Macs can't access 2003 share - losing my mind
Ok, apparently there are always problems connecting to a 2003 server (especially a DC) from a Mac. We had problems initially, but this fixed it:
You need to go to 'Security Settings', 'Local Policies', 'Security Options'. You then need to set the 'Microsoft network server: Digitally sign communications' to disabled. It is enabled by default.
It's less secure, but that's fine for our organization. This worked for about 8 months. On Tuesday, we lost power over the night. The UPSes didn't shut the machines down properly, so they just died once the battery was drained. When I got in the next day, everything appeared to be working normally. The machines had started back up automatically once the power was restored, and everything was fine. Except, the Macs could not connect to the file shares.
I checked the previous setting, but was still disabled. I have no clue what changed. None of the Macs can access the file share. A coworker brought in his laptop, so I can play around with it without disrupting them. Same problem. The macs can access xp shares, and the users can access the file share from xp/vista machines, so it's not their accounts.
The weird problem is that when I try to connect to the server, it doesn't prompt me for a username/password like it used to. I cleared the keychain in case something got corrupt in there, but it still does not prompt me for a password. I tried using smbclient from the mac terminal, hoping it would give me some more insight the problem, but it connects without problem. That's right, I can navigate all through the file share from the terminal, but I get "name or password is not correct" if I try to go through the gui (which I ultimately have to get working for these guys).
I've tried everything I can think of. I confirmed I was auditing log on/off events. When I connect through the terminal, it creates an entry in event viewer, but when it fails through the gui, it doesn't. I am monitoring failed events as well. Has anyone ever encountered anything like this? The most frustrating thing is that I have absolutely no place to start. I just get a generic error through the gui, no problems from the cli, no other logs or notices I can find. I'm not even sure if the issue is with the macs or the server. Maybe the macs coincidentally updated the night we lost power and that created problems with smb/cifs access. No. Freaking. Clue.
You need to go to 'Security Settings', 'Local Policies', 'Security Options'. You then need to set the 'Microsoft network server: Digitally sign communications' to disabled. It is enabled by default.
It's less secure, but that's fine for our organization. This worked for about 8 months. On Tuesday, we lost power over the night. The UPSes didn't shut the machines down properly, so they just died once the battery was drained. When I got in the next day, everything appeared to be working normally. The machines had started back up automatically once the power was restored, and everything was fine. Except, the Macs could not connect to the file shares.
I checked the previous setting, but was still disabled. I have no clue what changed. None of the Macs can access the file share. A coworker brought in his laptop, so I can play around with it without disrupting them. Same problem. The macs can access xp shares, and the users can access the file share from xp/vista machines, so it's not their accounts.
The weird problem is that when I try to connect to the server, it doesn't prompt me for a username/password like it used to. I cleared the keychain in case something got corrupt in there, but it still does not prompt me for a password. I tried using smbclient from the mac terminal, hoping it would give me some more insight the problem, but it connects without problem. That's right, I can navigate all through the file share from the terminal, but I get "name or password is not correct" if I try to go through the gui (which I ultimately have to get working for these guys).
I've tried everything I can think of. I confirmed I was auditing log on/off events. When I connect through the terminal, it creates an entry in event viewer, but when it fails through the gui, it doesn't. I am monitoring failed events as well. Has anyone ever encountered anything like this? The most frustrating thing is that I have absolutely no place to start. I just get a generic error through the gui, no problems from the cli, no other logs or notices I can find. I'm not even sure if the issue is with the macs or the server. Maybe the macs coincidentally updated the night we lost power and that created problems with smb/cifs access. No. Freaking. Clue.
Comments
-
dynamik
Banned Posts: 12,312 ■■■■■■■■■□
I also installed Microsoft's User Authentication Manager for Macs, which supposedly allows strong passwords, etc., but that didn't help. I installed services for macs on the 2003 machine, so they macs can connect via appletalk. However, that truncates filenames/directories over 31 characters, which makes navigating our current folder structure impossible (jobs are stored job number - company - job description). It doesn't even do it smart like in DOS; it's basically random characters. Plus, they have problems saving and files saved from windows users don't show up for them. It's awesome.
I've spend about 8 hours on Google. I've never come across a solution for this problem. It's either that policy change fixes your problem or you're just screwed.
Thanks in advance for any insight. -
doom969
Member Posts: 304
Check the following registry key
HKLM/SYSTEM/current control set/services/lanman server/parameters
RequireSecuritySignature should be set to 0
This the key that is affected by the previously mentionned GPO.
It has happenned to me before that after a restart the key resets even thou the gpo is correctly setted...
Does that help ?
Doom969Doom969
__________________________________________________________
MCP (282 - 270 - 284 - 290 - 291 - 293 - 294 - 298 - 299 - 350)
MCTS (351 - 620 - 622 - 647 - 649 - 671)
MCSA / S / M - MCSE / S
MCITP (EST - EA ) - MCT
A+ - IBM - SBSS2K3 - CISCO_SMB
CompTIA : A+