Apple Support Communities > Servers and Enterprise Software > Mac OS X Server v10.4 and earlier > Discussions
This discussion is archived
1976 Views 7 Replies Latest reply: Aug 30, 2007 10:09 AM by Douglas McLaughlin
Currently Being ModeratedAug 16, 2007 7:52 AM (in response to The Other Tim Schwartz)I assume you're trying to have shares in your AD domain to be mounted when you log on? Did I understand that right? If so, you need to click the button in WGM to use the sign on credentials while mounting.MacBook Core 2 Duo 2ghz, 2gb RAM, 160gb HD, Mac OS X (10.4.10), also have OS X Server
Currently Being ModeratedAug 16, 2007 9:31 AM (in response to The Other Tim Schwartz)Same thing happens here in our network. I think it has to do with the fact that the OD server runs its own internal KDC rather than looking to the AD one for authentication (it still authenticates to the AD through OD's KDC). At least thats my understanding of it.
I'd like to see a solution to it as well though its not a huge priority for me as most of our file shares etc are on the AD servers.Xserve Intel dual 3ghz, Mac OS X (10.4.10)
Currently Being ModeratedAug 16, 2007 1:45 PM (in response to Baruch Stone)Thanks for taking the time to respond.
I am not trying to have them mount shares in the AD domain - I am trying to have them mount volumes via AFP in the OD domain on the Mac file server. The Mac file server is also working as the OD Master so they are essentially connecting to the file server which authenicated them in OD when they first logged in.MacBook Pro 2Ghz, Mac OS X (10.4.6)
Currently Being ModeratedAug 16, 2007 1:51 PM (in response to Nicholas Shaff)I have seen it work in the dev environment. I think I just misconfigured something this time and I'm not sure what.
Also, my understanding of what I read in Mike Bombich's "Leveraging Active Directory on Mac OS X" is that we disable OD's KDC and use kerberized services with AD Service principals with this command:
sudo dsconfigad -enableSSOMacBook Pro 2Ghz, Mac OS X (10.4.6)
Currently Being ModeratedAug 16, 2007 2:36 PM (in response to The Other Tim Schwartz)Hi
This is true but you also have to configure Kerberos Client to look only at the AD for its tickets. By default it will look at both. Mike Bombich tells you how to do this also.
There is another way of disabling Kerberos on OSX Server that does not involve the methods outlined in Bombich’s article.
Currently Being ModeratedAug 17, 2007 7:34 PM (in response to The Other Tim Schwartz)run following command on server:
sudo dsconfigad -enablesso
this should kerberize all services based on AD authentication. It should work assuming clients get kerberos tickets at login. To check if they get, type klist in Terminal on a client machine when an AD account is logged on. Post the resultMacBook Pro; iMac G5, Mac OS X (10.4.9)
Currently Being ModeratedAug 30, 2007 10:09 AM (in response to costicladop)That worked for me. Thanks! A virtual "solved" star for you.
-Doug2GHz Intel iMac 1GB RAM, 500GB HD Super Drive / 2GHz BlackBook 2GB RAM, 120GB HD, Mac OS X (10.4.10), AirPort Express / EyeTV Hybrid / 40GB iPod photo 4GB iPod nano (2G)