0 Replies Latest reply: Jul 9, 2013 7:10 AM by Vilius Šumskas
Vilius Šumskas Level 1 Level 1 (5 points)

We have an Active Directory domain which runs on Windows Server 2012. Now we want to connect our Mac OS X Server 10.5.8 machine to that domain. We want to achieve SSO from Windows 7 workstations which are bound to AD domain. SSO should work for both AD and Xserve shared resources. As far as I understand we need to set OpenDirectory service as "Connected to Directory System" and then bind Xserve to our AD domain. Right?

 

So we did this as described in Leopard OpenDirectory manual. Everything succeded without a problem. I can see AD users in Workgroup Manager and I can set permissions for them under Server Admin -> File Sharing.

 

Windows Services (SMB) on the Xserve was also set to Domain Member during our configuration. I can see that it has a correct Kerberos realm. However Windows users cannot connect to SMB services on the Xserve no matter what I do.

 

SMB usually produces these errors:

  dsDoNodeAuth gave -14090 [eDSAuthFailed]

[2013/07/06 01:11:40, 0, pid=10285] /SourceCache/samba/samba-187.14/samba/source/auth/auth_odsam.c:opendirectory_sm b_pwd_check_ntlmv2(446)

  opendirectory_ntlmv2_auth_user gave -14090 [eDSAuthFailed]

[2013/07/06 01:11:40, 0, pid=10285] /SourceCache/samba/samba-187.14/samba/source/auth/auth_odsam.c:opendirectory_op endirectory_ntlm_password_check(522)

  opendirectory_smb_pwd_check_ntlmv2 gave -14090 [eDSAuthFailed]

[2013/07/06 01:11:40, 0, pid=10285] /SourceCache/samba/samba-187.14/samba/source/auth/auth_odsam.c:opendirectory_nt lmv2_auth_user(330)

  dsDoNodeAuth gave -14090 [eDSAuthFailed]

[2013/07/06 01:11:40, 0, pid=10285] /SourceCache/samba/samba-187.14/samba/source/auth/auth_odsam.c:opendirectory_sm b_pwd_check_ntlmv2(446)

 

And it raising log level:

[2013/07/06 02:13:07, 2, pid=421] /SourceCache/samba/samba-187.14/samba/source/smbd/sesssetup.c:setup_new_vc_sess ion(1260)

  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.

[2013/07/06 02:13:07, 2, pid=421] /SourceCache/samba/samba-187.14/samba/source/smbd/sesssetup.c:setup_new_vc_sess ion(1260)

  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.

[2013/07/06 02:13:07, 0, pid=421] /SourceCache/samba/samba-187.14/samba/source/lib/opendirectory.c:opendirectory_ user_auth_and_session_key(679)

  dsDoDirNodeAuthOnRecordType gave -14091 [eDSAuthMethodNotSupported]

[2013/07/06 02:13:07, 0, pid=421] /SourceCache/samba/samba-187.14/samba/source/auth/auth_odsam.c:opendirectory_sm b_pwd_check_ntlmv1(383)

  opendirectory_user_auth_and_session_key gave -14091 [eDSAuthMethodNotSupported]

[2013/07/06 02:13:07, 0, pid=421] /SourceCache/samba/samba-187.14/samba/source/auth/auth_odsam.c:opendirectory_au th_user(233)

  dsDoNodeAuth gave -14090 [eDSAuthFailed]

[2013/07/06 02:13:07, 0, pid=421] /SourceCache/samba/samba-187.14/samba/source/auth/auth_odsam.c:opendirectory_sm b_pwd_check_ntlmv1(393)

  opendirectory_auth_user gave -14090 [eDSAuthFailed]

[2013/07/06 02:13:07, 0, pid=421] /SourceCache/samba/samba-187.14/samba/source/auth/auth_odsam.c:opendirectory_sm b_pwd_check_ntlmv1(402)

  opendirectory_user_session_key gave -14090 [eDSAuthFailed]

[2013/07/06 02:13:07, 0, pid=421] /SourceCache/samba/samba-187.14/samba/source/auth/auth_odsam.c:opendirectory_op endirectory_ntlm_password_check(598)

  opendirectory_smb_pwd_check_ntlmv1 gave -14090 [eDSAuthFailed]

[2013/07/06 02:13:07, 2, pid=421] /SourceCache/samba/samba-187.14/samba/source/auth/auth.c:check_ntlm_password(31 9)

  check_ntlm_password:  Authentication for user [K2admin] -> [K2admin] FAILED with error NT_STATUS_WRONG_PASSWORD

 

From the past I remember, that Windows 7 cannot be bound to Mac OS X server running 10.5.8 because of old/new authentication protocol incompatibility. Is this the same issue and servers running 10.5.8 cannot be domain members for Windows 2008/2012 domain too? What are the possible options here?

 

P.S. DNS is in order and should not be a problem here.

P.P.S. I have tried to connect with Windows XP clients. Still the same issue.


Xserve, Other OS, Mac OS X Server 10.5.8