Indiana University
University Information Technology Services
  
What are archived documents?

In Mac OS X 10.3, how can I make SMB connections to Windows servers?

Note: The following instructions assume you are using Mac OS X 10.3.9 or later.

Mac OS X 10.3 (Panther) does not support NTLMv2, the authentication protocol used by Windows servers bound to ADS. To work around this problem, you have two alternatives. The first is to upgrade your computer to Mac OS X 10.4 (Tiger), which does support NTLMv2. Alternatively, you may configure Kerberos on your computer for Indiana University's network. To enable the most basic use of Kerberos in Mac OS X for authentication to online resources that use Kerberos, follow these steps:

Note: Though they are not required, the following instructions will also work for Mac OS X 10.4.

  1. Configure your Kerberos settings for IU. The easiest way to do this is to download and install the Indiana University Kerberos Installer, available on IUware at: http://iuware.iu.edu/title.aspx?id=562

    Alternately, you can configure your settings manually by following these steps:

    1. Obtain the IT Security Office (ITSO) krb5.conf file from: https://itso.iu.edu/krb5.conf
    2. Rename the krb5.conf file to edu.mit.Kerberos and place it in this directory: /Library/Preferences/

      If you already have an edu.mit.Kerberos file, you may already be able to use Kerberos authentication.

    3. Navigate to the directory /System/Library/CoreServices/ and find the Kerberos application. Drag the Kerberos icon to the Dock.

  2. Open the Kerberos application and do the following:

    1. In Mac OS X 10.4, in the application window, click New.

      In Mac OS X 10.3, click the Get Ticket... button.

    2. In the "Name:" field, enter your IU Network ID username.
    3. Make sure the Realm is set to IU.EDU .
    4. Enter your IU Network ID passphrase and click OK.

    A Kerberos ticket should appear in the Kerberos application window.

  3. Try to connect to a Windows share. You should not need to re-enter your username or passphrase to make the connection. You should also be able to make connections to other Kerberos-enabled resources without re-entering your Network ID.

Also see:

This is document atse in domain all.
Last modified on March 07, 2007.
Please tell us, did you find the answer to your question?