Joining Windows client to Leopard PDC domain

Similar Messages

• Trouble joining windows PC to Mac PDC

  I am new to Mac but been working with Windows Networking for years. I plan to replace all our office PC's to Mac's but it will take time. I have followed the instructions in the Open Directory Administrator Guide on joining PC's to a Mac OD PDC. I can't join a Vista or XP to Mac PDC domain. It seems so simple but I get errors. "Insufficient system resources exist to complete the requested service" (on Vista PC)
  The OD log shows...
  "This process has FORKED and you cannot use this COREFUNCTIONILITY PROCESS, You must EXEC()" (xserve)
  SMB is on OD is primary, using PDC functionality.
  Help!
  TIA

  Thanks for the reply.
  I contacted Apple support and the issue is resolved.
  I had the Leopard server installed in a "standard" configuration and then added SMB support. Apple says that this can't be done.
  I re-installed the Leopard in "advanced" configuration and added SMB and it now works great!
  Bruce

• Join Windows PC with Mac Server domain

  Hello
  We are having a Mac OS X Server and few Microsoft PCs. 
  We want to join all PCs into domain of OS X Server.
  Windows is showing error after entering domain name : Active Directory Domain Controller could not be contacted. 
  Please let me know the solution for this issue
  Thanks

  Hi Tattwam,
  Due to this issue is more related to Mac OS X, to get better help, you may contact with the technical support of Apple.
  https://discussions.apple.com/community/mac_os
  Best Regards.
  Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• 10.4.9 as Domain Controller fails daily for Windows clients

  I have a 10.4.9 Open Directory Master server which also serves as a PDC for Windows XP clients. Windows clients can log in and get roaming profiles with shared homes for Mac and Windows environments. This all works fine.
  But, for the last week, every morning, the Windows clients cannot find the domain. I can replace the /etc/smb.conf file with a saved good file, restart the Windows service and all works fine until the next morning, where it fails again. Simply restarting the Windows service does not help; it needs to be reconfigured with a new smb.conf file.
  Mac clients can authenticate and connect via smb. The Windows XP Pro clients are up to date with latest updates, so there could be a problem from that, but the updates don't match the date the problems started. The start of the problem coincided with removing an Open Directory Replica, which was no longer needed. It is probably unrelated, but it is the only change I can think of.
  There must be some overnight process which resets some setting. Anyone have an idea?
  Thanks for any help!
  Mostly Xserve servers   Mac OS X (10.4.9)   400 + node Open Directory domain Win & Mac All Mac servers
  Macs & PCs (too many!)   Mac OS X (10.4.4)  
  Macs & PCs (too many!)   Mac OS X (10.4.4)  

  Tom,
  We destroyed our domain and rejoined all our XP boxes. This did not fix the problem. There appears to be a bug in Apple samba-100.7 (10.4.9).
  As a quick fix we extracted the smbd binary and smbd.plist from a 10.4.8 combo update (Note: you could also grab the files from a working 10.4.8 install)...
  1. Download the 10.4.8 combo update from http://www.apple.com/support
  2. Mount the 10.4.8 update .dmg
  3. In Terminal navigate to the folder containing Archive.pax.gz, in our case this was...
  cd /Volumes/Mac\ OS\ X\ Server\ 10.4.8\ Combined\ Update/MacOSXSrvrCombo10.4.8PPC.mpkg/Contents/Installers/MacOSXSvrCmbBase10.4.8 PPC.pkg/Contents
  4. Copy Archive.pax.gz to a location on your HDD, like Desktop
  cp Archive.pax.gz ~/Desktop
  5. Unzip Archive.pax.gz
  cd ~/Desktop
  gunzip Archive.pax.gz
  6. Grab a copy of Pacifist and use it to open Archive.pax
  7. Using Pacifist, extract (drag and drop) the following files from the archive to your Desktop...
  /System/Library/LaunchDaemons/smbd.plist
  /usr/sbin/smbd
  Note: We are going to replace smb in the next step, best backup the current copies of the above files before proceeding.
  8. Open Terminal again...
  Stop SMB...
  sudo serveradmin stop smb
  Replace samba with 10.4.8 version...
  sudo cp ~/Desktop/smbd /usr/sbin/smbd
  sudo cp ~/Desktop/smbd.plist /System/Library/LaunchDaemons/smbd.plist
  9. Restart SMB and the process is complete...
  sudo serveradmin start smb
  Cheers,
  Tim

