AD with Snow Leopard Server

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

AD with Snow Leopard Server

The Mac OS X Server Mailing List mailing list
We are having a Active Directory situation here.

Have just set up an Active Directory Server with Windows 2008 R2 and did
the binding with an OS X 10.6.8 File server for user authentication.

The Mac Server has the Shared Folders which are accessed by the clients
authenticated by the AD. Connection from the Mac clients work fine but any
login attempt from a Win 7 client does not. It finds the correct domain but
the authentication does not go through. The login screen simply shakes and
goes back to the initial screen.

We had used the Open Directory system from Mac quite successfully over the
past few years but need to transition to AD.

Any thought or tip would appreciated as always.

I will summarize.

Thanks,
Reaz


Reaz Shaheed
Director Information Technology
American International School Dhaka
[hidden email]

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      ([hidden email])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macos-x-server/lists%2Bs10970n2h62%40n7.nabble.com

This email sent to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: AD with Snow Leopard Server

The Mac OS X Server Mailing List mailing list
Hi Reaz,

Summarizing it seems like Win7 can't login to an older Mac SMB file share...
I believe your Windows 7 client needs to lower its LmCompatibiltyLevel setting (on the box or via Group Policy). OS X 10.6.8 uses an older version of authentication. You'd have the reverse problem if it were older Mac to Windows file sharing (would have to lower what the server accepts).

https://technet.microsoft.com/en-us/library/cc960646.aspx?f=255&MSPPError=-2147217396
https://technet.microsoft.com/en-us/magazine/2006.08.securitywatch.aspx

Let me know how it goes.
Thanks
Shawn Pullum
UC Irvine


Sent from my iPhone

> On Jul 12, 2015, at 5:57 AM, OS X Server Mail List <[hidden email]> wrote:
>
> We are having a Active Directory situation here.
>
> Have just set up an Active Directory Server with Windows 2008 R2 and did
> the binding with an OS X 10.6.8 File server for user authentication.
>
> The Mac Server has the Shared Folders which are accessed by the clients
> authenticated by the AD. Connection from the Mac clients work fine but any
> login attempt from a Win 7 client does not. It finds the correct domain but
> the authentication does not go through. The login screen simply shakes and
> goes back to the initial screen.
>
> We had used the Open Directory system from Mac quite successfully over the
> past few years but need to transition to AD.
>
> Any thought or tip would appreciated as always.
>
> I will summarize.
>
> Thanks,
> Reaz
>
>
> Reaz Shaheed
> Director Information Technology
> American International School Dhaka
> [hidden email]
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Macos-x-server mailing list      ([hidden email])
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/macos-x-server/spullum%40uci.edu
>
> This email sent to [hidden email]


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      ([hidden email])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macos-x-server/lists%2Bs10970n2h62%40n7.nabble.com

This email sent to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: AD with Snow Leopard Server

The Mac OS X Server Mailing List mailing list
In reply to this post by The Mac OS X Server Mailing List mailing list
That is an issue with the version of samba included with 10.6 and 2008 server.  It is the primary reason we had to move off of 10.6 server.  We could not find a fix or workaround.

The version included is integrated so it is unlikely that you can upgrade the included samba yourself.

You will likely need to move to a newer version of server or to another platform.

Kyle

Sent from Mobile

> On Jul 12, 2015, at 5:55 AM, OS X Server Mail List <[hidden email]> wrote:
>
> We are having a Active Directory situation here.
>
> Have just set up an Active Directory Server with Windows 2008 R2 and did
> the binding with an OS X 10.6.8 File server for user authentication.
>
> The Mac Server has the Shared Folders which are accessed by the clients
> authenticated by the AD. Connection from the Mac clients work fine but any
> login attempt from a Win 7 client does not. It finds the correct domain but
> the authentication does not go through. The login screen simply shakes and
> goes back to the initial screen.
>
> We had used the Open Directory system from Mac quite successfully over the
> past few years but need to transition to AD.
>
> Any thought or tip would appreciated as always.
>
> I will summarize.
>
> Thanks,
> Reaz
>
>
> Reaz Shaheed
> Director Information Technology
> American International School Dhaka
> [hidden email]
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Macos-x-server mailing list      ([hidden email])
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/macos-x-server/kcrwfrd%40gmail.com
>
> This email sent to [hidden email]


