Hi,

For years I have had a golden triangle setup with our AD and OD servers and it has worked fine with our OS X clients. Recently we switched from our Small Business Server 2003 to a Windows Server 2008 Standard and ever since I had strange issues with out OS X clients.

Kerberos is working because I get a TGT when logging in and when I connect to our Xserves via AFP it uses the TGT and I get service tickets without having to authenticate again. I even get CIFS tickets from our Windows Server 2003 Standard servers when connecting to their SMB shares. But… when I try to connect to SMB shares on the Domain Controller itself, then I get rejected. I’m simply told that I don’t have access to the resources. I DO get a CIFS ticket from the server, but it doesn’t let me in.

I can only login and get access to the share by entering my credentials in the “Connect to server” box in Finder. And I even have to include the domain name. Simply typing “smb://username:password@server/share” isn’t enough. I have to enter “smb://DOMAIN\username:password@server/share”.

What does that tell you? To me it seems like file sharing on the server isn’t kerberized or something, but Windows user have no problems at all. I’m no expert at Kerberos or Windows Server, so I’m very puzzled. I hope that someone inhere can help.

Regards,
René Frej Nielsen