• Joining Vista machine to OS X domain

  We're having issues joining Vista client machines to our OS X Server domain.
  When trying to join, the clients get a "specified domain either does not exist or could not be contacted" message, and this shows up in the SMB logs:
  [2009/12/15 16:24:24, 0, pid=21821] /SourceCache/samba/samba-235/samba/source/lib/opendirectory.c:opendirectoryuser_auth_and_sessionkey(580)
  dsDoDirNodeAuthOnRecordType gave -14091 [eDSAuthMethodNotSupported]
  [2009/12/15 16:24:24, 0, pid=21821] /SourceCache/samba/samba-235/samba/source/auth/authodsam.c:opendirectory_smb_pwd_checkntlmv1(387)
  opendirectoryuser_auth_and_sessionkey gave -14091 [eDSAuthMethodNotSupported]
  [2009/12/15 16:24:24, 0, pid=21821] /SourceCache/samba/samba-235/samba/source/libsmb/ntlmsspsign.c:ntlmssp_checkpacket(204)
  NTLMSSP NTLM2 packet check failed due to invalid signature!
  [2009/12/15 16:24:24, 0, pid=21821] /SourceCache/samba/samba-235/samba/source/rpcserver/srv_pipe_hnd.c:process_requestpdu(580)
  processrequestpdu: failed to do auth processing.
  [2009/12/15 16:24:24, 0, pid=21821] /SourceCache/samba/samba-235/samba/source/rpcserver/srv_pipe_hnd.c:process_requestpdu(581)
  processrequestpdu: error was NTSTATUS_ACCESSDENIED.
  I've already found info related to the authentication method on the Vista clients and changed the LAN Manager authentication setting to "Send LM & NTLM - use NTLMv2 session security if negotiated."
  Is there anything else we could try?

  Seems like a server reboot cured the problem. Still don't know what the cause was, however...

• Cannot join Windows XP machines to the Mac PDC domain

  Frustrated...
  Yesterday, I was able to successfully add 5 Windows XP machines to the Mac PDC Domain (lets call it xyz.lan). Those machines show up as valid computer accounts in Workgroup Mananger (PC1$, PC2$, etc.). Users are able to logon to those Windows XP machines using their Mac Open Directory user account and access their home folder, etc.
  This morning, for some reason, I can no longer join XP machines to the Mac PDC domain. On both PCs I tried it with, I receive a "Insufficient System Resources exist to complete the requested service" on the Windows XP machine. I am using the diradmin user account and password to supply credentials. Same exact process as yesterday (which worked fine).
  A couple things of note. I made sure the PDC domain is set to Enabled for allowing Guest Access and that WINS Registration is also enabled. Authentication is lso set for NTLMv2 and NTLM for enabled. I also tried rebooting the server this morning as well. It's running 10.5.4. This was not an upgrade from 10.4, but a fresh install of Leopard.
  No changes were made on the server between yesterday and today that I am aware of.
  Looking at the /var/log/samba/log.smbd log, there are thousands of entries for "This process has forked and you cannot use this corefunctionality process, You must EXEC()" etc... The log also shows failures when the XP machine tries to join to the domain. Log entries are listed showing, "pdbdefault_createuser: failed to add new account for 'PC6$'". Adding PC6$ manually via Workgroup Manager doesn't help either.
  Any idea what to check next? I read so many varied things about Leopard and SMB not quite playing nice. People mentioning they had to go through all sorts of hurdles to get this working. Any advise is welcome.

