[Bimmerworld]

More fun today.

Reinstalled the server/updated it etc.

All DNS/hostnames working
Bound to AD
Set up OD master
Kerberized it

And tried the following experiment…

Bound a 10.5.4 client to ONLY AD and configured it’s AD plugin NOT to use any network homes.

Logged into the client, and did an “Apple-K” to “afp://odmaster.x.net”

And it allowed me to get to the share WITHOUT the authentication window popping up (Kerberized I assume)

As soon as add the network home location in AD, and set the clients AD plugin to use it via AFP, it exhibits the same behavior as before. (can’t login because of error blah blah, AFP logs a quick login/logout for the user). When set to client’s AD plugin is set to SMB homes, it works just fine.

[Bimmerworld]

Logged into client machine with test user after disabling AD plugin “derive home directory…” setting.

Cannot mount AFP share without entering username/pw

CAN mount SMB share without entering username/pw

Could this mean AFP is not getting kerberized properly? How would I check/correct this if it is the case?

[Bimmerworld]

Having the same problem here…

10.4.11 clients on a 10.5.4 server, all clean installs.

[Bimmerworld]

Re-did/reinstalled the whole setup today with a better DNS setup.

Domain Name is now “x.net”
OD Master is “odmaster.x.net”

All forward/reverse DNS is working properly. AD servers hosting DNS with all Mac server/OD records added.

Re-setup the “golden triangle” setup, and still having the same issues.

Interestingly enough if I set the client machines (also 10.5.4) AD plugin to use “SMB Homes” it works, but when switched to “AFP Homes” it exhibits the same behavior as before.

If I manually (apple-K) log into the AFP share with a test user (from AD) it works just fine. It seems only to tweak out when trying to use AFP homes via the AD plug in.

The user home inside of AD is set to “\\odmaster.x.net\Staff”, ive also tried it with “\\odmaster\Staff”

[Author]

Posts