OD Master, PDC on OS X, Windows Boxes can not authenticate

[kamen]

We have our OS X Xserve running 10.4.11 being our Open Dir master as well as a PDC for small windows domain. We have successfully joined windows machines to our domain, and can even log in using our LDAP info. At random times, we can not log in with out LDAP info to our Mac or to a shared drive on a Windows 2003 server. Looking thru the SMB logs on our Login Server, I am seeing
[i]/SourceCache/samba/samba-100.9/samba/source/nmbd/nmbd.c:terminate(56)
Got SIGTERM: going down…
[/i]
error in the Windows Name service log. It appears that when a windows service/user tries to authenticate, sometimes the domain controller is available and sometimes it is not.

Any tips on how we can have our users use their LDAP info to authenticate to a windows machine?

[mosx86]

I’m sorry, could you elaborate a little more on your setup. You mention a Windows 2003 Server in there so I’m not clear on what is going on.

You’ve got a Mac OS X Server running as an OD Master and serving as your PDC as well. Where does the Windows 2003 Server come in? Is the Windows server a member of the Mac’s PDC domain, or is the Mac OD Master bound to the Windows server?

[David Wallace]

I have a 10.5.4 server running as a ODM and a PDC. When the windows folks log into their computer (connected to the domain created by the PDC) the server it will authenticate them. Problem is that after a while some users start to get a “can’t find profile” error. It creates them a temp one on the local machine. Usually what we do is create them a new user on the ODM and they start the process again and it works for a while but eventually they get the error again.

Ideas?

[bomek]

WINS is very very important for a macosx PDC but the samba-provided WINS server sux and can’t be replicated or edited. So i strongly suggest to use a Windows server for WINS, or better, 2 Windows server for WINS with replication.

And don’t got 10.5, it’s going to be worst!

[wisidro]

I have the same setup.

We have Tiger (10.4.11) setup as OD and PDC.

I was able to join the Windows 2003 to the domain with no problem. For single sign on,
I need to add UNIX users as Remote users so they can login to the Windows machine
using the same password. The problem is when I tried to add Domain users to the Remote
Desktop Users after I click on apply the member entries changed

Domain\username {S-1-5-8348848588885)

becomes like this…

? S-1-5-21-8348848588885)

And Domain users can’t login to the Windows machines.

I can see the domain users from the Windows 2003 client that’s why I know
I’m connected to the domain but how come I cannot add them?

[wisidro]

I think the problem is it failed to save local policy database?

Any idea.

[Author]

Posts