AD/OD windows clients not getting SSO

[ZeroLevelZilch]

I’m working on a setup similar to the one described in the AD-OD whitepaper but I seem to be having a kerberos issue and don’t know how to fix it.

All user accounts in AD
Intel Xserve (10.4.10) as OD master and bound to AD through Directory access.
Xserve will also host a few (5-10) home folders for one lab who will primarily connect via AFP.
When we attempt to set the home folder for a test user in AD it errors out saying we don’t have privileges to the share and the SMB logs get errors similar to this…

[code][2007/07/09 13:10:33, 1] auth_ods.c:opendirectory_ntlmv2_auth_user(312)
User “ADAdmin” failed to authenticate with “dsAuthMethodStandard:dsAuthNodeNTLMv2” (-14079) :([/code]

Odd thing is that a Mac client who’s bound to the domain, gets single sign-on for AFP and SMB. Windows boxes get prompted for a user name/pass when attempting to mount the share. So I assume the Windows machines aren’t getting proper credentials. Do I have a kerb issue here? Any ideas on how to resolve it?

Thanks,
-Zero.

[puxuradude6]

Got the same error, don’t even use AD but NTLMv2 on OS X Server seems to be incompatibel with the world anyway. I adjusted my share settings to allow NTLM as well and things worked from there on.

10.4.10 without AD or Kerberos, just local authentication.

[Author]

Posts