Home Forums OS X Server and Client Discussion Active Directory Weird Connections Attaching from W2K and XP

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • December 7, 2004 at 8:35 pm #360115
    blp848
    Participant

    OK Here it goes….

    I have a Xserve running 10.3.6. The servers main purpose is file server in a mixed client envioment. The clients are mostly XP W2K OSX and OS9.

    I am experiancing very strange connectivity problems with the W2K and XP clients. Connecting using the IP address works fine for most but using the name is very slow. Sometime I can improve the performace for a few hours if I reboot the server. Some users can only connect using the IP address. If they try to use the name they get an error message that says that there user name is not vaild. I can do lookupd and kinit lookups on the user ID’s and get no errors. It would appear to me that the authentication is working.

    Any ideas would be greatly appreciated. I have been struggleing with this for a few months now. Also do I need to generate a krb5.keytab file from my W2K3 controller? I seem to remember seeing something about that but can’t find the article again.

    If there are any soup to nuts articles on how to get Kerberos working 100% I would appreciate being pointed to them. I have looked but have only found partial articles.

    Thanks,
    Brian

    December 10, 2004 at 2:52 am #360136
    MDhaliwal
    Participant

    Ok, so you touch on a few different things in your question…

    Your issue doesn’t appear to be a problem with authentication, but maybe routing or DNS. We have the exact opposite happen in our environment. When our 2003 server is rebooted, Mac clients can’t browse for the shares being shared out over Services for Macintosh.

    Does this affect your Mac clients? Remember, you’ll want to browse with the Macs over SMB, since your Windows clients will be using SMB, not AFP.

    You mention a Windows 2003 DC…do you have a split environment? Like one 2003 DC and one 2000? It seems by how you posted that you might. If that’s the case, best practice is to create keytabs on the 2003 server. We found that out in my environment a couple months back.

    Samba doesn’t require keytab files to be created to work with AD’s Kerberos. You simply need to edit your smb.conf file located in the /etc directory. If you want AD’s Kerberos to work with Mac OS X Server’s AFP service, then you have to create the keytab files and install it on your server.

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.