Mac Login to AD on 2003

[cghastin]

I have a user with a mac laptop trying to log into my new
Windows 2003 active directory domain. Why is he unable?
Does it have to do with permissions on the Server 2003 or
settings on the Mac?

Thanks!
Chuck Ghastin

 

[William M. Smith]

I have a user with a mac laptop trying to log into my new
Windows 2003 active directory domain. Why is he unable?
Does it have to do with permissions on the Server 2003 or
settings on the Mac?

Hi Chuck!

If you're using SMB as the protocol to connect from the Mac to the server
then you will see this message until you change a new default security
setting in Windows 2003 server. The version of SMB shipping with Mac OS X
does not support digital signing.

In either Local Security Policy or Domain Security Policy (depending on your
network configuration), look for Local Policies --> Security Options -->
Microsoft Network Client: Digitally sign communications (always). Disable
this.

Hope this helps! bill

 

[cghastin]

Bill

Thank you for your reply. I changed that setting to no
avail. Perhaps I should clarify.

My user was able to logon prior to my in-place upgrade of
my NT 4.0 domain controller to Server 2003 with active
directory. I have found that most of the issues which
have come up deal with permissions. Also, how do I
change a computer name on a MAC? Never touched one
before last week. I'm not even sure what it is named
right now!

Thanks again!
Chuck Ghastin

 

[William M. Smith]

Bill

Thank you for your reply. I changed that setting to no
avail. Perhaps I should clarify.

My user was able to logon prior to my in-place upgrade of
my NT 4.0 domain controller to Server 2003 with active
directory. I have found that most of the issues which
have come up deal with permissions. Also, how do I
change a computer name on a MAC? Never touched one
before last week. I'm not even sure what it is named
right now!

Hi Chuck!

Can you provide a little more information for me?

What version of Mac OS are your Macs using? Mac OS 9 or Mac OS X?

If you're using Mac OS X, how is your Mac connecting to the server? Via SMB
or AFP? You'll typically see this as part of the connect string when you're
making the connection.

To change a Mac's computer name, you'll go to Apple menu --> Control Panels
-- File Sharing on Mac OS 9 or on newer versions of Mac OS X you'll go to
Apple menu --> System Preferences -- Sharing.

Thanx! bill

 

[cghastin]

Bill,

Thanks for the reply. It is Mac OS X with SMB.
Since I recently upgraded from WINS to DNS do I need to
let the Mac know this?

Thanks,
Chuck Ghastin

 

[William M. Smith]

Bill,

Thanks for the reply. It is Mac OS X with SMB.
Since I recently upgraded from WINS to DNS do I need to
let the Mac know this?

Hi Chuck!

Don't worry about WINS with Mac OS X unless you have some older Windows
servers still using WINS. Windows 2000, Windows 2003 and Mac OS X rely on
DNS for name resolution, so be sure that your DNS entries are all correct.

Also, when testing name resolution on a Windows machine, disable WINS or it
may be resolving what DNS should be resolving. For example, an Intranet
website can be viewed in a web browser using http://servername with DNS
completely disabled because WINS can be resolving the name. Many
administrators misconfigure DNS thinking that it's working but WINS is
actually doing the work.

Hope this helps! bill