Linked by Thom Holwerda on Sat 26th Mar 2011 02:00 UTC
Mac OS X When you run smbd -V on your Snow Leopard installation, you'll see it's running SAMBA version 3.0.28a-apple. While I'm not sure how much difference the "-apple" makes, version 3.0.28a is old. Very old. In other words, it's riddled with bugs. Apple hasn't updated SAMBA in 3 years, and for Lion, they're dumping it altogether for something homegrown. The reason? SAMBA is now GPLv3.
Thread beginning with comment 468159
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Netatalk and Kerberos
by theosib on Tue 29th Mar 2011 01:59 UTC in reply to "Netatalk and Kerberos"
theosib
Member since:
2006-03-02

Well, I followed your instructions, but no matter what I do, I get access denied when I try to mount. What might I be doing wrong?

I've tried a few other guides to this, and none of them worked either.

Any idea how I might diagnose it? Something's clearly not setup right. BTW, I did restart all the krb and atalk processes.

Reply Parent Score: 2

RE[2]: Netatalk and Kerberos
by s_groening on Tue 29th Mar 2011 17:23 in reply to "RE: Netatalk and Kerberos"
s_groening Member since:
2005-12-13

How do you try to mount the share?

-If you're using the links in Finder's Sidebar, you're out of luck, since Apple only uses its own Local KDC setup for this, which needs to be able to discover a remote KDC by use of a special plugin (LKDC Helper og OD Helper) ...

Therefore this approach only works between two Mac OS X computers (server versions included).

Using connect to server, though, works fine for me - full single sign-on from my Linux-based KDC.

-Are you sure your AppleVolumes.default has been setup correctly?

Reply Parent Score: 2

RE[3]: Netatalk and Kerberos
by theosib on Tue 29th Mar 2011 18:13 in reply to "RE[2]: Netatalk and Kerberos"
theosib Member since:
2006-03-02

That's really weird. When I was using PAM, I had no problems with authenticating as any particular user or mounting from the Finder sidebar. But with Kerberos, this doesn't work?

I think I'm just going to go back to using SMB. Netatalk is broken in more ways than just random authentication failures. For instance, if you put a Mac to sleep during a backup, it'll lock up because Netatalk doesn't support Replay Cache.

Thanks anyway for your help.

Reply Parent Score: 2