Must connect to file share requiring authentication against AD

Similar Messages

• Cannot  connect to file shares on Yosemite server v4.0

  I have a fairly new installation of a Mac Mini Server.  As a Linux specialist I find some of the things frustrating but the rest of the office has a much easier life as things just work. Except for file sharing. If I use finder, use the shared section of the to display the network, find my server and double click to open up file share options, it refuses and says it cannot connect. I then use Finder>Go>Connect to Server and enter the SMB Server name as smb://[SERVER_NAME]/ and it immediately connects and I can connect to all drives successfully.
  When I check the system.log after after the unsuccessful connect attemt using Finder, The following is in the log:
  Feb 11 09:08:11 brtsrv00.identitylabs.uk digest-service[27507]: label: default
  Feb 11 09:08:11 brtsrv00.identitylabs.uk digest-service[27507]: dbname: od:/Local/Default
  Feb 11 09:08:11 brtsrv00.identitylabs.uk digest-service[27507]: mkey_file: /var/db/krb5kdc/m-key
  Feb 11 09:08:11 brtsrv00.identitylabs.uk digest-service[27507]: acl_file: /var/db/krb5kdc/kadmind.acl
  Feb 11 09:08:11 brtsrv00.identitylabs.uk digest-service[27507]: digest-request: uid=0
  Feb 11 09:08:11 brtsrv00.identitylabs.uk digest-service[27507]: digest-request: netr probe 0
  Feb 11 09:08:11 brtsrv00.identitylabs.uk digest-service[27507]: digest-request: init request
  Feb 11 09:08:11 brtsrv00.identitylabs.uk digest-service[27507]: digest-request: init return domain: BRTSRV00-IDENTI server: BRTSRV00 indomain was: <NULL>
  Feb 11 09:08:11 brtsrv00.identitylabs.uk digest-service[27507]: digest-request: uid=0
  Feb 11 09:08:11 brtsrv00.identitylabs.uk digest-service[27507]: digest-request: init request
  Feb 11 09:08:11 brtsrv00.identitylabs.uk digest-service[27507]: digest-request: init return domain: BRTSRV00-IDENTI server: BRTSRV00 indomain was: <NULL>
  Feb 11 09:08:13 brtsrv00.identitylabs.uk kdc[25915]: Got a canonicalize request for a LKDC realm from local-ipc
  Feb 11 09:08:13 brtsrv00.identitylabs.uk kdc[25915]: Asked for LKDC, but there is none
  Feb 11 09:08:13 brtsrv00.identitylabs.uk sandboxd[582] ([25915]): kdc(25915) deny file-read-data /private/etc/krb5.conf
  Feb 11 09:08:13 brtsrv00.identitylabs.uk digest-service[27507]: digest-request: uid=0
  Feb 11 09:08:13 brtsrv00.identitylabs.uk digest-service[27507]: digest-request: init request
  Feb 11 09:08:13 brtsrv00.identitylabs.uk digest-service[27507]: digest-request: init return domain: BRTSRV00-IDENTI server: BRTSRV00 indomain was: <NULL>
  Feb 11 09:08:13 brtsrv00.identitylabs.uk digest-service[27507]: digest-request: uid=0
  Feb 11 09:08:13 brtsrv00.identitylabs.uk digest-service[27507]: digest-request: init request
  Feb 11 09:08:13 brtsrv00.identitylabs.uk digest-service[27507]: digest-request: init return domain: BRTSRV00-IDENTI server: BRTSRV00 indomain was: <NULL>
  Feb 11 09:08:13 brtsrv00.identitylabs.uk digest-service[27507]: digest-request: uid=0
  Feb 11 09:08:14 brtsrv00.identitylabs.uk digest-service[27507]: digest-request od: ok user=BRTSRV00-IDENTI\\ghorne proto=ntlmv2 flags: ENC_128, NEG_VERSION, NEG_TARGET_INFO, NEG_NTLM, NEG_TARGET, NEG_UNICODE
  Feb 11 09:08:14 brtsrv00.identitylabs.uk rpcsvchost[27362]: passwd entry for uid=1031 homedirectory invalid
  If I connect using Finder>Go> Connect to Sever I get the same error but the difference is the file shares are visible in the "Select the volumes you want to mount box" and I can mount the shares with no additional errors successfully. Please excuse me I am not very graphically savvy with OS-X (or OS-X for that mater). (Happy with Solaris, OpenBSD or Linux) I am a command line junkie (deep linux dude). Struggling to find my way around some of the things Apple DO. I am not sure I like people taking some of my toys and levers away.
  Any clue how to solve this issue?