  Any news about this? I'm having the same problem trying to join a Vista box to the domain. Here are the logs:
  [2009/04/22 13:25:25, 0, pid=42167] /SourceCache/samba/samba-
  187.8/samba/source/passdb/pdbodsam.c:odssamgetsampwnam(1571)
  opendirectorysamsearchname gave -14136 [eDSRecordNotFound]: no
  dsRecTypeStandard:Computers record for account 'VISTA-02$'[2009/04/22 13:25:25, 0, pid=42167]
  /SourceCache/samba/samba-187.8/samba/source/passdb/pdbodsam.c:odssamgetgrnam(2040)
  odssam_getgrnam gave -14136 [eDSRecordNotFound]: no dsRecTypeStandard:Groups record for
  'VISTA-02$'!
  [2009/04/22 13:25:25, 0, pid=42167] /SourceCache/samba/samba-187.8/samba/source/passdb/pdbodsam.c:odssamgetsampwnam(1571)
  opendirectorysamsearchname gave -14136 [eDSRecordNotFound]: no dsRecTypeStandard:Computers record for account 'VISTA-02$'
  kDSStdAuthNewUser was successful for account "vista-02$"
  kDSStdAuthNewUser accountid len(375)"0x49ef53056eb8a2630000009a00000214,1024 35
  129849767195843988386717130686365750405143149807097035240997923637742337040903
  506153973871003812041813
  324419007326669993686871371821246150609561416487672279816850996014745064297496
  041484464380321772803933500334864635264176672399865926313147079923364167109976
  966344241501266923849093477
  545323065093504527714303 [email protected]"
  <CFArray 0x127bb0 [0xa087e1a0]>{type = mutable-small, count = 1, values = (
  0 : <CFDictionary 0x10fa70 [0xa087e1a0]>{type = mutable, count = 3, capacity = 3, pairs = (
  0 : <CFString 0x127230 [0xa087e1a0]>{contents = "dsAttrTypeStandard:RecordName"} = <CFArray 0x1273d0 [0xa087e1a0]>{type = mutable-small, count = 1, values = (
  0 : <CFString 0x127830 [0xa087e1a0]>{contents = "passwordserver"}
  1 : <CFString 0x12b1b0 [0xa087e1a0]>{contents = "dsAttrTypeStandard:PasswordServerLocation"} = <CFArray 0x1276e0 [0xa087e1a0]>{type = mutable-small, count = 1, values = (
  0 : <CFString 0x128030 [0xa087e1a0]>{contents = "10.10.1.102"}
  3 : <CFString 0x10b150 [0xa087e1a0]>{contents = "dsAttrTypeStandard:AppleMetaNodeLocation"} = <CFArray 0x127b60 [0xa087e1a0]>{type = mutable-small, count = 1, values = (
  0 : <CFString 0x125b80 [0xa087e1a0]>{contents = "/LDAPv3/127.0.0.1"}
  [2009/04/22 13:25:26, 0, pid=42167] /SourceCache/samba/samba-187.8/samba/source/passdb/pdbodsam.c:odssamgetsampwnam(1571)
  opendirectorysamsearchname gave -14136 [eDSRecordNotFound]: no dsRecTypeStandard:Computers record for account 'VISTA-02$'
  [2009/04/22 13:25:26, 1, pid=42167] /SourceCache/samba/samba-187.8/samba/source/passdb/pdbinterface.c:pdb_default_createuser(371)
  pdbdefault_createuser: failed to add a new account for 'VISTA-02$'
  [2009/04/22 13:25:30, 2, pid=42171] /SourceCache/samba/samba-187.8/samba/source/smbd/reply.c:reply_special(328)
  netbios connect: name1=10.10.1.102 name2=MYMAC
  [2009/04/22 13:25:30, 2, pid=42171] /SourceCache/samba/samba-187.8/samba/source/smbd/reply.c:reply_special(335)
  netbios connect: local=10.10.1.102 remote=mymac, name type = 0
  [2009/04/22 13:25:30, 2, pid=42171] /SourceCache/samba/samba-187.8/samba/source/lib/module.c:dosmb_loadmodule(64)
  Module '/usr/lib/samba/auth/odsam.dylib' loaded
  Thanks!
  Message was edited by: capc

