3 Replies Latest reply: Feb 20, 2014 11:13 AM by azarzycki
scherndon Level 1 Level 1 (0 points)

I need my Lion Server to share a folder out to about 30 PCs and Macs of various vintage and OSes.

 

I'm having major trouble with failures to log in from windows despite SMB being enabled in the Server App's File Sharing Pane.

 

The error that is ubiquitous is NTLM domain not configured.

 

I found a post telling me to change the NETBIOS computer name to a good token and then use that with the Windows authentication dialog like a domain name.  eg, domain called "harbor", set NETBIOS to "HARBOR" and use HARBOR\steve as the log in user.

 

This has sort of worked, but the netbios name isn't sticking through server reboots.

 

Furthermore, this authentication approach seems to break.  I don't know what is triggering it, but once it goes, the log I get from

sudo cat /private/var/log/krb5kdc/kdc.log

is fire with NTLM domain not configured errors from the now broken mapped network drives.

 

I read another post telling me to turn off AFP sharing.  I'm trying that now, but "really?"

 

Can anyone help me get to the bottom of this?  Everyone connected to this network can be trusted to have share level access, but I'm probably never going to be able to disable all authentication. 

 

Thanks for any thoughts.


Mac mini, Mac OS X (10.7.1)
  • 1. Re: NTLM domain not configured
    sweavo Level 1 Level 1 (0 points)

    I've just been battling with windows auth on samba shares from a regular lion (not server) box, and what cracked it for me go network->advanced then the WINS tab and enter the desired netbios name and workgroup name in there. This is after I already tried a macports install of darwin3 with no joy.

     

    Hope that helps

  • 2. Re: NTLM domain not configured
    Ernst Mulder Level 1 Level 1 (5 points)

    Thanks for the hint. Setting the netbios and workgroupname solved this for me.

  • 3. Re: NTLM domain not configured
    azarzycki Level 1 Level 1 (0 points)

    Populating the NetBios and workgroup names appears to make a difference when a Windows machine fails to log into the Mac over SMB.

     

    I should note that some non-Windows devices that connect to the Mac over SMB may not trigger this problem: I've successfully used ES File Explorer from several Android devices to connect to the same Mac that I couldn't connect to from a Windows machine until I populated the NetBios and workgroup names.