Authenticating OS X 10.4 on a windows server 2003 DC

Discussion in 'OT Technology' started by Spinkick, Apr 11, 2007.

  1. Spinkick

    Spinkick Active Member

    Joined:
    Apr 1, 2002
    Messages:
    27,976
    Likes Received:
    0
    Location:
    MI
    Hey Guys,

    I'm trying to get my MBP to authenticate to my domain controller here at home. Do I still have to disable SMB signing on the domain controller, or was this resolved in tiger?

    Also, I run a domain controller on this machine and when I do an nslookup for my active directory domain from the mac, it does not resolve; however it is the only dns server that the mac is set up for. It will not resolve host names to the other computers on the network; however I can ping them. Do you think that this is a security issue as well? It's killing me because of course without working dns, I can't BIND to the active directory.

    Thanks in advance.
     
    Last edited: Apr 11, 2007
  2. Spinkick

    Spinkick Active Member

    Joined:
    Apr 1, 2002
    Messages:
    27,976
    Likes Received:
    0
    Location:
    MI
    Ok guys, I got it working.

    First, make sure that you are binding to the correct dns name :rofl:

    I was using xxx.net when my local AD is actually xxx.com DUH!. (side note)More often than not, local AD's should be configured as xxx.local, but mac's see .local as another kind of protocol altogether with its own problems.

    Anyhow, that resolved it. DNS was working the entire time. SMB signing was off as default on my server 2003 R2 domain controller. This is probably so since I am using "relaxed" settings on it. I should probably experiment with locking it down like I would a production environment, although I have heard the only way to really do it is to use a third party app that supports smb signing, ADmitMac. 129 bucks, cant find it on torrents, no thanks.

    Hope this helps someone.
     
  3. Icedog

    Icedog New Member

    Joined:
    Oct 3, 2003
    Messages:
    8,100
    Likes Received:
    0
    Location:
    CO
    Only reason we had to turn off packet signing at my old work place was to get those auto mount shared folders to mount automatically. Users were still able to login even with the packet signing enabled, just no "home folder" or whatever they were calling it. Though that was back in the panther days, never really used tiger on a AD domain.
     

Share This Page