Carl,
We're experiencing the same issue when accessing DOT 7.2.2 CIFS in Win 2k3 AD with OS X 10.5.1.
We've opened a case with Apple and here's what they came back with:
##### When a Leopard client opens a session, it sends three mechanisms in this order, KRB5, some OID I don't what it is, and MS KRB5. The filer returns an unsupported error.
Apple thinks DOT is just bailing on the first unsupported mechanism and not checking the whole list. Tiger only sent the MS KRB5 mechanism so that is why it works.
Apple is working on building a test of their kerberos library that puts MS KRB5 as the first mechanism to validate the hypothesis. #####
Leopard can authenticate via K5 against MS WIN 2k3 systems fine in our environment, just not against DOT.
Luckily Apple and NetApp are both TSAnet members and can collaborate on the support case.
Do you mind if reference your experience at UWF with NetApp and Apple? And if you don't, do you have a case # with NetApp?
Its interesting to hear of other hi-ed's with this issue. Any others out there? Like other issues in our space it helps to band together.
-=-=- gerald villabroza <geraldv at stanford.edu> technical lead, its storage, stanford university
Carl Howell wrote:
I've stumbled across a problem we're having accessing filer hosted CIFS shares from Mac OS X Leopard 10.5.1. The Leopard boxes I've tried this on are all bound to our Win2k3 Active Directory. If you log into Leopard with your domain credentials and try to access a share on a filer(this happens on all of our filers and all are at 7.x and above), you will be prompted for your password. If you try to access the same CIFS share hosted on a Win2k3 box, you will get right in.
Has anyone else seen this?
Thanks,
--Carl