  I am using fully qualified domain names for all servers on my network.  I have multiple domains untold virtual machines etc and services everywhere as it is a dev environment.  I use smb://brtsrv00.identitylabs.uk/ and it works without fault. Still no authentication from the Finder discovery.  Sorry I am a bit knew to to OS-X even though I have used different MacBook's for over 7 years.  DO a lot of VMware Fusion server development so don't touch OS-X much.  By the way, the name is provided by DNS and both the forward reverse lookup is correct. (dig brtsrv00.identitylabs.uk and dig -x 10.0.1.3)

• Unable to connect to file shares on xserve running 10.3.9

  I just inherited a client that is running two xserves running 10.3.9. The servers are running workgroup manager/open directory. One server was out of commision due to a hardware issue. Users are divided equally on the two servers. The servers are only running OD and file sharing.
  Any users who have their home directories on server A are able to connect to AFP shares fine. Any users who have their home directories on server B cannot connect to the AFP shares. When I look in the Server Admin program it does not have AFP even listed. And if I run disk repair utilities it says "AFP/appletalk listener not enabled because appletalk is off".
  How do I turn this on if it is not listed as a check box?

  Firefox 4 requires at least OS X 10.5 and an Intel Mac. There is a third party version of Firefox 4 that runs on OS X 10.4/10.5 and PPC Macs, for details see http://www.floodgap.com/software/tenfourfox
  If you prefer, you can get the latest version of Firefox 3.6 from http://www.mozilla.com/en-US/firefox/all-older.html
  Mozilla are working to prevent Mac users with non-compatible systems from getting the notification about Firefox 4, and also not displaying the "Download Firefox 4" button on http://www.mozilla.com

• Cannot connect to file share since upgrading to Lion

  Since i updated my desktop Mac Pro from the snow cat to Lion, i can no longer connect remotely to file shares (from two different MacBook, both also running Lion). The Mac Pro shows up in Finder ok and automatically, but when i try to connect, via Connect As and specifying the proper login, it fails with a vague error. The same if i try connection via Apple ID. If i try to connect via Cmd+K and entering afp://MyMacPro.local, i get asked for a password, then shown the proper list of available shares (i don't get that far when connecting via the Finder's sidebar!), but after selecting one, it still fails, with the same vague ("there was a problem connecting") error.
  if i try to connect from terminal with mount_afp, i get an error -1069:
  MyMacBook:~ mh$ mount_afp afp://MyUser:[email protected]/MyShare /Volumes/test
  mount_afp: AFPMountURL returned error -1069, errno is -1069
  i have of course tripple-checked that file sharing is still enabled on my Mac Pro, and that the firewall is disabled. i *can* connect in the oposite direction, frommy Mac Pro to the laptops.
  Any ideas or suggestions?
  thanx,
  marc

  I have the same issue. I can't find anything on here that works to fix it. Worked just fine this morning before I had to install the upgrade. Grr. Any other ideas?

• Connecting to OS X file shares from Linux

  I need to connect to file shares on an OS X computer and mount them on a Linux server.
  Every resource I've seen seems to try to do this the other way around.
  I can ping the OS X computer so I know it can see it. I have enable SMB under sharing and set a user with permissions.
  However if I call
  smbclient -L <mac ip address> -U testuser
  I get the following errors
  timeout connecting to <ip>:445
  timeout connecting to <ip>:139
  Error connecting to <ip> (Operation already in progressm)
  Connection to <ip> failed (Error NTSTATUS_ACCESSDENIED)
  Anyone got any ideas at all?

  Have you looked in /var/log/samba to see if there are any logged messages that tell you what the server is thinking?
  You might also look at /var/log/security.log to see if there is anything about the NTSTATUS_ACCESSDENIED error.

• Every file requires authentication

  My friend got a new imac and migrated all her files from her laptop to the new imac. This came over as user LAPTOP. Her new imac is user IMAC. I used public drop box to move files from LAPTOP to IMAC. I moved all the folders out of the public folder to her desktop. Now every single one of those folders and the files within require authentication. How do I open files without requiring authentication. And how do I set up mac so all files/folder can be seen by everyone? Thx.

  You did the migration wrongly. I strongly suggest restoring it to factory specs and on first boot use the setup assistant to do the migration. After doing that she can change the user name. See Best Practices and Setup new Mac for details.

