大大，我遇到真正高難度問題啦！救救我

內容

autumnshe · #1 文章由 **autumnshe** » 08/19/2005 12:40 pm

因為公司只有我是一個人使用mac，偏偏公司又有網域ABC
我以翻前文去Directory Access裡把群組設成ABC
但我去finder->network->ABC是看到其他電腦
但我要抓取分享資料卻出現替身不存在，無法使用？？？
這是什麼意思啊！
還有我用smb://server ip但也是不能進去
但我家就可以，只差個網域設定啊！會不會是我網域沒加入成功，
但我之前windows system notebook即使不加入網域，我還是可以
抓到server的資料夾啊
請大大救救我

ulysses · #2 文章由 **ulysses** » 08/19/2005 1:50 pm

精華區...

janusng · #3 文章由 **janusng** » 08/19/2005 2:14 pm

還有一個提示，Mac OS X 的網路狀態顯示，更新比較慢，有時要等上幾分鐘，才見到新加入的伺服器。可能閣下一會再試，便行了。

autumnshe · #4 文章由 **autumnshe** » 08/19/2005 2:23 pm

大大，我以看過精華區了啊
我有請我們網管看過
我們是win2003網域，所以是不能加入AD了吧
我們網管是這樣說得，精華區也是這麼說
殘念

進藤光 · #5 文章由 **進藤光** » 08/19/2005 2:58 pm

Windows 2003 使用了加強的加密協定，目前的 Samba 版本不支援這種加密，所以無法用 Mac 內建的 Directory Access 連線。

你說的是這個嗎？恭喜！！
只要 Windows Server 2003 啟用了 AD，smb 就連不上 Server 共用的資料夾....

於是你只好繞一圈進去.... 不裝魔戒說的，只好裝 VPC....

autumnshe · #6 文章由 **autumnshe** » 08/19/2005 4:38 pm

這是怪我不該用mac，還是ein故意不支援mac
唉！天意總是不近人意

進藤光 · #7 文章由 **進藤光** » 08/19/2005 5:13 pm

還有一個好辦法！！

啥都不用做，直接等 Mac OS X 10.5.....

不然就要跟我一樣，來原廠討論區爬英文囉.....

http://discussions.info.apple.com/webx? ... 68b7164e/0

We have finally gotten our Mac Tiger to Win 2003 Server SMB file sharing back operational again. I wanted to give a little account of the long and winding path we took to the final solution(s) in hopes that i may be helpful for others out there that have had similar problems.

Background:
1) We have three macs in a primarily PC office in China. We had been using straight SMB file sharing with our Windows 2003 AD Server since Panther days with no problems (but had never been able to get the Active Directory setup with the macs).
2) We all upgraded to Tiger at the same point our IT manager made some changes on the AD server; therefore, when we no longer were able to connect via SMB we weren't sure if it was Tiger or Windows AD that was the root issue.
3) When we tried connect via SMB we got the "Alias XXX can't be found. Do you want to delete, fix, etc"
4) We were, however, able to connect to the SMB connection via the terminal through "smbclient //SERVER/SHARE NAME -W "workgroup name" - U "username"
5) We tried to clean the keychain like some of the posts had recommended with no result.
6) We also did a clean reinstall of one of the Macs with no result.
7) We then realized the error must be coming from the AD server and realized we needed to "disable" "Microsoft Network Servers: Digitally Sign Communications (Always) in the AD Domain Controller Secruity Settings. This was a recomendation from back in the Panther days but since we never had a problem with Panther, we never really paid much attention to it. Anyway, this instanly fixed the problem.
However, we also ran into a problem with the freshly installed mac where we were not able to see any of the windows network shares. We realized this issue was directly related to either the "Enable Stealth Mode" and/or "Block UDP Traffic" being activated in the "Advanced" tab of the Tiger Firewall. Once we disabled these, all worked. Strangely enough, we did not find this problem with the other macs that we had done an archive and install on...

Anyway, these are just some of the issues we worked through and hope they may be of some help. Our next journey will be to try to get the Macs to connect via Active Directory but have been stumped on the "invalid domain or forrest" error for quite some time.

mengte · #8 文章由 **mengte** » 08/19/2005 5:22 pm

我也是網管，公司同樣是2003網域。
我也有mac...
不需要將mac加入網域啊...
請你的網管將GPO裡面的digital signing關掉就好了。
一切就OK。

進藤光 · #9 文章由 **進藤光** » 08/19/2005 5:35 pm

這麼神奇？有空我也來試試看....

同一篇也有提到

Now, if you and Peebles can solve our AD binding issue we will send you all the Chinese rice wine you can stomach! I was hoping that digital signing issue would kill two birds with one click but no such luck.

