We have a NAS server from Adaptec called a Snap Server. You can attach this server to a domain for domain authentication. So the end result is my Windows users simply go to a share and they have access (or not depending on their access). The main point here is they don't have to manual pass authentication (username and password) Windows or SMB is doing it for them. Enter my Mac users. They connect via AFP. The Snap Server DOES allow domain authentication over AFP. When a Mac user hits a share they have to manually input their info and they have to do it as: DOMAIN\UserName Password At the very least I would like to shave off the DOMAIN\ part. Is there any way to specify a default domain name while authenticating over AFP? Ultimately I would like my Mac user to mirror my windows users and not have to enter anything at all. The username and password on the Macs match the Username and password in my domain (not sure if that helps at all). Any ideas would be greatly appreciated!!!
Justin wrote: > At the very least I would like to shave off the DOMAIN\ part. Is there > any way to specify a default domain name while authenticating over AFP? > Ultimately I would like my Mac user to mirror my windows users and not > have to enter anything at all. The username and password on the Macs > match the Username and password in my domain (not sure if that helps at > all). That would be something you'd have to set on your Snap Server. Macs can not join Windows domains and therefore no system is built in to them to append domain names. Check with the appliance's support site for the ability to do this. You could also do this with an AppleScript but that might be kludgy depending on your environment. Hope this helps! -- bill William M. Smith, Microsoft Interop MVP - Mac/Windows Entourage Help Page <http://entourage.mvps.org/> Entourage Help Blog <http://blog.entourage.mvps.org/> YouTalk <http://nine.pairlist.net/mailman/listinfo/youtalk>
What do you mean Macs can not join windows domains? All my Macs are joined to my domain via Active Directory. Each of my Macs' machines names are in my Computer OU in my AD. When one of my Macs attempts to access a share via SMB the domain name is auto filled-out in the domain box on the Mac. I was hoping for something similar in AFP. So, no luck? :( "William Smith" wrote in message news:OoO0IGp4IHA.1056@TK2MSFTNGP05.phx.gbl... > Justin wrote: > >> At the very least I would like to shave off the DOMAIN\ part. Is there >> any way to specify a default domain name while authenticating over AFP? >> Ultimately I would like my Mac user to mirror my windows users and not >> have to enter anything at all. The username and password on the Macs >> match the Username and password in my domain (not sure if that helps at >> all). > > That would be something you'd have to set on your Snap Server. Macs can > not join Windows domains and therefore no system is built in to them to > append domain names. > > Check with the appliance's support site for the ability to do this. > > You could also do this with an AppleScript but that might be kludgy > depending on your environment. > > Hope this helps! > > -- > > bill > > William M. Smith, Microsoft Interop MVP - Mac/Windows > Entourage Help Page <http://entourage.mvps.org/> > Entourage Help Blog <http://blog.entourage.mvps.org/> > YouTalk <http://nine.pairlist.net/mailman/listinfo/youtalk>
Justin wrote: > What do you mean Macs can not join windows domains? All my Macs are > joined to my domain via Active Directory. Each of my Macs' machines > names are in my Computer OU in my AD. Active Directory is not the same as a Windows NetBios domain. You've bound your Macs to a directory service but only Windows computers can be true Windows domain members. Active Directory has no control over the Macs. You can't set policies nor enforce desktop security. The Windows NetBios name is what you're needing to append to the beginning of the user's name. This is automatically added by Windows clients because they are all domain members. The Windows servers recognize the Windows desktop clients as "family" -- "We all belong to the same domain!" > When one of my Macs attempts to access a share via SMB the domain name > is auto filled-out in the domain box on the Mac. If you're seeing the authentication window for SMB then either your Macs are not properly bound to AD or (and this is probably what's happening) your server is not using Kerberos. I'm not sure that Snap Servers have that feature. The reason you're seeing the domain name here is because the Mac's SMB client understands Windows domains and understands it's a domain client (not a member). > I was hoping for something similar in AFP. > > So, no luck? :( Sorry, the AFP protocol knows nothing of Windows domain membership. On a related note, you should pursue Kerberos connections where possible for single-sign-on connections. The only AFP server I know that supports Kerberos is Group Logic's ExtremeZ-IP. It's for Windows Server or Professional and is pretty expensive unless you have a lot of Macs. However, it makes logins seamless (no more authentication). Unfortunately, this won't be an option for an appliance server. Hope this helps! -- bill William M. Smith, Microsoft Interop MVP - Mac/Windows Entourage Help Page <http://entourage.mvps.org/> Entourage Help Blog <http://blog.entourage.mvps.org/> YouTalk <http://nine.pairlist.net/mailman/listinfo/youtalk>
Thanks for all the info William! I'm not too worried about single sign on as users can store login info in key chains. For SMB they always figure out UserName/Password. But for those that lose their saved data or are new to the share ALWAYS create a support ticket because they never remember DOMAIN\. Such is life I guess.