• Windows File Share configuration from AIX Portal

  Hi,
  we want to connect a Windows file share as  KM  Repository to a portal running on AIX.
  The network path is configured using jCIFS and user (DOMAIN.NET\USERNAME) is entered with password. The corresponding path is also entered in the FS Repository manager using ACLSecurity manager. A Windows System is not configured .
  In the repository managers monitoring view our new repository manager shows a green button. In the KM however, it is not visible. The portal log shows the following error:
  "Cannot retrieve credentials from URL for file 'DOMAIN.NET; USERNAME/' "
  We tried to connect the file share with the same user/password. This worked fine.
  Is there something else to configure ?
  Any help will be appreciated.
  Thanks
  Marcus

  Hi,
  the problem was the passwort. Using "?, %" or other special characters interpreted in a URL may not be used.
  After changing password to a alphanumeric everything works just fine.

• Cluster Aware Updating File Share

  I don't understand the file share requirements when configuring the Hotfix plugin. What permissions are needed on this share? I have downloaded all of the hotfixes needed and just need to create the share now.
  MCITP Exchange 2010 | MCITP Lync Server 2010 | MCTS Windows 2008

  Hi Vegas,
  As to "Restrict access to the hotfix root folder" please refer to following link:
  http://technet.microsoft.com/en-us/library/847b571b-12b3-473c-953f-75a5a1f51333#BKMK_ACL
  " If the script is located on a network file share, ensure that you configure the file share for Read permission for the
  Everyone group, and restrict write access to prevent tampering with the files by unauthorized users. "
  Please refer to following link:
  http://technet.microsoft.com/en-us/library/jj134224.aspx
  Best Regards
  Elton Ji
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Cannot open your default e-mail folders. You must connect to Microsoft Exchange with the current profile before you can synchronize your folders with your Outlook data file (.ost)

  Fresh installation of Exchange Server 2013 on Windows Server 2012.
  Our first test account cannot access their email via Outlook but can access fine through OWA. The following message appears - "Cannot open your default e-mail folders. You must connect to Microsoft Exchange with the current profile before you can synchronize
  your folders with your Outlook data file (.ost)" is displayed.
  If I turn off cached Exchange mode, setting the email account to not
  cache does not resolve the issue and i get a new error message - "Cannot open your default e-mail folders. The file (path\profile name).ost is not an Outlook data file (.ost). Very odd since it creates its own .ost file when you run it for the first
  time.
  I cleared the appdata local Outlook folder and I tested on a new laptop that has never connected to Outlook, same error message on any system.
  Microsoft Exchange RPC Client Access service is running.
  No warning, error or critical messages in the eventlog, it's like the healthiest server alive.
  Any help would be greatly appreciated. I haven't encountered this issue with previous versions of Exchange.

