The CyberStore Mac range of appliance also support replication and failover. With the ever increasing requirement for Apple Mac storage in the working environment, Broadberry CyberStore Mac storage solutions are available in both high performance storage and high capacity or a combination of both. If the rack mounted range of CyberStore Mac storage solutions are not suitable we also offer tower solutions which are quiet enough to be used in an office environment. These appliances can also be added to via the external JBOD systems providing high density, low-cost storage for Apple Mac. If it needs to be set up, use the command sudo dsconfigad -enableSSO, then recheck with ktutil.Our range of CyberStore Mac DAS storage servers include 1U applances with 4 drive bays, 2U 8 and 12 bay appliance, 3U 16 drive bay and 4U, 24, and 36 drive bay Apple Mac storage appliances.(Note: it will also contain a bunch of and maybe also entries ignore these.) Check whether the Mac is Kerberized properly with the command sudo ktutil -k /etc/krb5.keytab list - if the result includes entries ending you're good.If you're prompted for credentials when connecting to the Mac server, but allowed in when you supply them, you probably need to set this up:
#APPLE MAC SERVER UPDATE#
I've seen it fail to update properly after a change (essentially, it seems to cache the SACL failure) this seems to go away if you leave it long enough, but if nobody's using the Mac server yet, you can use the brute force solution: reboot the server.ĮDIT: once that's fixed, you may also have to enable AD's Kerberos single-sign-on on the Mac server. The interface is essentially the same, just in the Groups rather than Users section (and then verify it in the Users section). If File Sharing is not enabled for the user(s) in question, you can enable it per-user (either individually or by selecting a bunch of them and setting them all at once), but it's usually easier to manage if you set it by group. You can check this by going into Server.app -> Users in the sidebar -> from the popup menu above the users list choose "Users from ADDOMAIN" -> select chalstead (or some other AD user you can test with) -> from the action (gear icon) menu under the user list choose "Edit Access to Services" -> check whether the "File Sharing" service is enabled. What you describe sounds consistent with the AD users not being in the Mac server's SACLs (Service Access Control Lists). I suspect I'm missing something far more basic. I'm curious about this SACL membership failure, but not sure if that's a tree to bark up right now. In the log viewer built into server.app, I do see one weird error in the AFP log saying: Jul 15 15:18:42 AppleFileServer : **** - "SACL membership failure for user chalstead" 0 0 0 Unfortunately, OpenDirectory doesn't appear to have any/many options to fiddle with in Server.app. I'm guessing that only the AD integration is working in my magic triangle, but the OD integration is not. * access other network resources they have permission to (like our regular file server), without being prompted for credentials * log in with Active Directory credentials My shared folder is configured like this: The mac server's DSCONFIGAD is as follows: mac-server:~ macadmin$ dsconfigad -showĬreate mobile account at login = Disabled I've tried prefixing the username with the domain, but no luck.ĭNS is working properly, and the client can resolve both mac-server and our AD domain controller When a client uses Go -> Connect to server, and specifies either smb://mac-server/sharedfolder or afp://mac-server/sharedfolder, the user is prompted for credentials, and domain credentials don't work (shaking window rejection). What isn't working is sharing a folder from the mac server to clients.
#APPLE MAC SERVER MAC OS X#
I have the really important part of my magic triangle working - Mac OS X clients that I bind to AD & OD can log in with domain credentials.