10.5.3 Server Problems With Active Directory Authorization

[StepTimeEditor]

Hi,

I have a XServe running Leopard Server 10.5.3 configured as an Open Directory Master and as a Primary Domain Controller. I have a Windows 2003 Server functioning as a Terminal Server that needs to join the domain I've created within the SMB settings of my Leopard Server. I know the domain is active because when I attempt to join the domain using 2003 server, it challenges me for credentials. But when I try to authenticate using any of my Domain Administrator accounts I get the following error message.

I like mentioned above, I know my XServe is successfully hosting the domain i created because if the domain didn't exist, I would get this error instead. Which I'm not

So I was hoping someone can help me in figuring out why I cannot join the domain I created. If I'm missing some configuration or something else altogether. Any help is greatly appreciated. Thanks,

 

[Go3iverson]

I'd be sure that your W2k3 Server is trying to join via a supported method, considering you're trying to tie into an NT style domain. It might be an issue with some sort of more advanced security. You can also enable directory service debug logging and attempt to join the server and see what pops out at you.

Michael

 

[Satcomer]

Just one question, are the clocks on the two machines on the same time? I ask this because Windows is VERY picky about this.

Plus check out the reader reports at the great sever administrator site that doe nothing but integrate lone Macs into Windows domains, MacWindows.com

 

[Go3iverson]

This seems to be the opposite. He's running a Mac OS X environment that he wants his Windows Server to integrate into, from what he's saying.

I'm thinking the time issue you're speaking of is general use for Directory Service integration. Especially when you are using Kerberos, the time stamp on the tickets is critical in assuring that you can properly access the service. This is also true in DS replication.

Michael