I “solved” this at a client site recently. It’s an OS X 10.4.6 server bound to an AD domain, with access to shares managed by ACLs (one AD group has full control access- no Open Directory accounts). It’s a very simple setup for 10 designers in a PC corporate environment.
The problem was only with a few users. I compared the security groups in AD that these users were members of to users in AD that did not get this error and found one security group was the problem. Luckily they didn’t need to be a member of the group, so their accounts could be removed from it. SSO worked fine for these users. The Windows admin doesn’t understand why this particular group is causing problems, and only for AFP access to the OS X server.
Not sure if it’s the OS X server that is to blame or not. In any case, one thing I’ve noticed is that on the OS X Server, running “kinit (user_name) always prompts me for a password, which Mactrolls guide says should NOT happen.
Recent Comments