[papastanley]

I haven’t had a solution yet – had to leave it and run with what I had, time was getting too tight.

I did however find this (link below) which maybe has some bearing, but didn’t fix my problem though – you mention the SID issue – this shows you where to check if [b]all[/b] the SID entries are matching. There may be two plists which don’t match – perhaps a bug with the SMB controls in WGM not writing to both plists?

Mine were not matching, but once I fixed them the problem still remained. Cannot authorise a domain join from a Windows XP box.

FYI in case this helps your situation…

[url]http://www.radiotope.com/writing/?p=61#comment-1440[/url]

My fallbackplan is to use pGina instead of the Windows login, and point it at the LDAP server on my OS X box.

I’ll let you know how this works when I get to it.

good luck!

.:S:.

[papastanley]

I didn’t – but I have just fairly thoroughly skimmed through it – two things though…

1. I’m not binding to an Active Directory Domain – just running a PDC on my xServe

2. I’m not running an Intel Xserve, but a first Gen G4 Xserve – they reckon it’s a problem with the Intel build.

So I’m not so sure this is my problem – though it sounds similar – can anybody confirm they’ve seen the same problem (and fixed it with that script) on a standalone PPC server running as a PDC?

Thanks for the suggestion though

What would be really helpful would be if someone could post their working smb.conf file, and also a screenshot of their XP client Local Security policy settings, from a working OS X Server PDC and XP client.

Steven

[papastanley]

OK, update on the essay – got it going again after some dicking around (pardon my Australianism) as I tried restoring the network.nidb I’d backed up in the script process. By rights this should have got us back to square one – ie no users could log in, but at least they are still there.

However I also stripped back what the SMB server was doing, turning off the Workgroup Master Browser feature – and bingo! it’s working?

This makes me think that enabling the Workgroup Master Browser feature somehow started blocking authentication to Netinfo and network.nidb – does that make any sense? Bug? Feature? Anybody seen something like this?

One final niggling question – in WGM my Network domain path shows “Netinfo/root” but my Local domain now shows the path “Netinfo/root/Tesla” – this is what I meant when I said the local.nidb might be nested inside the network.nidb – is this ok, or will this cause probs if I migrate to LDAP?

thanks in advance for any perspective

Steven G Stanley

[papastanley]

Password server is needed for windows users to connect due to the authentication protocols used by windoze clients. Server Directory has to be setup with Directory Assistant option “provide passwords to other systems” (or sim).

There are command line options for password server control.

The user must also have Password server set as their password type, you will have to type in their password when chaning from basic to PS for each user.

Windows Services must be on, do this in Server Settings app (Admin Tools needed if you are on OS X client – software is on the server however).

Only the admin user who is logged in when starting the PS is able to change user’s passwords to PS. There are command line options to change or reset the admin user for PS. I don’t have them on me at the moment, but search the User forums at Apple on Password Server.

regards

.:S:.

[papastanley]

Hi,

I’m chasing this win client password issue as well – I want user passwords to be changed if need be by the windoze users themselves.

As far as the other problems for win user access, I found things were more consistent with OS X Server 10.2.4 patch applied. Password server can be flakey. I have Windows users access working ok now.

Also note that Password server MUST be used for win clients to smb, otherwise I believe you have to configure each client for clear text passwords (in registry I believe).

Note that sometimes you need to “switch” the password setting on and off again for the user account to take it’s new PS managed password, the bummer is you have to enter the password manually when you switch back to PS for the User.

Peterapp – Your problem with no username might be related to the current windows user logged in to the PC, it will give the name when connecting, if the name matches on the OS X Server but the pass doesn’t then win2K just asks you for the password – I see this on our windoze network occasionally. What I did to test was to setup a dummy local user on the PC who did not exist at all on the OS X Server, log in as them, then browse to the share, then you should get a user and pass challenge.

HTH 🙂

.:S:.

[papastanley]

Hi,

You can configure the web proxy in the web services section of the Server Settings application – you’ll need to authenticate as admin for the server to connect to your OS X Server to make this change.

May require a web services restart.

If you are trying to do this from your laptop to the server you’ll need a copy of the admin tools installed (comes with OS X server, but not with OS X client)

regards

.:S:.

[Author]

Posts