Windows 2000 (or 2003) running Services for
IP Ranges were thought to be the stumbling block
initially. The IP range for the workstations was
10.3.110.x, the range for the servers was 10.3.100.x. The
workstations were behind routers for each floor.
We determined that we could see the server using AFP - tested
this using Terminal and doing a Telnet connection to the server
(thanks to Joe Maus for that idea). The command was
telnet 10.3.100.10 548 (548 being the port over which AFP
travels), and we received a successful reply. So, we
could communicate with the server, even though it was on a
different IP range behind a different router.
So, in the Connect to Server window in the Finder, we did the
And received a reply that the user name and/or password was
incorrect. At least we were getting response. We then
tried without the 548 suffix in case it was throwing things out
and got the same response. My next thought was "So, we can talk
to the server, we can't authenticate..." and it was that magic
thought that made me realise what the solution was.
Microsoft have a UAM (User Authentication Module) for OS 9 and
OS X that enhances the authentication used by the Mac when
connecting to the server. Some Windows servers are set up where
they will only accept connections using "strong"
authentication. The native MacOS authentication is not
So, I then downloaded the Microsoft UAM from
http://www.microsoft.com/mac/ - specifically:
Once you install that, you are then authenticating to the MS
Server using MS authentication.
We then used the connect to server command: afp://10.3.100.10
and were able to connect straight away.
Note: That was not the end of our problems as the Windows users
were then getting a padlock when trying to access the datafile
when the Macs were in
it. When the PCs were in it, the Macs would be told the
datafile was not available.
This is a known problem of access privileges not being
interpreted correctly between the two platforms. The way
that we have found to solve this is:
Create a new folder on a MacOS X workstation. Get
info on the folder and set access privileges for the folder
to be read/write for the owner, the group and everyone.
Copy the datafile to this folder (still on the
workstation). Get info on the datafile and set access
privileges for the datafile to be the same as the folder i.e.
read/write for the owner, the group and everyone.
Open your application on the MacOS X computer and connect
to the datafile in this folder. You are making sure you
can get in. If successful, quit out.
Copy the whole folder back to the server (note: this
folder should not be a share point on the server, this folder
should reside within a share point on the server).
Open your application and connect to the datafile that
you have copied back to the server. Get all other users
to connect as well. ALL should be
able to now connect.
That got us running, and the client is very happy. So are