Kerberos and Windows Server

Discussion in 'Mac OS X Server, Xserve, and Networking' started by nazzario, May 18, 2015.

  1. nazzario macrumors newbie

    Joined:
    May 18, 2015
    #1
    Hi

    I have a big problem with the kerberos authentication.

    At first i describe which steps i tried:

    - On Windows Server:
    Delegation for host (Mac) enabled, Local Policy (Enable Network Configure encryption types allowed for Kerberos allowed), Attribute Editor msDS-SupportetEncryption enabled.

    - On OS X 10.10
    Time set on DC Controller, Kerberos Ticket receiving. krb5.conf set, Active Directory Binding enabled,
    My problem now is the SSO will not working. We had trying to search the mistake but we don't find the solution.

    Can someone help me to find the solution.

    What exactly I need to config at Windows Server 2012 R2?

    What I need to do at OS X 10.10.

    Thanks
     
  2. satcomer macrumors 603

    satcomer

    Joined:
    Feb 19, 2008
    Location:
    The Finger Lakes Region
    #2
    I had to do three things to bind my work Mac to Server 2008s2, one thing on the Mac.

    1. On the Mac I had to setup the System Preferences->Network tab, Advanced button. Then enter the subnet name that is setup in the Server, then after that hit the 'Apply' button in the main Network Pane.

    2. With the Server in the User tab setup manually the Mac sharing name to the Compters section.

    3. On the Mac (with a Server Admin) open System Preferences-> User & Groups pane and unlock the lane with a local Mac account. Then click the small button 'Join' and follow you noise with a Domain Admin account to bind it to the Server IP and bind it to the Server with a Domain Admin account. Then reboot.

    Plus you might have to setup the Server to be a Time Server Server to the Donsin Mschine. On the Mac you just have to set up System Preferences->Date & Time and set it up to the server IP for the Time server (for Kerberos).

    Watch this to get the join setup.

     
  3. nazzario thread starter macrumors newbie

    Joined:
    May 18, 2015
    #3
    Hi satcomer

    thank you for the description for binding Yosemite to Windows Server.
    I tried that before and the binding was success but the single sign on will not working so i think that will be a problem with the kerberos authentication or an setting on server that i forget.
    The kerberos Ticket since to be ok but SSO not working.
     
  4. satcomer macrumors 603

    satcomer

    Joined:
    Feb 19, 2008
    Location:
    The Finger Lakes Region
    #4
    Then it sounds like you need to start a Time Server in the Server and then change the OS X System Preference->Date & Time and point the Time server to the IP time server of the Server!
     
  5. nazzario thread starter macrumors newbie

    Joined:
    May 18, 2015
    #5
    Hi satcomer

    Thank you for the description.
    I had the same IP Adress now as the DC set on my Mac.
    It's still not working.

    We have the Domain Controller Server on a vSphere Virtualization. Could that be the Problem on Kerberos? The Time Server is the same now.

    Thanks.
     
  6. satcomer macrumors 603

    satcomer

    Joined:
    Feb 19, 2008
    Location:
    The Finger Lakes Region
    #6
    Also did you setup the Server workgroup name in OS X's SystemPreferences->Network, Avanced button?
     
  7. nazzario thread starter macrumors newbie

    Joined:
    May 18, 2015
    #7
    Yes. I did that. I don't know why that will not working. I tried so much things. I tried the same with Windows Server 2008 with another Domain Controller and still the same Problem.
     
  8. jared_kipe macrumors 68030

    jared_kipe

    Joined:
    Dec 8, 2003
    Location:
    Seattle

Share This Page