Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-1760: Unable to connect to Mac OS X Server share using SMB (AFP works)

Mac & PC Management Service ,  

12 April,16 at 11:07 AM

Applies to: All versions of Centrify DirectControl on Mac OS X Server.


Centrify users are unable to connect to a Mac OS X share using SMB (AFP works fine). 

The native Apple AD Plugin works fine for both AFP and SMB protocols.


There are few configuration changes that need to be made on an OS X Server setup to allow Single-Sign-On for SMB connections.

For the Mac OS X Server.
  1. Log into the OS X Server and download the attached ssosmb.plist (at the end of this KB) to the Desktop.
    • Alternatively, create the plist manually using the template below and save the file as ssosmb.plist:
      • <?xml version="1.0" encoding="UTF-8"?>
      • <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
      • <plist version="1.0">
      • <dict>
      • <key>Services</key>
      • <array>
      • <dict>
      •     <key>servicePrincipal</key>
      •     <string>cifs/</string>
      •     <key>serviceType</key>
      •     <string>cifs</string>
      • </dict>
      • </array>
      • <key>configOnly</key>
      • <true/>
      • </dict>
      • </plist>
    • (NOTE: Line 2 begins with "<!DOCTYPE ..." and Line 3 is: <plist version="1.0"> )
  2. Edit the cifs/... entry in the plist ( to match the server FQDN and domain of the OS X Server.
    • For example:
    • <string>cifs/filesserver.mydomain.local@MYDOMAIN.LOCAL</string>
  3. Save the file to the Desktop.
  4. Open Terminal and run:
    • sudo krbservicesetup -f ~/Desktop/ssosmb.plist
  5. Reboot the Mac OS X Server.
  6. Connect to Mac OS X Server using FQDN (not IP) from a client machine over SMB

  • For more information on the krbservicesetup command, see the following Apple documentation: (Provided as a courtesy)
  • If the above steps do not work, please provide the following files to Centrify Support:
    • Mac Client Side
      1. As Local Admin, run the command:
        • sudo klist -k > /tmp/client_klist_k.log
      2. Login as an AD user and run:
        • klist -A > /tmp/client_klist_A.log
      3. Send in the following files:
        • /tmp/client_klist_k.log
        • /tmp/client_klist_A.log
    • OS X Server Side
      1. As Local Admin, run the command:
        • sudo klist -k > /tmp/server_klist_k.log
      2. Send in the following files: (Note: Some files may not be present on later versions of OS X)
        • /Library/Preferences/
        • /Library/Preferences/SystemConfiguration/preferences.plist
        • /Library/Preferences/SystemConfiguration/
        • /etc/krb5.conf
        • /etc/smb.conf
        • /var/db/smb.conf
        • /var/db/krb5kdc/kdc.conf
        • /tmp/server_klist_k.log
        • The modified ssosmb.plist that was used in Steps 1-4
      3. Enable Centrify debugging and capture a network trace while running:
        • sudo krbservicesetup -f ~/Desktop/ssosmb.plist


Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.