• Windows 2012 R2 ADRMS domain controller version and Non-domain-joined Mac Client with outlook 2011

  Hi,
  What is the AD version for Windows 2012R2 ADRMS?  Is it possible to have Windows 2003 R2 DC with Windows 2012R2 ADRMS?
  Any installation guide Non-domain-joined Mac Client with outlook 2011?
  What is the SQL version for Windows 2012R2 ADRMS?
  Please advise.  Thanks.
  Kelvin Teang

  Hi Kelvin -
  There is no RMS Client for Macs.  That functionality is actually provided through the Office for Mac application (this is different compared to the PC).  Domain-joined clients will autodiscover the RMS server and should be able to create and consume
  protected content.  Non-domain-joined clients cannot automatically discover their RMS server.  In this scenario, prepare a protected document or email from a domain-joined machine and send it to your non-domain-joined users.  They will open
  the document or email up and the URLs contained in the publishing license of the document will direct them to the correct RMS server. 
  I hope that helps!
  Micah LaNasa
  Synergy Advisors
  synergyadvisors.biz

• How to join windows 7 client to mac osx 10.6 domain controller ?

  Hello,
  I m IT support in school in france, and the network is an heterogen mix between mac os and windows 7 clients.
  The server is under OSx 10.6 and i don t find a workaround/walkthrough to join my windows clients to the domain controller.
  Any solution ?
  An upgrade of samba engine can resolve this issue ? If it can be, how to do this ?
  Thanks and excuse me for my poor english...

  I'm not aware of any particular tie-in between Windows 7 and Domain Controller and Samba and OS X Server Open Directory LDAP Services.
  Samba did provide limited Domain Controller capabilities and can use Domain Authentication, but the Apple installation from 10.6 is an old release and I've had some problems getting that older stuff to work.  You'll likely have to hand-manage Samba to get this to work, by following the directions at the Samba.org web site, too.
  The best resource I've encountered for digging around in this topic area is the archives of the Mac Enterprise mailing list.
  FWIW, Microsoft has (migrated from? abandoned? deprecated?) Domain Controller authentication in favor of Active Directory some years ago, and Apple has abandoned Samba in more recent releases; this is a dead end.  If you are using Windows Server and Active Directory, then OS X Server can be configured in what's called a Magic Triangle configuration; where you have Windows handling Windows authentication, and OS X Server handling OS X authentication, and coordinating across the two.  Or (with newer OS X releases) Apple has improved integration with Active Directory.

• Do SCCM clients need to be domain joined for Windows Patch Deployments

  Hi,
  We have SCCM 2012 R2 deployed in an environment with both workgroup and domain joined machines. Currently only the domained joined machines have the SCCM client installed. We were thinking of bringing patching into SCCM rather than WSUS but were wondering
  if we install the SCCM client on workgroup machines do they need to be domain mebers to work or do they just need to be able to resolve the SCCM server?BAsically, I'm looking for confimation that we can patch non-domain joined machines via SCCM.
  Thanks,
  Simon

  Here's a nice blog post that adds some gotcha and additional detail:
  http://blogs.technet.com/b/configurationmgr/archive/2014/07/01/managing-workgroup-clients-in-system-center-2012-configuration-manager.aspx
  Ultimately, ConfigMgr doesn't care if systems are domain joined or not but there are some nuances and caveats that must be accounted for. 
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Windows client error joining with Samba 4.2 Active Directory server

  I have a basic samba 4.2 ADC setup on CentOS 7 and I get a RPC server not available whenever I attempt to join a windows client to the domain. The smb.conf is default on created during provisioning. All indicated pre-testing seems to work as expected. The windows client finds the domain and recognizes a valid user or not but the last step of joining the domain ends with the error "Unable to join the Domain RPC server not available. Does anyone have any ideas?
  Thanks Paul 
  This topic first appeared in the Spiceworks Community

