Mac unable to log on to Win 2k3 server

G

Graeme Fuller

So far this has confounded all around, we're not running Hungarian,
we've tried even the normally uneccesary move of dropping the MSUAM
into the file services folder (OSX 10.2.3)

Clearly there is some sort of bug preventing Access. We've been
running a win 2k server and b4 that NT4, all our access privileges are
unchanged.

W2k3 simply kicks Macs out at the start, error msg 5000 or 5002.

Workaround anyone?
 
W

William M. Smith

So far this has confounded all around, we're not running Hungarian,
we've tried even the normally uneccesary move of dropping the MSUAM
into the file services folder (OSX 10.2.3)

Clearly there is some sort of bug preventing Access. We've been
running a win 2k server and b4 that NT4, all our access privileges are
unchanged.

W2k3 simply kicks Macs out at the start, error msg 5000 or 5002.

Hi Graeme!

The UAM on your Mac will only work when you connect to your server via AFP
as in "afp://192.168.0.1".

If you're using SMB and connecting with something like "smb://192.168.0.1"
then the UAM will not come into play.

Windows 2003 server has a new default setting in its Group Policy that
requires communications between Windows clients to be digitally signed. SMB
appears to the server as a Windows client and therefore the server expects
your Mac to be sending digitally signed communications. But the SMB version
shipped with the latest Macs (up to 10.3.1) do not support digitally
signing.

Therefore, you need to edit the Group Policy on your server or domain to
allow the connection.

On your server, under Administrative Tools, locate and open either your
Domain Controller Security Policy or your Local Security Policy. Go to Local
Policies --> Security Options --> Microsoft Network Client: Digitally sign
communications (always) and disable this. You'll either need to refresh your
GPOs or restart your server.

I'm not sure, but if you use the UAM with the AFP protocol for connecting to
the server, you shouldn't have to do the change to the Group Policy.

Hope this helps! bill
 
G

Graeme Fuller

-----Original Message-----


Hi Graeme!

The UAM on your Mac will only work when you connect to your server via AFP
as in "afp://192.168.0.1".

If you're using SMB and connecting with something like "smb://192.168.0.1"
then the UAM will not come into play.

Windows 2003 server has a new default setting in its Group Policy that
requires communications between Windows clients to be digitally signed. SMB
appears to the server as a Windows client and therefore the server expects
your Mac to be sending digitally signed communications. But the SMB version
shipped with the latest Macs (up to 10.3.1) do not support digitally
signing.

Therefore, you need to edit the Group Policy on your server or domain to
allow the connection.

On your server, under Administrative Tools, locate and open either your
Domain Controller Security Policy or your Local Security Policy. Go to Local
Policies --> Security Options --> Microsoft Network Client: Digitally sign
communications (always) and disable this. You'll either need to refresh your
GPOs or restart your server.

I'm not sure, but if you use the UAM with the AFP protocol for connecting to
the server, you shouldn't have to do the change to the Group Policy.

Hope this helps! bill
--
William M. Smith
(Microsoft Interop MVP)
Mactopia - Microsoft for Macs
http://www.microsoft.com/mac/

.
 
G

Graeme Fuller

-----Original Message-----


Hi Graeme!

The UAM on your Mac will only work when you connect to your server via AFP
as in "afp://192.168.0.1".

If you're using SMB and connecting with something like "smb://192.168.0.1"
then the UAM will not come into play.

Windows 2003 server has a new default setting in its Group Policy that
requires communications between Windows clients to be digitally signed. SMB
appears to the server as a Windows client and therefore the server expects
your Mac to be sending digitally signed communications. But the SMB version
shipped with the latest Macs (up to 10.3.1) do not support digitally
signing.

Therefore, you need to edit the Group Policy on your server or domain to
allow the connection.

On your server, under Administrative Tools, locate and open either your
Domain Controller Security Policy or your Local Security Policy. Go to Local
Policies --> Security Options --> Microsoft Network Client: Digitally sign
communications (always) and disable this. You'll either need to refresh your
GPOs or restart your server.

I'm not sure, but if you use the UAM with the AFP protocol for connecting to
the server, you shouldn't have to do the change to the Group Policy.

Hope this helps! bill
--
William M. Smith
(Microsoft Interop MVP)
Mactopia - Microsoft for Macs
http://www.microsoft.com/mac/

.
 
G

Graeme Fuller

O.K.
Its a two fold problem, solved a) by the method described below, but b)
by Computer management/Shares, then enabling MS and clear text in
the authentication option.
P.C's don't you just hate them, four days this took.
 
Top