Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Avoid error -5000 with SMB from Windows 2003 servers Network
After installing a Windows 2003 Server and trying to mount a share in Mac OS X, everything was fine in Workgroup mode. However, after putting the Windows server 2003 in Domain Controler mode, I started to have get -5000 errors coming from SMB. The Macintosh File Server is installed.

After some searching, I found that after promoting a Windows Server 2003 to a Domain Controller, you must check the Domain Security Policy and de-activate the "Always secured connection" policy. I don't understand why, but after changing that setting, it works fine.
    •    
  • Currently 2.00 / 5
  You rated: 1 / 5 (4 votes cast)
 
[80,861 views]  

Avoid error -5000 with SMB from Windows 2003 servers | 12 comments | Create New Account
Click here to return to the 'Avoid error -5000 with SMB from Windows 2003 servers' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Avoid error -5000 with SMB from Windows 2003 servers
Authored by: diamondsw on Sep 24, '03 11:44:51AM

This is probably because Windows 2003 's security policy encrypts all SMB traffic. Support from this has only very recently been added to Samba, so it'll be a while yet before we see OS X handle this gracefully.



[ Reply to This | # ]
Avoid error -5000 with SMB from Windows 2003 servers
Authored by: sfuller on Sep 24, '03 05:17:43PM

Yeah. 2003 Server encrypts all traffic by default. Changing that setting will enable encryption for the clients that can handle it (IE real Windows workstations), and also allow connections from clients that do not encrypt their traffic.



[ Reply to This | # ]
Avoid error -5000 with SMB from Windows 2003 servers
Authored by: cbackas on Sep 25, '03 01:39:45PM

Where exactly can this setting be found? Digging around the AD stuff didn't reveal an obvious spot to me; but I'm an AD neophyte so I might just be missing some information that most would take for granted =) Specifics would be greatly appreciated as this stupid error has been bugging me quite a bit. Thanks!



[ Reply to This | # ]
Avoid error -5000 with SMB from Windows 2003 servers
Authored by: rofl on Sep 29, '03 02:42:36AM

Would need a step by step instrcution too... struggling with the domain controller since we got the new server, thanks



[ Reply to This | # ]
Avoid error -5000 with SMB from Windows 2003 servers
Authored by: rofl on Sep 29, '03 05:06:42AM

Okay i got it...

On the Server, open Registry, go to HKey_Local_Machine / System / CurrentControlSet / Services / LanManServer / Parameter / RequireSecuritySignature

set to 0

That's it!



[ Reply to This | # ]
Avoid error -5000 with SMB from Windows 2003 servers
Authored by: rofl on Oct 06, '03 04:28:35AM

One note: If this is a domain controller, you will need to set it with the 'Domain Controller Security Policy' editor under the 'Administrative Tools' Menu. Otherwise it'll be reset nightly.

You need to go to 'Security Settings', 'Local Policies', 'Security Options'. You then need to set the 'Microsoft network server: Digitally sign communications' to disabled. It is enabled by default.



[ Reply to This | # ]
Avoid error -5000 with SMB from Windows 2003 servers
Authored by: bpace on Nov 20, '03 11:45:14AM

Thank you, thank you, thank you!!!!!!! I have been pulling my hair out trying to get this to work.

Never had the problems under 2000 and NT. We configure small networks with a mix of XP, IMacs and server 200X.

I still don't see the UAM volume, but I can now create a simple share on the server, give the users permission, use smb://server and see the available share.

If I forgot to mention it, THANKS



[ Reply to This | # ]
Avoid error -5000 with SMB from Windows 2003 servers
Authored by: wrivet on Dec 01, '03 01:55:58PM

Thanks goes out from me also! However, my Win2003 server shares are hidden (sharename$). These do not show up in the SMB mount selections. Anyway around this? I don't want to create more shares if I can help it...

Thanks in advance!



[ Reply to This | # ]
hidden share on macs
Authored by: geekbsd on Oct 29, '04 02:49:21PM

not sure about this but...
On macs running 10.2 and up
I think when you "go" "connect to server"
in the adress bar you can type the share in like
domain\win2003\machiddenshare$
you maybe able to get to other share this way to
good luck



[ Reply to This | # ]
Avoid error -5000 with SMB from Windows 2003 servers
Authored by: bighead on Sep 28, '03 01:57:26AM

The capacity to connect to W2K3 servers with packet signing enabled is supposed to be present in Samba 3.0, so get out your dev tools and compile away!



[ Reply to This | # ]
Avoid error -5000 with SMB from Windows 2003 servers
Authored by: killerdemouches on Mar 30, '04 11:44:11AM

Samba included in mac os X is able to connect to w2k3 servers with default setting, using command line ( -S flag...)...

So it is not a Samba compilation problem... :-(



[ Reply to This | # ]
Avoid error -5000 with SMB from Windows 2003 servers
Authored by: voltage230v on Mar 18, '04 03:49:03PM

Go to Administrative tools/Domain Controler Security Settings

Open the Snap-in "Local Policies",
Go to "Security Options".

Search this string "Microsoft network server: Digitally sign communications (allways)". Set it to "Disable" .

After that restart the server...... ARRRGH !!! Or Wait 15mn !! To refresh the policies !!!

OR open a shell window and type this command lines to refresh the Security policies :

Windows 2000 : secedit /refreshpolicy MACHINE_POLICY
Windows 2000 : secedit /refreshpolicy USER_POLICY

Microsoft has replaced this command in Windows 2003 and XP with the command

gpupdate

You can run this command without any switches to update both machine and user policies. When you run Gpupdate on Windows 2003, the machine will display the following text:

Refreshing Policy...

User Policy Refresh has completed.
Computer Policy Refresh has completed.

To check for errors in policy processing, review the event log.


Enjoy !!!



[ Reply to This | # ]