這個寫得難以閱讀：

Here is what I've found. After setting the encrypt passwords = no in the smb.conf, on my Windows 2003 Server (my Domain Controller), I had to change Domain Controller Security Policy. Administrative Tools>Domain Controller Security Policy then Local Policies>Security Options. Look for the policy Microsoft network server: Digitally sign communications (always) and change this to Disabled, but leave Microsoft network server: Digitally sign communications (if client agrees) intact. Exit out of the Policy Editor and wait at least 15 minute or so for AD to replicate. After making these changes, I was able to mount shares from the Go Menu as well as from the CLI using mount_smbfs. I still got the mount_smbfs: No credentials cache found krb5_cc_get_principal error from the command line, but the share still mounted. It also didn't seem to affect my Windows XP clients which functioned properly. I don't make any guarantees, but this worked for me. Remember to be very judicious in tracking your changes (proper change control) so that you can back out if necessary. My Tiger install was already bound to Active Directory prior to making these additional changes. Again I urge caution; This was all done in my test lab environment at home, NOT ON AN ENTERPRISE OR CORPORATE NETWORK THAT PEOPLE RELY ON TO DO BUSINESS.

http://discussions.info.apple.com/webx? ... 8afb5e8/76

ulysses · #10 文章由 **ulysses** » 08/19/2005 8:36 pm

Windows 2003 的網域主要就是密碼傳送的問題，你可以先照精華區設定試試看，真不行的話建議你買一套 ADmitMac

http://www.thursby.com/products/admitmac.html

不便宜，不過也不是天價。

autumnshe · #11 文章由 **autumnshe** » 08/24/2005 11:24 am

嗯,我得到答案是
誰叫你用mac的,那不是我的事,我只負責讓windows system
可以正常順利動作就好,且不是我去配合你,而是你要配合我server
....................=皿=

進藤光 · #12 文章由 **進藤光** » 08/24/2005 11:34 am

本公司的網管就是我～～我樂得改設定來配合我的 Mac.... 哈哈哈～～～只不過我還沒空去試....

因為不太敢亂試.... AD 這玩意很討厭，一個搞不好就完了....怪問題就跑出來啦～～我都是先 Ghost 再來試....

我現在正在裝 Mac OS X Server，等我通通搞定，我就把 Windows Server 趕出去，改用 Mac OS X Server，然後叫整個公司的 WinXP 通通給我配合 Mac OS X！！哇哈哈哈～～～

那個網管就不要哪天離職，跑來我們公司應徵囉～～～我保證會特別給他好好照顧的......

autumnshe · #13 文章由 **autumnshe** » 08/24/2005 3:34 pm

哈哈哈
很難吧
我們是高考進來的，裡面爽的不得了
就是大家講的萬年公務員
沒意外話，除非調職，不然它應該都是這個位置

進藤光 · #14 文章由 **進藤光** » 08/24/2005 4:12 pm

找個駭客入侵一下，換掉網頁，竊取資料，他很快就會消失在你眼前...

autumnshe · #15 文章由 **autumnshe** » 08/24/2005 4:29 pm

近藤兄，這個方法不錯喔！
我會找我同學幫幫我^^
若是你要毛遂自薦，歡迎pm給我

進藤光 · #16 文章由 **進藤光** » 08/24/2005 11:37 pm

咳～～來說正經事....

關於 GPO 的【數位簽章】的相關設定是不是在這裡：

無論我怎樣啟用和停用，還是一樣耶..... Mac 仍然沒辦法用 smb:// 連上 AD 共用檔案夾...

這裡也有相關討論：
http://www.macosx.com/content/faq.php/q ... ssues.html

另外還找了一些資料，不過都沒辦法解決！！
不知道是我設錯了？？還是阿光我笨？？

autumnshe · #17 文章由 **autumnshe** » 08/25/2005 10:56 am

沒錯，近藤兄
你這方法我之前已用過，確定是不行的
那不是單純密碼問題。
好像牽扯到同訊協定問題，兩個系統架構不同，協定也不同。
沒辦法，誰叫AD是微軟獨們生意

janusng · #18 文章由 **janusng** » 08/25/2005 11:25 am

進藤光寫:無論我怎樣啟用和停用，還是一樣耶..... Mac 仍然沒辦法用 smb:// 連上 AD 共用檔案夾...

有打全路徑嗎？即是：

代碼: 選擇全部

smb://domain;host/folder$

mengte · #19 文章由 **mengte** » 08/25/2005 11:48 am

進藤光你設錯了，以下是我家公司我做的設定，基本上要相容98,NT(會降低安全性)就要這麼設:
----------------------------------------
microsoft 網路用戶端: ....SMB---已停用
microsoft 網路用戶端: ....(如果伺服器同意)---已啟用
microsoft 網路用戶端: ....(自動)---尚未定義
microsoft 網路伺服器: ....中斷用戶端連線---尚未定義
microsoft 網路伺服器: ....(如果用戶端同意)---已啟用
microsoft 網路伺服器: ....(自動)---已停用

網域成員: ....已啟用
網域成員: ....尚未定義
網域成員: ....尚未定義
-----------------------------------------
改完之後要等1～2小時讓GPO生效，或是在目標電腦下gpupdate /force ，或重開機，這應該知道吧！？
確定目標電腦套用GPO後，再用SMB://IP連就可以了。當然，他會跟你要網域帳號密碼，輸入就連上啦！

MacChiyuan · #20 文章由 **MacChiyuan** » 08/25/2005 12:14 pm

試過 cifs://server/folder 嗎？