  I have a scenario for you in active directory when two passwords may be valid:
  Old passwords can also work on domain controllers that have not received replication yet from either the domain controller the password was changed on, or the PDC emulator in the domain.
  Let's take a scenario where we have a 3 site, 3 domain controller (DC) active directory: Site1 with DC1, site2 with DC2 and site3 with DC3.
  The ACS application resides in Site3 and is configured to use DC3 for authentication. We have a user "user1" with a password of "123".
  User1 decides to call the helpdesk and changes his password to "456".
  The helpdesk uses DC1 to make password changes because they are located in site1. For a period of time (based on replication, which defaults to 3 hours between sites) the 123 password and the 456 password will be
  valid.
  If the user1 user tries the "123" password it will work until DC3 receives the changed password from normal replication. If user1 tries to use 456, DC3 will flag this as a wrong password, and then check the PDC
  emulator of the domain to see if it has received a newer password. The PDC emulator will validate the login, and then trigger an immediate replication with DC3.
  Regards,
  ~JG
  Do rate helpful posts

• OD Master/PDC, 10.4.11, why xp clients unable to locate domain controller?

  After a migration/upgrade from 10.3.9 to 10.4.11 Server, windows XP clients are intermittently unable to log in to or even bind to the PDC running on that server.
  I did a clean format and install from the 10.4 media, choosing the standalone server type, and applied all the Software Updates, I got forward and reverse DNS working for my zone, then I followed the instructions at http://www.afp548.com/article.php?story=20050615173039158 to move my OD from a working 10.3.9 server to 10.4.
  This server goes against the usual recommendations, as it provides DNS, OD master, PDC and file services to 32 clients all in the same subnet, 20 running Windows XP SP2 and 12 running OS X Client 10.4.x or 10.5.x.
  File services and various other users of the OD/LDAP, for example Wildfire Jabber/XMPP server and Apache2/LDAP running on a separate Linux server, are able to authenticate against the new 10.4.11 OD.
  However, at this point the symptoms become intermittent approx. 40% of the Windows XP clients were unable to log in with various domain accounts, yielding errors of the form "Unable to find domain FOO". If I remove a client from the domain by joining it to WORKGROUP and rebooting, then try to join FOO again, I'll get an error, "Unable to locate Domain Controller for FOO..."
  The set-up:
  My server's FQDN is myserver.foo.example.com
  The server's DNS is authoritative for the 10.10.10.0/24, foo.example.com zone and I have the trailing dot's in the right places, so ping myserver.foo.example.com, ping myserver, and ping 10.10.10.10 (server's example IP from the foo.example.com zone) all work correctly.
  The DHCP server for this vlan is providing my DNS server to the clients, but is providing no netbios server. The XP clients are all set to use the DHCP server setting, which, according to the TCP/IP Advanced Settings panel, means that they'll revert to netbios over tcp/ip since no wins server is specified.
  In Server Admin->Windows->General:
  Role: Primary Domain Controller (PDC)
  Description: FOO Domain at example.com
  Computer Name: myserver
  Domain: FOO
  Server Admin->Windows->Access:
  Allow Guest Access: Check
  Client Connections: Unlimited
  Authentication: NTLMv2 & Kerberos, NTLM, and LAN Manager: All check
  Logging->Log Detail: High
  Advanced->Code Page: Latin US
  Services: Workgroup Master browser and Domain master browser: check
  WINS Registration: Off
  Homes: Enable virtual share points: check
  Should my Windows service on 10.4.11 be providing WINS or not? If so, should the DHCP server be set to point the clients to it? If not, how do the XP clients reliably resolve the FOO domain?
  Why did all these XP clients work fine with a 10.3.9 Windows PDC but don't work with 10.4.11?
  Another strange point - I can use the XP-side 'net view' command to poke around and things look reasonable. I.E. even the clients that aren't joined to the domain and can't locate the domain controller will return sane results for 'net view /domain:FOO'.

