accessing Windows shares from MAC OS X Lion

Hello MAC experts

We have a user who is adamant on getting a MacBook Air for all it's beauty.

Now we have a file server (Windows 2008 R2) with complex NTFS permissions and ownership for various folders which are shared on the network.

This user wants MacBook but he is also very feisty when he can't access something.

So the whole thing is on hold till I confirm this.

I have been hearing from a lot of people on Twitter that there is some issue with accessing SMB shares from MAC OS X but I can't categorically say which version of MAC OS X and which version of Windows OS where the share is hosted.

I looked at the forums as well and they have some issues discussed in them but they are all from 2008 or so. I don't know these issues exist today.

I spoke to Apple and they said as long as the Windows is running SMBX, it will be fine. I have no idea what is SMBX, may be upgraded version but I don't know if our Windows 2008 R2 server is running that or the old SMB.

Then there is the Dave software from Thursby (http://www.thursby.com/products/default.html)

This product exist solely to replace SMB because it has better features and it is more "compatible".

So at the moment, I don't know if we will have any issues accessing shares on the Windows server from MAC OS X Lion.

Can someone help me with any clear article by MS or Apple confirming or dismissing such issues?

I have looked around and after that I have turned to this forum.
alex110109Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RaqueroCommented:
This brings up a couple of issues.

First, is the user a VIP with the clout to get what he/she wants?

Since it looks like you are a Wintel shop, is there a business reason for the user needing a MAC?

Just wanting something because it is shiny and cool, which the MacAir is (my wife has one) is not sufficient reason to introduce complexity into a business computing environment.

If the answers to the 2 questions above are "no" then get management to say no to the MAC.

Now if there is a business reason to bring MACs into the environment, then continue your due diligence and develop a plan for how to administrate and support them. Beyond Trust and other vendors provide tools for managing disparate platforms (vis. MAC and Linux) in an Active Directory infrastructure.

Lastly, to your question: the latest versions of MAC OS X seem to work fine with SMB file shares, which are supported out-of-the-box on the MAC. We have several MACs in a large AD/Wintel environment and the users regularly access the same files (e.g. spreadsheets & documents) as PC users.

The bottom line is to keep things as simple as possible. Catering to the capricious whims of individuals leads to support headaches.
0
jhyieslaCommented:
Basically it should just work. If you take the time to add the Mac to AD using the built-in Mac directory utility or something the ADMitMac or other third party domain joiners for the Mac then when the user logs in with his Domain creds he should be able to map to any share using the Go to Server command in Finder and then putting in SMB://servername/sharename.

If the Mac isn't in AD or the user is logged on with another set of creds he should be prompted to enter in domain creds when he attempts to mount that share to authenticate to the share.

Be aware that share mounts in OS X do NOT as a rule stick when the user logs out and then back in again.  It's possible to automatically mount them with a n AppleScript or by putting them in the login items area of the System Preferences for Accounts for his account.
0
alex110109Author Commented:
Hi Raq

Yes, the user does has the clout so we will end up having to support MAC.

I am trying to keep things simple.

Jhy - would you recommend adding the MAC to the AD? what are the advantages and disadvantages?

Any link for the Apple script to keep the mounts?
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

RaqueroCommented:
As  jhyiesla mentions, adding MACs to AD allows the use of AD creds to sign onto the MAC and then no subsequent pwd prompts to access file shares. This is supported natively.

If you have the budget for it, 3rd party tools such as BeyondTrust's PowerBroker or Quest and others make MAC administration a little easier and centralized.

Even though the users is a VIP with clout, there is still a possibility of making the business use case. Will incorporating additional technologies help the business (e.g. make more money)?
0
jhyieslaCommented:
Adding the Mac to AD is not necessary.  But, using Mac DU or some third party utility does make it easier to do things that require creds like mounting shares and accessing network printers. It also allows you to do some management of the account like with Windows AD and when his password expires he can change it on the Mac like he would in Windows.  I am Including a sample script that I use.

tell application "Finder"
      delay 0.3
      try
            mount volume "smb://Server1/Sharename"
            mount volume "smb://Server2/sharename"
                        
      end try
      
      delay 0.3
      
end tell
0
shaynegCommented:
You guys are making this so hard . . . We have hundreds of Mac customers accessing shares on Windows servers (2003,2008,SBS 2011). Simply turn off SMB signing in AD group policy and the "Digiitally sign traffic". Then simply access windows shares on the Mac by go to server and type:  smb://server/share. when prompted for a password enter the users AD username and password and if required tick the box that says "remember this password" or add to keychain. Once the share is mounted on the Macs desktop drag it to the dock and next time they just click it on the dock and it opens up if you selected remember password.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
shaynegCommented:
when entering the username for the windows share you may have to use the windows domain name like this  domain\user and then enter the password, i.e mycompany\fred
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Mac OS X

From novice to tech pro — start learning today.