I have a Mac Mini server running Server 10.6.7, and I'm running it on a mixed network. I've used Workgroup Manager to add users to the LDAP directory, but I'm running into problems authenticating users from Windows machines.
The main problem I'm getting is when I try to access the server from a Windows machine. If I type the server's IP address in the address bar, it prompts me for a username and password. With one username, I don't get any problem. With another username, it acts as if it doesn't recognize the account. I noticed that connecting via AFP on my works just fine with all user accounts, so I checked the SMB logs. Here's what it says. Let me just say that looking at the two accounts in Workgroup Manager, I can't see any differences between the accounts that do work with SMB and those that don't. I even created a new test account, and it doesn't work with SMB. I did recently upgrade to 6.7, not sure if that had anything to do with it.
Anyway, the error from the logs.
Any ideas?
The main problem I'm getting is when I try to access the server from a Windows machine. If I type the server's IP address in the address bar, it prompts me for a username and password. With one username, I don't get any problem. With another username, it acts as if it doesn't recognize the account. I noticed that connecting via AFP on my works just fine with all user accounts, so I checked the SMB logs. Here's what it says. Let me just say that looking at the two accounts in Workgroup Manager, I can't see any differences between the accounts that do work with SMB and those that don't. I even created a new test account, and it doesn't work with SMB. I did recently upgrade to 6.7, not sure if that had anything to do with it.
Anyway, the error from the logs.
Code:
[2011/04/26 19:51:10, 0, pid=3099] /SourceCache/samba/samba-235.6/samba/source/lib/opendirectory.c:get_opendirectory_authenticator(247)
failed to read DomainAdmin credentials, err=67 fd=19 errno=34
[2011/04/26 19:51:10, 0, pid=3099] /SourceCache/samba/samba-235.6/samba/source/auth/pampass.c:smb_pam_account(567)
smb_pam_account: PAM: User mgawi is NOT permitted to access system at this time
[2011/04/26 19:51:10, 0, pid=3099] /SourceCache/samba/samba-235.6/samba/source/auth/pampass.c:smb_pam_accountcheck(784)
smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User mgawi!Any ideas?
Even though I've only started working with Mac OS X server a couple months ago, I should have caught the problem much sooner. It seems like when you create a new user in Workgroup Manager, it doesn't automatically add them to services (such as SMB). But when you create them via Server Preferences > Users, it loads them up with SMB, iCal, Mail, etc. So... as soon as I went to Server Preferences > Users and edited the services for the user (mgawi), it worked fine.
