Linked by Thom Holwerda on Sat 26th Mar 2011 02:00 UTC
Mac OS X When you run smbd -V on your Snow Leopard installation, you'll see it's running SAMBA version 3.0.28a-apple. While I'm not sure how much difference the "-apple" makes, version 3.0.28a is old. Very old. In other words, it's riddled with bugs. Apple hasn't updated SAMBA in 3 years, and for Lion, they're dumping it altogether for something homegrown. The reason? SAMBA is now GPLv3.
Thread beginning with comment 468220
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Netatalk and Kerberos
by s_groening on Tue 29th Mar 2011 17:23 UTC in reply to "RE: Netatalk and Kerberos"
s_groening
Member since:
2005-12-13

How do you try to mount the share?

-If you're using the links in Finder's Sidebar, you're out of luck, since Apple only uses its own Local KDC setup for this, which needs to be able to discover a remote KDC by use of a special plugin (LKDC Helper og OD Helper) ...

Therefore this approach only works between two Mac OS X computers (server versions included).

Using connect to server, though, works fine for me - full single sign-on from my Linux-based KDC.

-Are you sure your AppleVolumes.default has been setup correctly?

Reply Parent Score: 2

RE[3]: Netatalk and Kerberos
by theosib on Tue 29th Mar 2011 18:13 in reply to "RE[2]: Netatalk and Kerberos"
theosib Member since:
2006-03-02

That's really weird. When I was using PAM, I had no problems with authenticating as any particular user or mounting from the Finder sidebar. But with Kerberos, this doesn't work?

I think I'm just going to go back to using SMB. Netatalk is broken in more ways than just random authentication failures. For instance, if you put a Mac to sleep during a backup, it'll lock up because Netatalk doesn't support Replay Cache.

Thanks anyway for your help.

Reply Parent Score: 2

RE[4]: Netatalk and Kerberos
by s_groening on Thu 31st Mar 2011 09:03 in reply to "RE[3]: Netatalk and Kerberos"
s_groening Member since:
2005-12-13

[...] For instance, if you put a Mac to sleep during a backup, it'll lock up because Netatalk doesn't support Replay Cache.

Thanks anyway for your help.


As steted previously, I suspect this issue is fixed from v. 2.2, which is currently in beta release.

The issue with Finder's Sidebar is only an issue with Kerberos based single sign-on, due to Apple's implementation of Finder's Sidebar.

On Debian and Ubuntu (at least), Netatalk supports DHX and DHX2 password schemes which allows for single sign-on if you save your password in a hidden file in your home directory on the server.

I've never myself used PAM with Netatalk and I've grown to hate Apple's Bonjour notoriously (mainly due to these little oddities Apple tends to introduce every now and them to distance themselves from standards just enough to be incompatible (did anyone say Microsoft??)) so I might not be able to help you with that, as much as I'd wish!

Reply Parent Score: 2