Connecting Macs to a Windows 2003 Server

We have a client with two offices, one is a PC shop and the other is a Mac shop. The enjoy a friendly rivalry and it’s up to me to make sure that they play nicely together.

We recently upgraded the servers in Microsoft shop to Windows 2003 and found that the Mac clients could no longer access the shares over the VPN.

Some googling and experimenting later, and we stumbled upon the issue.

The Samba client that the Macs use doesn’t support encrypted communications, and the Windows 2003 server out of the box turns on encrypted communications and prevents anyone who isn’t encrypting from accessing its shares.

So, a quick detour through the Domain Controller Security Policy applet in the Administrative Tools folder did the trick.

In there, go to Local Policies / Security Options.

Scroll down to “Microsoft network server: digitally sign communications (always)” and set that sucker to DISABLED.

Reapply the policy by running GPUPDATE (start, run, gpupdate) and sit back in delight as your clients can connect to the shares once again.

Thanks to MacOSXHints and AllInTheHead for the pointers.