  The new PDC does use the same domain name as the old PDC, and the SID mismatch is at least partially to blame. After I'd performed the upgrade and confused the windows clients, I saw the advice on using samba's net command to duplicate the old PDC's SID to the new PDC. Maybe someday I'll have the opportunity to try that.
  I resorted to removing all the XP clients from the domain and re-joining them. The XP clients were still able to contact the domain intermittently. I used various command-line tools on the XP side, including the built-in net command as well as some others I downloaded such as the quite useful http://www.joeware.net/freetools/tools/findpdc/index.htm, as well as the client-side error messages during the domain join attempts and the messages in the Event log, to determine that the clients couldn't find the domain.
  The XP client TCP/IP settings state that the clients will revert to using netbios if no WINS server is specified, but that clearly wasn't working reliably, so I just enabled the WINS server on the PDC, told the DHCP server to hand out its address for the netbios-related options for that subnet, rebooted the PDC, waited a while for things to settle out, and now all the clients can reliably find the PDC.
  I still have no idea why the WINS-less set-up worked in 10.3 server but didn't work in 10.4 server, but believe me, I'll remember it now!

• Windows 7 or Windows Server 2008 R2 domain join displays error "Changing the Primary Domain DNS name of this computer to "" failed...."

  Hi,
  Windows 7 or Windows Server 2008 R2 domain join displays error "Changing the Primary Domain DNS name of this computer to "" failed...."
  DC:windows Server 2008 R2
  Domain functional level:Windows Server 2003
  When Winxp join domain, have no this error message.
  I checked http://support.microsoft.com/kb/2018583?wa=wsignin1.0 does't work.
  There have 3 suggestion in this article:
  1.The "Disable NetBIOS over TCP/IP" checkbox has been disabled in the IPv4 properties of the computer being joined.
  Doesnt's work.
  2.Connectivity over UDP port 137 is blocked between client and the helper DC servicing the join operation in the target domain.
  On my DC, I run netstat -an, reslut as below:
   UDP    192.168.20.3:137       *:*
  3.The TCP/IPv4 protocol has been disabled so that the client being joined or the DC in the destination domain targeted by the LDAP BIND is running TCP/IPv6 only.
  We are not using IPV6.
  This server recently updated from Windows Server 2003 to Windows Server 2008 R2. Before upgrade, when Win7 and Win2008 join this domain, also have the same error message.
  Please help to check this issue.
  Thank you very much.
  BR
  Guo YingHui 

  Hi Guo Ying,
  I have faced this critical error which makes over-writes the host names in the domain when you join.
  For example: Already you had a host name called as PC.domain.com in the domain.com Domain.
  When you try to add the another host name called as PC in the domain.com Domain, it doesn't give you the duplicate name error on the network it does over-write the existing host name called as PC.domain.com & it will add the new host name into the domain.
  Host name which got over-written will get removed from the domain. I faced this issue in my project. My DPM host name got removed from the Domain & new host name got joined into the domain which halted my backups for one day.
  Final Resolution is as follows:
  You need to start the dns console on the DC & drop down the domain name.
  Select the _msdcs when you click on _msdcs it will show the Name Server's list on the right hand side.
  You need to add the Domain Naming Master under the _msdcs or add all the domain controllers which you had.
  After you add the Name server's try joining the PC OR Laptop to the domain which is successfully joins it.
  Regards
  Anand S
  Thanks & Regards Anand Sunka MCSA+CCNA+MCTS

• SMB Slow connection with upgrade to SnoW Leopard and Windows Clients.

