Connecting to Windows 2003 Server using SMB
I have seen a number of people here having problems with connecting their Macs to a Windows 2003 Server but very few solid solutions have been provided. They are reporting errors with trying to connect from their Mac to a Windows 2003 Server using smb. I was faced with this same problem today, but with the help of Rob at Superior Computers in London Ontario Canada we found a solution that worked for us. Hopefully it will help others.
Here's a description of the steps that lead to the problem:
1) Click "Go" menu.
2) Click "Connect To Server"
3) Type: smb://yourserversIP [example: smb://192.168.1.3]
4) Click "Connect".
Within a few moments you will see a window pop up saying it sees your Windows server but it needs the Server's domain name, and the username and password of the User who is trying to connect to the Windows server.
The domain name should already be filled in (it grabs the domain name from the server itself).
Type in the username and password of a User that exists on the Windows server.
An error comes up saying it could not connect because of the username and password, and you have a choice between "Try Again" and "Cancel". Repeated tries with a correct username and password will fail.
SOLUTION:
This is where Rob jumped in. He found the following link at the Microsoft Knowledge Base:
http://support.microsoft.com/kb/555652
Of the information here he says, "Also note that the details under the Resolution section aren't specific about where to find the options. The options can be found under:"
"Administrative Tools" -> "Group Policy Management" -> "Domain Controllers" -> "Default Domain Controller Policy" -> right click and select "Edit" -> "Computer Configuration" -> "Windows Settings" -> "Security settings" -> "Local Policies" -> "Security Options"
In case the KB article ever disappears here are the settings to edit:
NOTE: Rob also points out that there is a typo in the article:
Microsoft Network Server: Digitally sign communications (when possible): Enabled
Should be:
Microsoft Network Server: Digitally sign communications (if client agrees): Enabled
Edit the Default Domain Controllers Policy and set the following:
Domain Member: Digitally encrypt sign secure channel data (always): Disabled
Domain Member: Digitally encrypt secure channel data (when possible): Enabled
Domain Member: Digitally sign secure channel data (when possible): Enabled
Microsoft Network Server: Digitally sign communications (always): Disabled
(SEE TYPO NOTE) Microsoft Network Server: Digitally sign communications (when possible): Enabled
Microsoft Network Client: Digitally Sign communications (Always): Disabled.
Microsoft Network Client: Digitally sign communications (if server agrees): Enabled
Network Security: LAN Manager authentication level: Send LM & NTLM responses
After making these changes to the Win2003 Server the Mac I was trying to connect with connected properly.
HTH
Andy
Mostly Digital Service Dept.
PowerBook G4 1.33 Ghz Mac OS X (10.4.8)
PowerBook G4 1.33 Ghz Mac OS X (10.4.6)
Here's a description of the steps that lead to the problem:
1) Click "Go" menu.
2) Click "Connect To Server"
3) Type: smb://yourserversIP [example: smb://192.168.1.3]
4) Click "Connect".
Within a few moments you will see a window pop up saying it sees your Windows server but it needs the Server's domain name, and the username and password of the User who is trying to connect to the Windows server.
The domain name should already be filled in (it grabs the domain name from the server itself).
Type in the username and password of a User that exists on the Windows server.
An error comes up saying it could not connect because of the username and password, and you have a choice between "Try Again" and "Cancel". Repeated tries with a correct username and password will fail.
SOLUTION:
This is where Rob jumped in. He found the following link at the Microsoft Knowledge Base:
http://support.microsoft.com/kb/555652
Of the information here he says, "Also note that the details under the Resolution section aren't specific about where to find the options. The options can be found under:"
"Administrative Tools" -> "Group Policy Management" -> "Domain Controllers" -> "Default Domain Controller Policy" -> right click and select "Edit" -> "Computer Configuration" -> "Windows Settings" -> "Security settings" -> "Local Policies" -> "Security Options"
In case the KB article ever disappears here are the settings to edit:
NOTE: Rob also points out that there is a typo in the article:
Microsoft Network Server: Digitally sign communications (when possible): Enabled
Should be:
Microsoft Network Server: Digitally sign communications (if client agrees): Enabled
Edit the Default Domain Controllers Policy and set the following:
Domain Member: Digitally encrypt sign secure channel data (always): Disabled
Domain Member: Digitally encrypt secure channel data (when possible): Enabled
Domain Member: Digitally sign secure channel data (when possible): Enabled
Microsoft Network Server: Digitally sign communications (always): Disabled
(SEE TYPO NOTE) Microsoft Network Server: Digitally sign communications (when possible): Enabled
Microsoft Network Client: Digitally Sign communications (Always): Disabled.
Microsoft Network Client: Digitally sign communications (if server agrees): Enabled
Network Security: LAN Manager authentication level: Send LM & NTLM responses
After making these changes to the Win2003 Server the Mac I was trying to connect with connected properly.
HTH
Andy
Mostly Digital Service Dept.
PowerBook G4 1.33 Ghz Mac OS X (10.4.8)
PowerBook G4 1.33 Ghz Mac OS X (10.4.6)
