2000 Active Directory. I shared out a folder on the XServe and gave all of active directory users read/write permissions to it. The problem is when an active directory user tries to connect to this share, they get an error "the account is not authorized to log in from this station". I have enabled "send unecrypted password to connect to 3rd party SMB servers" on our domain security policy but it didn't fix this error. I can login using any active directory user account on the XServe (physically go there) with no problems but can't go there over the network. I can ping the XServe from any workstation. NSlookup also works. How do I fix this error?
The work around we're doing right now is to use the "map network drive" and click on connect using a "different user name" then use the local admin user of the XServe. We would like our users to be able to just connect to the XServe without having to remember 2 different user name and password.
The work around we're doing right now is to use the "map network drive" and click on connect using a "different user name" then use the local admin user of the XServe. We would like our users to be able to just connect to the XServe without having to remember 2 different user name and password.
gheist
I am not sure this is the case - but what happens when you add AD usernames as OSX users ???
ASKER
In Workgroup Manager in the XServe, I was able to create a local group and added AD users in to that group without problems. I assigned that group to the share I created for our AD users. We are using our XServe mainly as a file server only.
I guess this is not so popular SAMBA, but samba is able to authenticate users against NT pdc. Maybe you can find such a option around.
ASKER
We do not have any NT machines. We are on native mode on our Windows 2000 AD.
AD is almost same PDC renamed...
I found german document on apple site which talked about LDAP plugin pointing to AD ...
I found german document on apple site which talked about LDAP plugin pointing to AD ...
Would this be of some help to you ? :
http://www.macdevcenter.com/pub/a/mac/2003/12/09/active_directory.html?page=last&x-showcontent=text
http://www.macdevcenter.com/pub/a/mac/2003/12/09/active_directory.html?page=last&x-showcontent=text
ASKER
The XServe is already authenticating through our AD Domain Controllers, like I said before I can login on the XServer machine using any of our AD user with no problems.
Yes, I understand that. But, on XServer (OS X), the netbios protocol is handled by samba. And it's not because you are already authenticating properly on the unix side (locally), that the samba setup has been properly done.
In this article, you will find instructions on how to configure your samba to authenticate your users against the AD. And more specifically, how to add the samba server to your domain (as you would with any domain participating client). What makes me believe that your problem might be about this is the following message :
"the account is not authorized to log in from this station".
I assumed that, maybe, "this station" is the samba server itself. In the referred to article, beginning in point 3), you will find a way to join your server to the AD.
I might be completely wrong, but I "smell" something like this.
In this article, you will find instructions on how to configure your samba to authenticate your users against the AD. And more specifically, how to add the samba server to your domain (as you would with any domain participating client). What makes me believe that your problem might be about this is the following message :
"the account is not authorized to log in from this station".
I assumed that, maybe, "this station" is the samba server itself. In the referred to article, beginning in point 3), you will find a way to join your server to the AD.
I might be completely wrong, but I "smell" something like this.
ASKER
I'll read the article and give it a try tonight...Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.