Re: MAC 10.4.4 Saving long file names on Server 2003 Std

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

In article <8E01160C-C9F5-4DF5-8457-D11375BFD3DB@xxxxxxxxxxxxx>,
SGL <SGL@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

Bill, thanks for this it lead me down the right path however I ran into
another problem with authentication. In a 2003 domain the GP for domain
controllers uses digital signing for server communication and this affects
the SMB packets. This has to be turned off in the GP. KB555380 refers to a
white paper "Connecting Macintosh OS X 10.3 and Higher Clients to a Windows
Small Business Server 2003 Network". This also is pertinent to 2003 Std and
Ent.

Did this and it works although security is deminished.

Hi John!

Glad you found your solution!

If you're worried about degraded security, first be aware of what has
been compromised. SMB signing verifies that the communications between
the original client machine and server continue between these two
machines and not with a pseudo-server or pseudo-client on the network
trying to hijack information. This is known as a "man-in-the-middle
attack".

Next, be aware that if you had been using Windows Server's File Services
for Macintosh in the past, you've always been vulnerable to this type of
attack. No sort of authentication has ever been taking place. The
Microsoft UAM was a step in the direction of security, but it only
encrypted passwords when your Macs connected to the servers. After that,
the same type of attack was still possible.

If you'd prefer to retain your security, then I suggest looking into a
better SMB client that can handle SMB signing such as Dave or ADmitMac
from http://www.thursby.com. You can download a 30-day trial from the
website.

Hope this helps! bill
--
William M. Smith
(Microsoft Interop MVP - Mac/Windows)
.

Relevant Pages