AD, OD and Kerberos single sign on help

[Craigster]

I am currently running OS10.28 Server set up with AD (for user info) and OD (for Group and automount) integration with networked home folders.

This works well and I am currently testing a replacement setup with 10.35 using the AD plug in so I can take advantage of Kerberos and single sign on. With the help of guides by Joel Rennich and Greg Priglmeier I have set up the following:

Test Home server joining the AD domain using the Ad plug-in.
Test File server joining the AD domain using the Ad plug-in.
Both servers running AFP and Windows configured with security = ads, realm = THEFORWARDGROUP.COM, spegno = yes

Test Client joining the AD domain using the Ad plug-in. Configured to use network home folder rather than local.

The issues I have are:
The test client works fine – logs in and finds its network home folder. If I connect to any W2K server in the AD domain from the test client using SMB it works without asking me to re-authenticate, however if I try and dismount the server by dragging to trash it asked me to authenticate as an administrator of the client computer?

Trying to connect to either of my OS10.35 servers from the client using SMB, it seems to try and connect using the logged in user name and password but then comes up with – Could not connect to server because name or password is incorrect. The client seems to have received tickets in the Kerberos application.

The weird thing is the 2 OSX servers have joined the AD domain properly and show up on a PC and can be accessed from the PC without re-authenticating?

Any ideas?

Thanks
Craig

[Author]

Posts