I've been following Mike Bombich pdf (http://www.bombich.com/mactips/activedir.html)
on setting up an OD master to accept kerberos from a AD domain and I can't get AFP to work.
What I've done:
1. Bind OD Master to AD
2. Destroyed the OD Kerberos realm
3. Ran sudo dsconfigad -enableSSO
When I log into a client that is bond to both AD and OD and try to access a SMB share on the AD side it works. When I try to access a SMB share on the OD master it work. When I try to access a AFP share on the OD Master it fails with the error " The user Authentication Method required by this server can't be found". Now I think this error is because I'm forcing Kerberos authentication, if I change AFP setting to any method
authentication I get promoted with the AFP login window, I enter my AD account information and I'm able to mount the share.
So it seems that AFP will allow AD accounts access but only when not using kerberos.
Any hints? Need to get this working or corp. will force me to move all my files off the xserver and use the Windows servers over SMB.
Thanks.
on setting up an OD master to accept kerberos from a AD domain and I can't get AFP to work.
What I've done:
1. Bind OD Master to AD
2. Destroyed the OD Kerberos realm
3. Ran sudo dsconfigad -enableSSO
When I log into a client that is bond to both AD and OD and try to access a SMB share on the AD side it works. When I try to access a SMB share on the OD master it work. When I try to access a AFP share on the OD Master it fails with the error " The user Authentication Method required by this server can't be found". Now I think this error is because I'm forcing Kerberos authentication, if I change AFP setting to any method
authentication I get promoted with the AFP login window, I enter my AD account information and I'm able to mount the share.
So it seems that AFP will allow AD accounts access but only when not using kerberos.
Any hints? Need to get this working or corp. will force me to move all my files off the xserver and use the Windows servers over SMB.
Thanks.