  So it looks like a lot of people are having this issue and seeing how Exchange 2013 is still new (relatively to the world) there isn't much data around to answer this. I've spend ALOT of time trying to figure this out.
  Here is the answer. :) - No I don't know all but I'm going to try to give you the most reasonable answer to this issue, in a most logical way.
  First thing I did when I was troubleshooting this issue is that I ignored Martina Miskovic's suggestion for Step4 http://technet.microsoft.com/library/jj218640(EXCHG.150)because it didn't make sense to me because I was trying to connect
  Outlook not outside the LAN but actually inside. However, Martina's suggestion does fix the issue if it's applied in the correct context.
  This is where the plot thickens (it's stew). She failed to mention that things like SSL (which I configure practically useless - anyone who ever worked in a business environment where the owner pretty much trusts anyone in the company, otherwise they don't
  work there - very good business practice in my eyes btw, can confirm that...) are some sort of fetish with Microsoft lately. Exchange 2013 was no exception.
  In exchange 2003, exchange 2007 and exchange 2010 - you could install it and then go to outlook and set it up. And when outlook manual Microsoft Exchange profile would ask you for server name, you would give it and give the name of the person who you setting
  up - as long as machine is on the domain, not much more is needed. IT JUST WORKS! :) What a concept, if the person already on premises of the business - GIVE HIM ACCESS. I guess that was too logical for Microsoft. Now if you're off premises you can use things
  like OutlookAnywhere - which I might add had their place under that scenario.
  In Exchange 2013, the world changed. Ofcourse Microsoft doesn't feel like telling it in a plain english to people - I'm sure there is an article somewhere but I didn't find it. Exchange 2013 does not support direct configuration of Outlook like all of it's
  previous versions. Did you jaw drop? Mine did when I realized it. So now when you are asked for your server name in manual outlook set up and you give it Exchange2013.yourdomain.local - it says cannot connect to it. This happens because ALL - INTERNAL AND
  EXTERNAL connection are now handled via OutlookAnywhere. You can't even disable that feature and have it function the reasonable way.
  So now the question still remains - how do you configure outlook. Well under server properties there is this nice section called Outlook anywhere. You have a chance to configure it's External and Internal address. This is another thing that should be logical
  but it didn't work that way for me. When I configured the external address different from the internal - it didn't work. So I strongly suggest you get it working with the same internal address first and then ponder how you want to make it work for the outside
  users.
  Now that you have this set up you have to go to virtual directories and configure the external and internal address there - this is actually what the Step 4 that Martina was refering to has you do.
  Both external and internal address are now the same and you think you can configure your outlook manually - think again. One of the most lovely features of Outlook Anywhere, and the reason why I had never used it in the past is that it requires a TRUSTED
  certificate.
  See so it's not that exchange 2013 requires a trusted certificate - it's that exchange 2013 lacks the feature that was there since Windows 2000 and Exchange 5.5.
  So it's time for you to install an Active Direction Certificate Authority. Refer to this wonderful article for exact steps - http://careexchange.in/how-to-install-certificate-authority-on-windows-server-2012/
  Now even after you do that - it won't work because you have to add the base private key certificate, which you can download now from your internal certsrv site, to Default Domain Policy (AND yes some people claim NEVER mess with the Default Domain Policy,
  always make an addition one... it's up to you - I don't see direct harm if you know what you want to accomplish) see this: http://technet.microsoft.com/en-us/library/cc738131%28v=ws.10%29.aspx if you want to know exact steps.
  This is the moment of ZEN! :) Do you feel the excitement? After all it is your first time. Before we get too excited lets first request and then install the certificate to actual Exchange via the gui and assign it to all the services you can (IIS, SMTP and
  there is a 3rd - I forgot, but you get the idea).
  Now go to your client machine where you have the outlook open, browse to your exchange server via https://exchang2013/ in IE and if you don't get any certificate errors - it's good. If you do run on hte client and the server: gpupdate /force This will refresh
  the policy. Don't try to manually install the certificate from Exchange's website on the client. If you wanna do something manually to it to the base certificate from the private key but if you added it to the domain policy you shouldn't have to do it.
  Basically the idea is to make sure you have CA and that CA allows you to browse to exchange and you get no cert error and you can look at the cert and see that's from a domain CA.
  NOW, you can configure your outlook. EASY grasshoppa - not the manual way. WHY? Cause the automatic way will now work. :) Let it discover that exachange and populate it all - and tell you I'm happy! :)
  Open Outlook - BOOM! It works... Was it as good for you as it was for me?
  You may ask, why can't I just configure it by manual - you CAN. It's just a nightmare. Go ahead and open the settings of the account that got auto configed... How do you like that server name? It should read something like [email protected]
  and if you go to advanced and then connection tab - you'll see Outlook Anywhere is checked as well. Look at the settings - there is the name of the server, FQDN I might add. It's there in 2 places and one has that Mtdd-something:Exchange2013.yourdomain.local.
  So what is that GUID in the server name and where does it come from. It's the identity of the user's mailbox so for every user that setting will be different but you can figure it out via the console on the Exchange server itself - if you wish.
  Also a note, if your SSL certs have any trouble - it will just act like outlook can't connect to the exchange server even though it just declines the connection cause the cert/cert authority is not trusted.
  So in short Outlook Anywhere is EVERYWHERE! And it has barely any gui or config and you just supposed to magically know that kind of generic error messages mean what... Server names are now GUIDs of the [email protected] - THAT MAKES PERFECT
  SENSE MICROSOFT! ...and you have to manage certs... and the only place where you gonna find the name of the server is inside the d*** Outlook Anywhere settings in the config tab, un it's own config button - CAN WE PUT THE CONFIG ANY FURTHER!
  Frustrating beyond reason - that should be Exchange's new slogan...
  Hope this will help people in the future and won't get delete because it's bad PR for Microsoft.
  PS
  ALSO if you want to pick a fight with me about how SSL is more secure... I don't wanna hear it - go somewhere else...

• AD accounts can no longer connect to Lion AFP File Shares

  I am running into an issue where AD users can no longer connect to AFP file shares. If you attempt to authenticate with one of our Lion server's local accounts, you connect without any issues, but if you put network credentials in then you get the window shake denial. This issue just came up this morning. I attempted unbinding and rebinding the machine, updating from 10.7.2 to 10.7.3, removing and re-adding share point permissions, turning file sharing off then on, and still no network account authentication.
  Anyone have any advice for how to get network credential authentication to AFP filesharing working again?

