Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Authenticating to Windows 2000 and XP networks Network
I have access to Macs on two Windows networks that I visit regularly. All are running MacOS X, and all are able to work well with the networks in question - from the Mac end, that is. I have never been able to authenticate to any of the Mac from any of the Windows computers, despite following all the rules, until very recently.

The solution, and as far as I can make out this is undocumented, involves the following:
  1. Make certain the Macs are part of the Windows domain (use Directory Access (in /Applications -> Utilities) to change from WORKGROUP to match the Windows domain name)
  2. This is the key step. Rename the account to which you are logging in to DOMAINUsername (you'll probably need Root access to do this). For example, if your username is John Doe and the Domain Name is Foo, rename the Mac account to FOOJohn Doe. The short login name stays unchanged, but that's OK.
  3. Log into the Mac from a Windows machine using the short name and password you have always used for the Mac account.
I haven't seen this trick mentioned anywhere else, but the standard approach of simply checking the "Allow User to log in from Windows" in the User Preferences pane has never worked for me on either of the Windows networks I visit. I'd love to hear of a better solution, since the limitation of this approach being that it allows access only to the resources in the account in question, not other general-access folders on the hard disk. But hey, it works.

[robg adds: I access my Mac from my work XP box regularly, and I didn't have use step #2; I did have to set the domain to match, but once that was done, I can login as my standard user with full admin privileges to see the whole hard drive ... can anyone shed any light on why this doesn't seem to work in all cases?]
    •    
  • Currently 1.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (1 vote cast)
 
[12,334 views]  

Authenticating to Windows 2000 and XP networks | 12 comments | Create New Account
Click here to return to the 'Authenticating to Windows 2000 and XP networks' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Authenticating to Windows 2000 and XP networks
Authored by: domger on Sep 04, '03 10:20:07AM

W2k and WinXP handle correctly connection to Macs because of a better support for multi-user. Win95 and 98 are dummy and are unable to connect to ressources on ANY computer (not just Mac) using a username different from the one use for login on the Windows domain.

Clearly, it means that if you log a Windows 98 box to a domain using a user X, you can't expect to connect to a share on any computer on the network if the user X is undefine on that computer...



[ Reply to This | # ]
Authenticating to Windows 2000 and XP networks
Authored by: gregrclayton on Sep 04, '03 11:56:04AM

There is a good artical on modifying your Mac OSX windows network settings at the following URL:

http://www.macdevcenter.com/pub/a/mac/2003/03/18/samba.html



[ Reply to This | # ]
Authenticating to Windows 2000 and XP networks
Authored by: stevec on Sep 04, '03 01:24:53PM

After having problems connecting the OTHER way (Mac to Winders) and getting those -36 errors. I made a couple of changes, specifically adding a WINS server IP (Under Active directory thie actually IS one of these, ask your admin) and UNchecking other unneeded authentication methods in Directory Services. leaving only Appletalk and SMB active.

It also seems to help to connect using the IP address (IE SMB://10.10.10.151), if the server name does not work. You could also try the FQDN (IE: SMB://server.company.com). if the NetBIOS name does not work (IE SMB://SERVERNAME)



[ Reply to This | # ]
Authenticating to Windows 2000 and XP networks
Authored by: glenstorm on Sep 05, '03 08:58:03AM

One thing I have found that that link leaves out is that you need to add a specific username line in your smb.conf file. This username is one of the users of the Mac OSX system.

Your shared segment would look something like this:

[shared]
comment = Shared Directory
path = /Users/Shared
read only = no
browseable = yes
create mode = 755
username = joeshmoe

Only after entering this line was I able to log in to a Mac from a Win98 machine on my network.



[ Reply to This | # ]
Authenticating to Windows 2000 and XP networks
Authored by: abs24 on Sep 05, '03 10:46:37AM

I was able to login to a wins 98 machine as long as it had the same username and password as the Mac, but did not have to add that line to the smb.conf file. If you add the line, does the wins 98 machine need to have the same username and password as the Mac?



[ Reply to This | # ]
Authenticating to Windows 2000 and XP networks
Authored by: abs24 on Sep 04, '03 03:55:02PM

What do you mean by domain name? Where would I find this if it is different than the workgroup name?



[ Reply to This | # ]
Authenticating to Windows 2000 and XP networks
Authored by: domger on Sep 04, '03 05:38:53PM

domain and workgroup are almost the same... In fact, a PC can be member of a workgroup (just a have to set the same workgroup on every PC, no WinNT or W2k server required) or you can have a server which control a domain and all other PC logs on that domain (kind of server oriented workgroup)...

In a domain, you can manage user on the server, in a workgroup, you need to define users on each PC.



[ Reply to This | # ]
Could someone else please explain this
Authored by: abs24 on Sep 05, '03 10:40:48AM

Thanks for trying to answer the question above, but I still do not understand. If anyone else could answer this I would be grateful. Again, thanks.



[ Reply to This | # ]
Could someone else please explain this
Authored by: apwin on Sep 05, '03 11:57:29PM

A domain is described on a Win 2K Domain Controller in standardform, eg, foo.company.com. You can also define a short name which can be used by non-Win 2K clients to access the domain's resources, eg, just FOO, and it appears as a workgroup name to non Win 2K cilents.

The upshot of all this in practice is that anyone on the network, whether they are on a Win2K box or not, can just use FOO as a domain name or a workgroup name.

In MacOS X, the SMB service in Directory Access shows WORKGROUP as the default workgroup name. You can just change this to FOO, and the Mac appears in the domain along with all the Windows machines.



[ Reply to This | # ]
Authenticating to Windows 2000 and XP networks
Authored by: Helge33 on Sep 30, '03 12:10:23PM

I would suspect this is related to different username conventions on XP and OSX which require a translation. I got an extra line in my smb.config:

username map = /etc/pc_users

pc_users is a simple ASCII file with username translations:

<OSX User Name> = <Windows User Name>

So if you got "Joe Smith" as XP Username and jsmith as the OSX Unix account name the line. No "artificial" usernames required on your Mac;-)

jsmith = "Joe Smith"

would identify Joe as a valid user for the OSX samba server

Cheers, Helge



[ Reply to This | # ]
Authenticating to Windows 2000 and XP networks
Authored by: chrisk2 on Jan 22, '04 10:29:10AM

We are trying to set up an Xserve on a Windows 2000 domain. The problem: We want the Xserve to get the usernames and passwords from the windows domain to authenticate users.
Can anyone help me with this?



[ Reply to This | # ]
Authenticating to Windows 2000 and XP networks
Authored by: eaprince on May 05, '04 04:00:13PM

I believe you would need to integrate an LDAP server into the network for the Mac to tap into to get login info.

---
--Erik
eaprince@excite.nospam.com



[ Reply to This | # ]