This exact problem can occur in the "Windows world" when you clone computers and do not run newsid (or similar) on them prior to joining them to a domain.
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Thursday, February 19, 2009 6:42 AM To: NT System Admin Issues Subject: RE: OS X connecting to domain fileshare And thanks for reminding me of why I don't have Macs on my domain! ;-) John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us From: Jeremy Anderson [mailto:jer...@mapiadmin.net] Sent: Wednesday, February 18, 2009 6:06 PM To: NT System Admin Issues Subject: RE: OS X connecting to domain fileshare I think I got it. Apparently the machines were cloned. So no Kerberos machine tickets. I have one machine that seems to be ok, I am getting occasional prompts for user and password, but I am on the right track now. Thanks for listening to me.... _____ From: Jeremy Anderson [mailto:jer...@mapiadmin.net] Sent: Wednesday, February 18, 2009 1:13 PM To: NT System Admin Issues Subject: RE: OS X connecting to domain fileshare DNS is set to my AD servers. DCHP is from a *nix box, but all the windows PC's have the same DHCP server w/ no issues Hostname returns backup-OSX.local NOT backup-osx.company.com, and I see no way to get rid of the ".local" Kinit u...@company.com prompts for a password, and then returns cannot find KDC for reqested realm. Still struggeling with this..... _____ From: Walker, Clay [mailto:c...@bridgeportisd.net] Sent: Wednesday, February 18, 2009 11:09 AM To: NT System Admin Issues Subject: RE: OS X connecting to domain fileshare is your mac using dhcp/dns services from A/D? I ask to ensure that your mac's FQDN is the same as your A/D's FQDN. Your ticket maybe for ad-domain.domain.com but your mac may be trying to connect to ad-domain or domain.com. You can run a hostname from the command line to check the local mac's FQDN. _____ From: Jeremy Anderson [mailto:jer...@mapiadmin.net] Sent: Wednesday, February 18, 2009 11:07 AM To: NT System Admin Issues Subject: RE: OS X connecting to domain fileshare Just verified as well using Kerberos.app that I have a valid ticket that will expire in 9:58. Still being prompted for a user/pass when trying to connect to a share. _____ From: Anders Blomgren [mailto:chanks...@gmail.com] Sent: Wednesday, February 18, 2009 1:45 AM To: NT System Admin Issues Subject: Re: OS X connecting to domain fileshare To get SSO will depend on kerberos in this case. Start /System/Library/CoreServices/Kerberos.app and see if you have a TGT. If you don't try to manually acquire one with that tool. Otherwise your kerberos config file isn't properly setup, something that's been done automatically since 10.4 by directory services when you bind to an AD domain. -Anders On 2/18/09, Jeremy Anderson <jer...@mapiadmin.net> wrote: I have an OS X 10.5.6 and it is successfully had been bound to the domain. The account shows up and I can log in using any domain user and password. However; when I try to "mount" or browse a share (I press the apple key + k) and I type in SMB://server/fileshare it prompts me for a user name and password. I can type in my user name and password and successfully access the shared resource. I want to just be able to browse / mount shares with out having to enter the user name and password, Am I missing somthing here? Itsn't that the point of single sign on? I have NOT extended my schema, is that why? TIA Jeremy ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
