SFM share authentication from Mac PDC



I have an OS X 10.3 Server running as an OD Master and also running as a
Windows PDC. I also have a Win2k3 server that I have joined to the Mac PDC.
I have made users in Workgroup Manager (with OD passwords), and I can log in
to the desktop of the Win2k3 server with OD users. I can also log in to SMB
shares on the Win2k3 server as OD users. I cannot, however, log in to AFP
shares from the Win2k3 server using OD users. I can log in to AFP shares as
local Win2k3 users, so AFP services are correct. I also have other Win2k3
servers that are members of a Windows PDC; these servers provide AFP shares,
so I know how to set up AFP services on Win2k3. Attempting to log in to AFP
shares on the Win2k3 server from either OS9 or OS X workstations fails, and
displays this error in my Samba log:

 opendirectory_smb_pwd_check_ntlmv1:incorrect password length (5)

I recognize the NT LanManager version 1 password check going on, and it
reports incorrect length (but shouldn't it be NTLMv2 ??). I have a 4
character password, and the field displays (5); If I make an 8 character
password, the field displays (9). It is always one higher that the password
character count.

I've tried changing the authentication style in the ServiceForMacintosh
properties from Apple Clear Text to Apple Encrypted and also Microsoft. None
seem to work. Interestingly enough, when set to Apple Encrypted, No Macs can
even attempt to log in. I'm forced to use Apple Cleartext, even on my other
Win2k3 servers.

I've also installed the UAM's from Microsoft's site for OS 9 and OS X, but
I get the same results and the same error in the samba log.

I've read on the web where people have tweaked their Windows security
policies, So I tried this also, but with no benficial results. I tweaked the
DomainMember: digitally encrypt or sign secure channel data - Disabled
MSNetworkClient: digitally sign communications - Disabled
MSNetworkClient: send unencrypted passwords to 3rd party SMB servers -

I'm not sure what else to try, So I turn to you for help. I'm so close in
getting this to work, as I see the Windows Server and the Mac server
communicating, and authenticating. I just can't get Services for Macintosh
Shares to use OD users and passwords. Please help.

Any advice is welcomed and appreciated.

Thank you


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question