Leopard and Active Directory Integration Problems

cbarthmann

Registered
Hi Everybody,

Here's my test setup:
*Mac Pro running Leopard Server 10.5.3
*G5 running Leopard Client 10.5.3
*Dell machine running Windows Server 2003 R2.

The main purpose of the setup is to test having both Mac and PC usernames stored in Active Directory, and to access file shares on the Mac server (to avoid paying for Windows CAL's).

I created a new domain on the Windows server, and promoted it to be a domain controller. The Windows server is also a DHCP and DNS server for the test network. The DNS server has reverse DNS entries for all machines on the test network. A few test users were created just to eventually test file and directory permissions.

The OS X server was installed as a Workgroup/Standard installation, and then upgraded to an Advanced Server.

I was able to bind both Server and Client versions of OS X to the Active Directory domain using the Directory Utility. This has allowed me to log in to OS X using usernames from Active Directory. Binding the server automatically changed the SMB server type from Standalone/Workgroup to Domain member. Workgroup Manager also now shows users created in Active Directory.

I created a new file share point in Server Admin on the OS X server, and added one of my Active Directory users under the ACL permissions section. I granted the user read and write privileges in the ACL entry.

Now, when I try to connect to the server via the OS X client using "Go to Server..." and that test account, I get a username/password combination denied, and can't log onto the server. Strangely enough, I can use the same username and password to SSH into the file server. So OS X server is authenticating against Active Directory. When trying to browse the file server from the Windows Server, I get the same issue.

However, when I use an account to that is a local administrator on the OS X server, I'm able to mount the shares properly.

Any ideas/help?

Thanks,

Charles
 
Oop! Somebody at work came to my rescue.

I didn't set the access controls for the AFP and SMB services in Server Admin.
 
I have a very similar question, except that instead of OS X Server, I'm just running the standard OS X 10.5.3 install.

I have bound the Mac to my Windows Active Directory domain, and local logins and SSH work fine. However, when I try to share a folder using Samba, the directory users don't authenticate. FTP works fine though.

I have noticed that while in the File Sharing preferences, if I click the "Options" button, underneath the "Share files and folders using SMB" option, there is a box containing the local accounts and the following explanation:
"When you enable SMB sharing for a user account, you must enter the password for that account. Sharing with SMB stores this password in a less secure manner."

So does this mean I'm not able to share folders with AD users using SMB?

Any help would be appreciated!

Thanks,
-Kevin
 
Back
Top