Home Forums OS X Server and Client Discussion Active Directory AD Users Authenticate but Password prompts keep coming up

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • June 20, 2009 at 10:01 am #376470
    trampoline
    Participant

    WE have a number of Mac’s on a windows 2008 server network.
    However the keep getting prompted for passwords to mount share points & access internet via proxy’s.
    Would Kerebos eliminate this ?

    June 21, 2009 at 12:43 am #376472
    larkost
    Participant

    My understanding is that MacOS X in general does not support Kerberos for authentication to proxys. So you are probably not going to get this to work for Safari. But I think you can get this to work with Firefox. I have never actually done this, as I have never worked with a proxy that needed authentication.

    Note that all of this is with 10.5. I have no idea about 10.6. But if this is important to you make sure to file a radar request for it: http://bugreport.apple.com. Make sure to provide impact statements with your report (how badly does it affect how many users, and how does this keep you from buying Apple products).

    July 15, 2009 at 2:37 pm #376632
    walt
    Participant

    I had the same issue when users would be authenticated from AD and tried to mount a cifs share they would be prompted for their username and password. I had to change a preference to get Finder to mount shares using the user’s short name so that it would correctly pass their username to the server. Otherwise it would authenticate with ‘Doe, John’ as opposed to ‘john.doe’.

    Here are the commands to get it done.

    defaults write /Library/Preferences/com.apple.NetworkAuthorization UseDefaultName -bool NO
    defaults write /Library/Preferences/com.apple.NetworkAuthorization UseShortName -bool YES

    I am not sure if this will resolve the issue with the proxy.

    Also just FYI, the AD plugin on OS X uses Kerberos to authenticate with AD. So every time a user logs in with their AD account they are granted a kerberos ticket from your AD. This ticket is valid for a few hours (by default anyway) and any other services that our connected to your AD (cifs shares for expample) should allow your users to use single-sign on via kerberos.

    /System/Library/CoreServices/Kerberos – This application will let you see if you have any tickets active or manually obtain a ticket.

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.