Connecting os 10.4 to a windows server 2003 file server

Discussion in 'Mac Basics and Help' started by sam-i-am, Apr 28, 2006.

  1. sam-i-am macrumors member

    Joined:
    Mar 1, 2006
    #1
    Hey all, hope you can help me on this one.

    I connect to my work's VPN just fine from home on my MBP running the latest version of os 10.4. I run into a problem when trying to mount a shared drive, however.

    I click "go" and "connect to server" from finder and type in the server address. Then authentication fails. This is because the server is set to encrypted communication (which samba apparently does not support). There are options on the serverside to enable samba connections (there is a "services for macintosh" service in 2k3 as well as an option to disable encrypted authentication).

    However, my employer will not change either of these settings because they "do not want to go down the road of officially supporting macs."

    I tried the UAM (User authentication module) that apparently allows you to do the encrypted authentication thing but it doesn't seem to work.

    So my question: Does anyone know how to make the samba client play nice with windows server 2003 encrypted authentication since windows server 2003 doesn't want to play nice with samba? Is there a newer version of samba available, or some kind of plugin?

    Thanks in advance.
     
  2. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #2
    Did you try using "CIFS://server/share/" rather than "SMB://server/share/"?
     
  3. sam-i-am thread starter macrumors member

    Joined:
    Mar 1, 2006
    #3
    That gives me a different error - "Connection Failed: The server may not exist or is not operational .... "

    I found an article about using encrypted passwords in samba here, but I'm not sure it applies to osx. I can't seem to locate any samba configuration file.
     
  4. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #4
    That would mean to be that you didn't use the FQDN of the server and has nothing to do with SMB or CIFS.


    /etc/smb.conf
     
  5. nplima macrumors 6502a

    Joined:
    Apr 26, 2006
    Location:
    UK
    #5
    me too!

    Hi

    I have experienced the same kind of difficulty you described. Same problem happens when you try and log on to a VPN using a Linux box. Actually, it's not only the authentication method, that one was already sorted out. PPTP is implemented on OS X and Linux, with or without the Microsoft MPPE cypher.
    (source: http://pptpclient.sourceforge.net/)
    Trouble is, there is another level of envryption for browsing network shares that is enabled by default in windows 2003, which is disabled in previous NT versions.

    A bunch of people commented here: http://www.macwindows.com/Win2003.html

    Some even wrote that MS UAM is useful only for connecting to appletalk shares on a windows server, which is certainly not the case here.

    All and all it means that these LANs are meant to be for windows clients only, as all others will log on to the VPN with PPTP, then not be able to find anything or browse the remote shares because of some obscure encription option on the server's registry... considering you're already wasting some % of bandwidth with the encrypted tunnel to get in the VPN, most of the problem is probably in the sysadmin's head and in the MS way of doing business by locking people in to proprietary solutions.

    Anyway, since you're using an intel CPU, you might want to experiment or at least pay close attention to developments in the virtualization field, such as an OS X compile of vmware player (www.vmware.com). in my case, I've been able to use a virtual Windows box from a Linux host to print and scan to/from an unsupported Lexmark USB printer...

    If you can get your virtual machine to mount the remote drives, then share them with the Host OS, then you'll get your files on OS X. After you get that working, it's a matter of diplomacy to show your company that you'd have extra work and cost with MS Windows licenses to get your work done, when there's a free alternative in disabling the encryption setting on the W2003 server. Then let's hear the Sysadmin's case on having the encryption setting on for all LAN traffic...

    Best regards,

    Nuno
     

Share This Page