The test Mac is on our Active Directory (AD) domain and can access all Windows resources. The only trouble is with our POWER7. From what I've found, I think the DES encryption is the problem. We have four special user accounts in AD for SSO that were created using an IBM script when we first set up EIM. Those users are set to use DES (probably because in '08 IBM required it). By default, Win7 doesn't have DES enabled, which is why I have to modify the Local Security Policy. From what I've read, Mac doesn't have DES enabled by default either. In order to enable it, you're supposed to modify the /etc/krb5.conf file, which my Mac doesn't have.

From here, I see that I have two options.
1. Remove the DES requirement
2. Write a /etc/krb5.conf file and see if I can get Mac to use DES

I have the PTF's you listed, so I'm going to start with #1. If I get that to work, EIM/SSO should be plug-n-play for new machines. One less thing I have to do on every new PC would be a good thing.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].