Home Forums OS X Server and Client Discussion Active Directory AD Kerberos Ticket not functioning

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • April 29, 2008 at 4:53 pm #372507
    AgentOrange
    Participant

    OK,

    So I have finally got my AD binding for Leopard functioning properly. The first thing I then tried to do was single single sign on to an SMB share located on one of my 2003 Windows servers.

    I am immediately prompted for my username and password. I took a look at my Kerberos ticket agent and it looks like I received my ticket but my client is not password the information on to the server.

    Anyone run into this?

    June 5, 2008 at 6:16 am #373019
    macmattias
    Participant

    I’ve got the exact same problem but agaist smb-shares on an 2008 server, the TGT works perfect with 2003 servers in the same domain.

    June 12, 2008 at 2:04 pm #373087
    mlinde
    Participant

    I have a similar (but not exactly the same) issue. I have a bound client that can access two different shares, but not a third (when logged into a domain account). If I log in with the local admin account on the box I can access the share, and if I use the terminal to connect directly via smb I can connect (but I’m sending passwords in the clear there). In addition, from a different box I can access any shares. Only obvious difference is the AD binding on the box that is failing, so I think it has to do with authentication. Any suggestions on tracing this further?

    Log only shows this:
    mount_smbfs: session setup failed (extended security lookup2): syserr = Input/output error
    mount_smbfs: could not login to server SMBEVHILLSFILE0: syserr = Input/output error

    And no, there is no hardware failure on the SMB server – I can access it fine as long as I don’t try to go through the GUI.

    June 13, 2008 at 9:52 pm #373115
    mlinde
    Participant

    [QUOTE][u]Quote by: mlinde[/u][p]I have a similar (but not exactly the same) issue. I have a bound client that can access two different shares, but not a third (when logged into a domain account). If I log in with the local admin account on the box I can access the share, and if I use the terminal to connect directly via smb I can connect (but I’m sending passwords in the clear there). In addition, from a different box I can access any shares. Only obvious difference is the AD binding on the box that is failing, so I think it has to do with authentication. Any suggestions on tracing this further?

    Log only shows this:
    mount_smbfs: session setup failed (extended security lookup2): syserr = Input/output error
    mount_smbfs: could not login to server SMBEVHILLSFILE0: syserr = Input/output error

    And no, there is no hardware failure on the SMB server – I can access it fine as long as I don’t try to go through the GUI.[/p][/QUOTE]

    This has been resolved – the server was linked to a bad NTP server, and time had drifted beyond 5 minutes. Goes to show sometimes the correct answer isn’t an easy one, but if the infrastructure is setup correctly some errors won’t occur

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.