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      ([hidden email])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macos-x-server/lists%2Bs10970n2h62%40n7.nabble.com

This email sent to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: AD with Snow Leopard Server

The Mac OS X Server Mailing List mailing list
In reply to this post by The Mac OS X Server Mailing List mailing list
I'm not certain which ports would be used -- I'd have to look up, but
the ports used for mac are slightly different than Windows, I believe.
I know that port 389 is used with open directory.  I'm not certain if
it uses 389 to talk to AD or 445.  You might check to make sure those
ports are open.  If kerberos is used, make sure that the clock on the
workstation matches the server clock.  If it's more than a few minutes
off, you won't be able to authenticate.

 Hope my suggestions helps.

On 7/12/15, OS X Server Mail List <[hidden email]> wrote:

> We are having a Active Directory situation here.
>
> Have just set up an Active Directory Server with Windows 2008 R2 and did
> the binding with an OS X 10.6.8 File server for user authentication.
>
> The Mac Server has the Shared Folders which are accessed by the clients
> authenticated by the AD. Connection from the Mac clients work fine but any
> login attempt from a Win 7 client does not. It finds the correct domain but
> the authentication does not go through. The login screen simply shakes and
> goes back to the initial screen.
>
> We had used the Open Directory system from Mac quite successfully over the
> past few years but need to transition to AD.
>
> Any thought or tip would appreciated as always.
>
> I will summarize.
>
> Thanks,
> Reaz
>
>
> Reaz Shaheed
> Director Information Technology
> American International School Dhaka
> [hidden email]
>
>  _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Macos-x-server mailing list      ([hidden email])
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/macos-x-server/hoosierchick67%40gmail.com
>
> This email sent to [hidden email]


--
*Mary C. Anderson*
[hidden email]

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      ([hidden email])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macos-x-server/lists%2Bs10970n2h62%40n7.nabble.com

This email sent to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: AD with Snow Leopard Server

The Mac OS X Server Mailing List mailing list
In reply to this post by The Mac OS X Server Mailing List mailing list
Hi Raez,

You can use pGina as a workaround for newer Windows clients to authenticate to Snow Leopard Server. If you want to know what LDAP mappings have to be used contact me.

http://pgina.org

Alex

Kind regards
Alex Thurley
ICT Systems Manager
Bonn International School

> Am 12.07.2015 um 21:00 schrieb [hidden email]:
>
> essage: 1
> Date: Sun, 12 Jul 2015 15:55:37 +0600
> From: OS X Server Mail List <[hidden email]>
> To: undisclosed-recipients: ;
> Subject: AD with Snow Leopard Server
>
> We are having a Active Directory situation here.
>
> Have just set up an Active Directory Server with Windows 2008 R2 and did
> the binding with an OS X 10.6.8 File server for user authentication.
>
> The Mac Server has the Shared Folders which are accessed by the clients
> authenticated by the AD. Connection from the Mac clients work fine but any
> login attempt from a Win 7 client does not. It finds the correct domain but
> the authentication does not go through. The login screen simply shakes and
> goes back to the initial screen.
>
> We had used the Open Directory system from Mac quite successfully over the
> past few years but need to transition to AD.
>
> Any thought or tip would appreciated as always.
>
> I will summarize.
>
> Thanks,
> Reaz
>
>
> Reaz Shaheed
> Director Information Technology
> American International School Dhaka
> [hidden email]


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      ([hidden email])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macos-x-server/lists%2Bs10970n2h62%40n7.nabble.com

This email sent to [hidden email]