Skip navigation

Leopard Server domain member and Windows Server 2008/2012

705 Views 0 Replies Latest reply: Jul 9, 2013 7:10 AM by Vilius Šumskas RSS
Vilius Šumskas Calculating status...
Currently Being Moderated
Jul 9, 2013 7:10 AM

We have an Active Directory domain which runs on Windows Server 2012. Now we want to connect our Mac OS X Server 10.5.8 machine to that domain. We want to achieve SSO from Windows 7 workstations which are bound to AD domain. SSO should work for both AD and Xserve shared resources. As far as I understand we need to set OpenDirectory service as "Connected to Directory System" and then bind Xserve to our AD domain. Right?

 

So we did this as described in Leopard OpenDirectory manual. Everything succeded without a problem. I can see AD users in Workgroup Manager and I can set permissions for them under Server Admin -> File Sharing.

 

Windows Services (SMB) on the Xserve was also set to Domain Member during our configuration. I can see that it has a correct Kerberos realm. However Windows users cannot connect to SMB services on the Xserve no matter what I do.

 

SMB usually produces these errors:

  dsDoNodeAuth gave -14090 [eDSAuthFailed]

[2013/07/06 01:11:40, 0, pid=10285] /SourceCache/samba/samba-187.14/samba/source/auth/auth_odsam.c:opendirectory_sm b_pwd_check_ntlmv2(446)

  opendirectory_ntlmv2_auth_user gave -14090 [eDSAuthFailed]

[2013/07/06 01:11:40, 0, pid=10285] /SourceCache/samba/samba-187.14/samba/source/auth/auth_odsam.c:opendirectory_op endirectory_ntlm_password_check(522)

  opendirectory_smb_pwd_check_ntlmv2 gave -14090 [eDSAuthFailed]

[2013/07/06 01:11:40, 0, pid=10285] /SourceCache/samba/samba-187.14/samba/source/auth/auth_odsam.c:opendirectory_nt lmv2_auth_user(330)

  dsDoNodeAuth gave -14090 [eDSAuthFailed]

[2013/07/06 01:11:40, 0, pid=10285] /SourceCache/samba/samba-187.14/samba/source/auth/auth_odsam.c:opendirectory_sm b_pwd_check_ntlmv2(446)

 

And it raising log level:

[2013/07/06 02:13:07, 2, pid=421] /SourceCache/samba/samba-187.14/samba/source/smbd/sesssetup.c:setup_new_vc_sess ion(1260)

  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.

[2013/07/06 02:13:07, 2, pid=421] /SourceCache/samba/samba-187.14/samba/source/smbd/sesssetup.c:setup_new_vc_sess ion(1260)

  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.

[2013/07/06 02:13:07, 0, pid=421] /SourceCache/samba/samba-187.14/samba/source/lib/opendirectory.c:opendirectory_ user_auth_and_session_key(679)

  dsDoDirNodeAuthOnRecordType gave -14091 [eDSAuthMethodNotSupported]

[2013/07/06 02:13:07, 0, pid=421] /SourceCache/samba/samba-187.14/samba/source/auth/auth_odsam.c:opendirectory_sm b_pwd_check_ntlmv1(383)

  opendirectory_user_auth_and_session_key gave -14091 [eDSAuthMethodNotSupported]

[2013/07/06 02:13:07, 0, pid=421] /SourceCache/samba/samba-187.14/samba/source/auth/auth_odsam.c:opendirectory_au th_user(233)

  dsDoNodeAuth gave -14090 [eDSAuthFailed]

[2013/07/06 02:13:07, 0, pid=421] /SourceCache/samba/samba-187.14/samba/source/auth/auth_odsam.c:opendirectory_sm b_pwd_check_ntlmv1(393)

  opendirectory_auth_user gave -14090 [eDSAuthFailed]

[2013/07/06 02:13:07, 0, pid=421] /SourceCache/samba/samba-187.14/samba/source/auth/auth_odsam.c:opendirectory_sm b_pwd_check_ntlmv1(402)

  opendirectory_user_session_key gave -14090 [eDSAuthFailed]

[2013/07/06 02:13:07, 0, pid=421] /SourceCache/samba/samba-187.14/samba/source/auth/auth_odsam.c:opendirectory_op endirectory_ntlm_password_check(598)

  opendirectory_smb_pwd_check_ntlmv1 gave -14090 [eDSAuthFailed]

[2013/07/06 02:13:07, 2, pid=421] /SourceCache/samba/samba-187.14/samba/source/auth/auth.c:check_ntlm_password(31 9)

  check_ntlm_password:  Authentication for user [K2admin] -> [K2admin] FAILED with error NT_STATUS_WRONG_PASSWORD

 

From the past I remember, that Windows 7 cannot be bound to Mac OS X server running 10.5.8 because of old/new authentication protocol incompatibility. Is this the same issue and servers running 10.5.8 cannot be domain members for Windows 2008/2012 domain too? What are the possible options here?

 

P.S. DNS is in order and should not be a problem here.

P.P.S. I have tried to connect with Windows XP clients. Still the same issue.

Xserve, Other OS, Mac OS X Server 10.5.8

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.