Set Windows Server 2003 to allow Mac connections
Mar 08, '05 09:02:00AM
Contributed by: Anonymous
Microsoft Windows Server has a some vaguely-worded options which must be disabled to allow OS X's Samba to connect. I never did fix the "name or password is incorrect" error connecting via Samba to my Windows 2000 Server install, so I always passed data back and forth using an XP machine. Seeking to end that kluge with my new Windows 2003 Server install, I hacked everything I could find on the OS X side to no avail. I finally gave up and turned to the Domain Server for salvation. Eventually, I found the right settings:
Start -> All Programs -> Administrative Tools -> Domain Controller Security Policy. You can ignore any errors about truncated strings ... gotta love one-button alerts. Then navigate into Local Policies: Security Options, and set the following:
- Microsoft Network Server: Digitally sign communications (always): DISABLED
- Microsoft Network Server: Digitally sign communications (if client agrees): ENABLED
Now, if you want the Server to be able to connect to the Macs on the network, or any Samba server (I think), set the following in the same Local Policies: Security Options area:
- Microsoft Network Client: Digitally sign communications (always): DISABLED
- Microsoft Network Client: Digitally sign communications (if server agrees): ENABLED
And finally, if you want the domain's Windows boxes to be able to connect to the Mac/Samba, set the following:
- Domain Member: Digitally encrypt or sign secure data channel (always): DISABLED
- Domain Member: Digitally encrypt secure data channel (when possible): ENABLED
- Domain Member: Digitally sign secure data channel (when possible): ENABLED
I suppose these same policies are found in a similar location in Windows 2000 Server, but I'm not going to reinistall it just to know. Why all of this was so hard to find and/or figure out, I don't know -- it seems pretty simple once I collected it all from about 10 different places.
Warning: This hint lowers your network's security a bit, use at your own risk.
[robg adds: I can't test this one, nor can I vouch for the impact it has on security. If anyone has any comments one way or the other, please add them. And yes, I know it's not really an OS X hint, but it's a hint to help OS X machines in a Windows-server world...]
Comments (24)
Mac OS X Hints
http://hints.macworld.com/article.php?story=20050302023720578