  <pre>
  Dear,
  I have now upgraded my MAC OS X LEOPARD 10,5,8 to new SNOW LEOPARD 10,6,2 and if some problems disappear I have a newer big one !
  Now every time a Windows CLient try to connect to a SMB Share of SL server that take a long time about 10-15 seconds to open after that depending on client OS that could be nice for a moment (windows 7 and XP) or browsing stay very slow like for 2003 server connecting to Share on S.Leopard.
  Could you please help me.
  My SL are the main SMB share computer with all data it is connect like other clients to AD (SBS2003).
  I have a SBS2003 server that are Master of Domain
  and a Server 2008 acting like Terminal Server also member server of domain.
  Here are kind of log I receive from SMBD.LOG: I suppose the Credentials problem when connecting are my explanation but how to avoid that !
  2009/11/14 13:37:06, 2, pid=64803 /SourceCache/samba/samba-235/samba/source/smbd/reply.c:reply_special(332)
  netbios connect: name1=MACSRV name2=NOMAD
  2009/11/14 13:37:06, 2, pid=64803 /SourceCache/samba/samba-235/samba/source/smbd/reply.c:reply_special(339)
  netbios connect: local=macsrv remote=nomad, name type = 0
  2009/11/14 13:37:08, 2, pid=64794 /SourceCache/samba/samba-235/samba/source/lib/module.c:dosmb_loadmodule(64)
  Module '/usr/lib/samba/auth/odsam.dylib' loaded
  2009/11/14 13:37:10, 2, pid=64803 /SourceCache/samba/samba-235/samba/source/smbd/sesssetup.c:setupnew_vcsession(1273)
  setupnew_vcsession: New VC == 0, if NT4.x compatible we would close all old resources.
  2009/11/14 13:37:10, 2, pid=64803 /SourceCache/samba/samba-235/samba/source/lib/module.c:dosmb_loadmodule(64)
  Module '/usr/lib/samba/auth/odsam.dylib' loaded
  2009/11/14 13:37:18, 2, pid=64803 /SourceCache/samba/samba-235/samba/source/smbd/sesssetup.c:setupnew_vcsession(1273)
  setupnew_vcsession: New VC == 0, if NT4.x compatible we would close all old resources.
  2009/11/14 13:37:28, 0, pid=64803 /SourceCache/samba/samba-235/samba/source/lib/opendirectory.c:getopendirectoryauthenticator(247)
  failed to read DomainAdmin credentials, err=67 fd=15 errno=2
  2009/11/14 13:37:28, 0, pid=64803 /SourceCache/samba/samba-235/samba/source/lib/opendirectory.c:opendirectoryuser_auth_and_sessionkey(580)
  dsDoDirNodeAuthOnRecordType gave -14091 eDSAuthMethodNotSupported
  2009/11/14 13:37:28, 0, pid=64803 /SourceCache/samba/samba-235/samba/source/auth/authodsam.c:opendirectory_smb_pwd_checkntlmv1(387)
  opendirectoryuser_auth_and_sessionkey gave -14091 eDSAuthMethodNotSupported
  2009/11/14 13:37:28, 0, pid=64803 /SourceCache/samba/samba-235/samba/source/lib/opendirectory.c:getopendirectoryauthenticator(247)
  failed to read DomainAdmin credentials, err=67 fd=28 errno=2
  2009/11/14 13:37:28, 2, pid=64803 /SourceCache/samba/samba-235/samba/source/auth/auth.c:checkntlmpassword(309)
  checkntlmpassword: authentication for user fabrice -> fabrice -> fabrice succeeded
  2009/11/14 13:37:28, 2, pid=64803 /SourceCache/samba/samba-235/samba/source/lib/module.c:dosmb_loadmodule(64)
  Module '/usr/lib/samba/vfs/darwin_streams.dylib' loaded
  2009/11/14 13:37:28, 2, pid=64803 /SourceCache/samba/samba-235/samba/source/lib/module.c:dosmb_loadmodule(64)
  Module '/usr/lib/samba/vfs/darwinacl.dylib' loaded
  2009/11/14 13:37:28, 2, pid=64803 /SourceCache/samba/samba-235/samba/source/lib/module.c:dosmb_loadmodule(64)
  Module '/usr/lib/samba/vfs/notify_kqueue.dylib' loaded
  2009/11/14 13:37:28, 1, pid=64803 /SourceCache/samba/samba-235/samba/source/smbd/service.c:makeconnectionsnum(1092)
  nomad (192.168.2.20) connect to service NetDown initially as user fabrice (uid=501, gid=20) (pid 64803)
  I also have some kind of following message:
  2009/11/14 13:35:18, 0, pid=64579 /SourceCache/samba/samba-235/samba/source/lib/utilsock.c:readdata(534)
  read_data: read failure for 4 bytes to client 192.168.2.20. Error = Connection reset by peer
  NOte that initialy I don't have problem with MAC OS Client but to be sure they use SMB I have desactived AFP server on SNOW LEOPARD SERVER and now they can't browse the share in finder but when connection via COMMAND+K and SMB://server/share that give now the same error but a little bit faster than windows clients.
  Could you help me to troubleshout that problem ?
  Thanks for your help.
  Felee
  </pre>

