Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Kerberos and Windows Server

N

nazzario

macrumors newbie
Original poster
May 18, 2015
4
0
Hi

I have a big problem with the kerberos authentication.

At first i describe which steps i tried:

- On Windows Server:
Delegation for host (Mac) enabled, Local Policy (Enable Network Configure encryption types allowed for Kerberos allowed), Attribute Editor msDS-SupportetEncryption enabled.

- On OS X 10.10
Time set on DC Controller, Kerberos Ticket receiving. krb5.conf set, Active Directory Binding enabled,
My problem now is the SSO will not working. We had trying to search the mistake but we don't find the solution.

Can someone help me to find the solution.

What exactly I need to config at Windows Server 2012 R2?

What I need to do at OS X 10.10.

Thanks
 
I had to do three things to bind my work Mac to Server 2008s2, one thing on the Mac.

1. On the Mac I had to setup the System Preferences->Network tab, Advanced button. Then enter the subnet name that is setup in the Server, then after that hit the 'Apply' button in the main Network Pane.

2. With the Server in the User tab setup manually the Mac sharing name to the Compters section.

3. On the Mac (with a Server Admin) open System Preferences-> User & Groups pane and unlock the lane with a local Mac account. Then click the small button 'Join' and follow you noise with a Domain Admin account to bind it to the Server IP and bind it to the Server with a Domain Admin account. Then reboot.

Plus you might have to setup the Server to be a Time Server Server to the Donsin Mschine. On the Mac you just have to set up System Preferences->Date & Time and set it up to the server IP for the Time server (for Kerberos).

Watch this to get the join setup.

 
Hi satcomer

thank you for the description for binding Yosemite to Windows Server.
I tried that before and the binding was success but the single sign on will not working so i think that will be a problem with the kerberos authentication or an setting on server that i forget.
The kerberos Ticket since to be ok but SSO not working.
 
nazzario said:
Hi satcomer

thank you for the description for binding Yosemite to Windows Server.
I tried that before and the binding was success but the single sign on will not working so i think that will be a problem with the kerberos authentication or an setting on server that i forget.
The kerberos Ticket since to be ok but SSO not working.
Click to expand...

Then it sounds like you need to start a Time Server in the Server and then change the OS X System Preference->Date & Time and point the Time server to the IP time server of the Server!
 
Hi satcomer

Thank you for the description.
I had the same IP Adress now as the DC set on my Mac.
It's still not working.

We have the Domain Controller Server on a vSphere Virtualization. Could that be the Problem on Kerberos? The Time Server is the same now.

Thanks.
 
Yes. I did that. I don't know why that will not working. I tried so much things. I tried the same with Windows Server 2008 with another Domain Controller and still the same Problem.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back