  You could enable the AFP server access log:
  sudo serveradmin settings afp:activityLog=yes
  and then look at log at /Library/Logs/AppleFileService/AppleFileServiceAccess.log
  to see if that offers any clues.

• AFP file shares missing sub folders until re-connect?

  Wondering if anyone else has seen this behavior, I found similar stuff about SMB but not AFP. Users are connectiong to an OS X 10.6.8 server file share (clients are 10.6.8 and 10.7.X), and some sub folders appear missing, the user must reconnect and they will then show up. All the people complaing have shortcuts to the shares set up in the side bar, some poeple say they didn't use the shortcut to connect. Could be a red hearring, but seems to have some connection. All the files are really still there and reconnecting to the server fixes, aside form inconvienince,  people freak out thinking someone delted everything. Nothing in the server logs seems to indicate a problem...

  You could enable the AFP server access log:
  sudo serveradmin settings afp:activityLog=yes
  and then look at log at /Library/Logs/AppleFileService/AppleFileServiceAccess.log
  to see if that offers any clues.

• Unable to Connect to Windows File Shares

  Steps I take to attempt to connect to a Windows File Share within the office. Being relatively new to the Mac, I am curious on why I am not able to connect to Windows File Shares.
  1. Command-K
  2. Server Address: smb://[server-hostname]/[sharename]
  3. Click Connect
  4. Connecting To Server..... (takes a short amount of time)
  5. SMB/CIFS File System Authentication
  - I then enter the domain, username and password
  6. Click OK
  7. Error: Could not connect to the server because the name or password is not correct.
  What gives? I have confirmed and validated server hostname, sharename, appropriate persmissions for windows account, etc. I have tried IP Address instead of hostname, same outcome.
  Any Ideas?
  MacBook Pro 17"   Mac OS X (10.4.8)  

  Hi Arus, not really a Windows® expert, but I think I've seen were putting the Domain name in there fixed it, but I can't find the exact way to do it, this is the closest I could find...
  "If I try to connect to smb://domain, that's when I can authenticate. If I try smb://machine/share, I still get the error -43."
  http://discussions.apple.com/thread.jspa?messageID=4727809&#4727809

• My Macbook (early 2008) no longer connects to my iMac. Any solutions beyond turning file share on?

  Greetings,
  I'm able to see and connect to my MacBook (early 2008) from my iMac, but not the other way around. File share is on and match. Any solutions?

  What operating systems are on each?  Are you connecting wirelessly, or via some sort of wires?

• File Share Pod in Meeting Room: File Names Changed by Connect 9?

  In Connect 9.1 I create meeting rooms. After I have one "just right" I move it to the My Templates folder, to be used in future as the basis for other meeting rooms. The room that I put in My Templates folder contains a File Share Pod, and in that I uploaded three PDF files (small file size).These PDF files had names like "Course Journal" and "Job Aid".
  BUT, when I created a new meeting room based on the template room, the File Share Pod in the new room contained the right number of files, but with names like "/p4cofh5hqse/".
  How can I make Connect use my file names instead of the names it assigns?
  My alternatives now seem to be two:
  - In each of my new rooms, open the File Share Pod and rename each file (if I make 5 rooms, and each has 5 files, you can see this will take a lot of time and wasted energy)
  - Don't put files in the original meeting room's File Share Pod. Then upload files into each new room's File Share Pod from either my local machine or from Shared Content or My Content. Again, a lot of work.
  Thanks, Colleagues, for posting some suggestions/answers!

  It looks like it is taking the name from the URL for the content object. Try uploading the files to your Content library and give them a custom URL, like course_journal and job_aid. Then place those files in the file share pod of the template room and see if it takes the name or the url to the rooms created from it. Maybe not a 100% solution, but may be a good enough work around to save you more pain and effort.
  This sounds like a bug to me. Maybe worth reaching out to support to see if they can qualify it as one or identify the root problem causing the issue.

• Issue with G4 connecting to a Windows File Share

  We have a single MAC G4 that our marketing department uses for graphic development. when we first setup the PC we were able to connect to our Windows shares on the network. For better than a year now we have had intermittent problems with connecting to our Windows file share. It would drop the TCP connection to the file share, you would need to go back a re-authenicate to the share. Two weeks ago the problem worsened, we can't connect the to Windows files share at all now. I have tried different users accounts including my own which has domain admin authority. However I have a samba file share and a snap server running on the network and I am able to connect to these machines with no issues. I suspect a configuration problem, but not sure where to look next.
  The MAC is running the following OS version and Kernel
  OS 10.3.9 (7W98)
  Kernel Darwin 7.9.0
  Any guidance would be appreciated

  I just figured it out myself.