  Dear CarlosGBA,
  So when you put 2 computers of your network in WORKGROUP in place of DOMAIN the 38 others works fine ? Strange ?
  I have about 15 computers, some are already in workgroup other are linux smb other MAC, the data server are MAC OS X SL, the problem appear for all windows machines, I have try to dissable NTLMV2 and Kerberos since it is probably the faulty element with opendirectory,but always without success !
  I don't know what I can do to trouble shout, I hope next release 10.6.3 come soon and correct about all SMB problem ! Probably a dream only ! Since I ask my self if Apple want to correct something andwhy is this problem let without solutionso long ! For a company it is a big problem.I suppose that Apple never read this forum and never answer our problem ! May be I should contact the support phone to be helped !
  Thanks for you help.

• Windows Client Binding Failure in a different subnet - Snow Leopard Server

  hi all,
  We are running SL 10.6.6 mini mac on a subnetted domain - The svr subnet is 10.20.10.xxx
  Clients (mac & win xp) are in subnets 10.20.12.xxx & 10.20.13.xxx
  Linux Firewalls separate the subnets although for the purposes of this topic and setup i have set the default policy to accept with no drop rules prior.
  The issue is that a win xp client cannot see the SL server. The win XP client does a NETLOGON broadcast i.e. (10.20.13.255 UDP 137) which does not make it to the netlogon service being advertised by the SL Server.
  If i put the win xp client in the 10.20.10.xxx (the SL Svr subnet) all works fine and the win xp client authenticates correctly.
  Is anyone out there running a similar setup (different subnets with Win XP Clients) I'm interested in how you got the binding/auth process working.
  Some side info on the SL Svr - Its a PDC domain master which has 2 replica's attached. All instructions appear to have been followed correctly as per 10.6 OD admin guide. I have all the Mac OS server essentials book and have been trolling through them for answers.
  I have setup SMB and configured it as per a previous thread http://discussions.apple.com/thread.jspa?threadID=2014572&tstart=0
  Any help/thoughts/ pearls of wisdom would be appreciated.
  Cheers
  Cowan

  Problem Fixed. Windows XP client did not have WINS server IP address is TCP/IP properties.

• Windows Server 2003 DC / ADC Domain Join Problem

  Hi,
  I have Windows Server 2003 DC configured. It is Catalog Server and it holds all the fsmo roles .Also DNS Server too.
  Now I created an additional domain Controller (ADC) _ dns server + i made it a global catalog server too,
  The problem is when i shutdown my dc, I am not able to join client machines to the domain.
  It says " The domain controller could not be contacted"
  DNS Successful queried srv records..
  the following domain controllers were found:
  In the client pc , i have set up dns of dc and alternate dns of adc.
  Why is this problem occurring?
  Samvit

  It says " The domain controller could not be contacted"
  This is a DNS resolution problem.
  Please make sure that each of your DCs is:
  Pointing to the other one as primary DNS server
  Points to its private IP address as secondary one
  Points to 127.0.0.1 as third DNS server
  Once done, restart netlogon service and run ipconfig /registerdns. For client computers, you need to make sure that they point to both DCs as primary and secondary DNS servers. As for the public DNS servers, they need to be configured on
  your DCs as forwarders.
  More details about recommendations for DCs IP settings here: http://social.technet.microsoft.com/wiki/contents/articles/18513.active-directory-replication-issues-basic-troubleshooting-steps-single-ad-domain-in-a-single-ad-forest.aspx
  If this does not help the please check that there is no filtering between DCs and clients with DCs.
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password