Solved

accessing Windows shares from MAC OS X Lion

Posted on 2012-04-03
7
849 Views
Last Modified: 2012-05-28
Hello MAC experts

We have a user who is adamant on getting a MacBook Air for all it's beauty.

Now we have a file server (Windows 2008 R2) with complex NTFS permissions and ownership for various folders which are shared on the network.

This user wants MacBook but he is also very feisty when he can't access something.

So the whole thing is on hold till I confirm this.

I have been hearing from a lot of people on Twitter that there is some issue with accessing SMB shares from MAC OS X but I can't categorically say which version of MAC OS X and which version of Windows OS where the share is hosted.

I looked at the forums as well and they have some issues discussed in them but they are all from 2008 or so. I don't know these issues exist today.

I spoke to Apple and they said as long as the Windows is running SMBX, it will be fine. I have no idea what is SMBX, may be upgraded version but I don't know if our Windows 2008 R2 server is running that or the old SMB.

Then there is the Dave software from Thursby (http://www.thursby.com/products/default.html)

This product exist solely to replace SMB because it has better features and it is more "compatible".

So at the moment, I don't know if we will have any issues accessing shares on the Windows server from MAC OS X Lion.

Can someone help me with any clear article by MS or Apple confirming or dismissing such issues?

I have looked around and after that I have turned to this forum.
0
Comment
Question by:alex110109
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 6

Expert Comment

by:Raquero
Comment Utility
This brings up a couple of issues.

First, is the user a VIP with the clout to get what he/she wants?

Since it looks like you are a Wintel shop, is there a business reason for the user needing a MAC?

Just wanting something because it is shiny and cool, which the MacAir is (my wife has one) is not sufficient reason to introduce complexity into a business computing environment.

If the answers to the 2 questions above are "no" then get management to say no to the MAC.

Now if there is a business reason to bring MACs into the environment, then continue your due diligence and develop a plan for how to administrate and support them. Beyond Trust and other vendors provide tools for managing disparate platforms (vis. MAC and Linux) in an Active Directory infrastructure.

Lastly, to your question: the latest versions of MAC OS X seem to work fine with SMB file shares, which are supported out-of-the-box on the MAC. We have several MACs in a large AD/Wintel environment and the users regularly access the same files (e.g. spreadsheets & documents) as PC users.

The bottom line is to keep things as simple as possible. Catering to the capricious whims of individuals leads to support headaches.
0
 
LVL 28

Expert Comment

by:jhyiesla
Comment Utility
Basically it should just work. If you take the time to add the Mac to AD using the built-in Mac directory utility or something the ADMitMac or other third party domain joiners for the Mac then when the user logs in with his Domain creds he should be able to map to any share using the Go to Server command in Finder and then putting in SMB://servername/sharename.

If the Mac isn't in AD or the user is logged on with another set of creds he should be prompted to enter in domain creds when he attempts to mount that share to authenticate to the share.

Be aware that share mounts in OS X do NOT as a rule stick when the user logs out and then back in again.  It's possible to automatically mount them with a n AppleScript or by putting them in the login items area of the System Preferences for Accounts for his account.
0
 

Author Comment

by:alex110109
Comment Utility
Hi Raq

Yes, the user does has the clout so we will end up having to support MAC.

I am trying to keep things simple.

Jhy - would you recommend adding the MAC to the AD? what are the advantages and disadvantages?

Any link for the Apple script to keep the mounts?
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 6

Expert Comment

by:Raquero
Comment Utility
As  jhyiesla mentions, adding MACs to AD allows the use of AD creds to sign onto the MAC and then no subsequent pwd prompts to access file shares. This is supported natively.

If you have the budget for it, 3rd party tools such as BeyondTrust's PowerBroker or Quest and others make MAC administration a little easier and centralized.

Even though the users is a VIP with clout, there is still a possibility of making the business use case. Will incorporating additional technologies help the business (e.g. make more money)?
0
 
LVL 28

Assisted Solution

by:jhyiesla
jhyiesla earned 250 total points
Comment Utility
Adding the Mac to AD is not necessary.  But, using Mac DU or some third party utility does make it easier to do things that require creds like mounting shares and accessing network printers. It also allows you to do some management of the account like with Windows AD and when his password expires he can change it on the Mac like he would in Windows.  I am Including a sample script that I use.

tell application "Finder"
      delay 0.3
      try
            mount volume "smb://Server1/Sharename"
            mount volume "smb://Server2/sharename"
                        
      end try
      
      delay 0.3
      
end tell
0
 
LVL 6

Accepted Solution

by:
shayneg earned 250 total points
Comment Utility
You guys are making this so hard . . . We have hundreds of Mac customers accessing shares on Windows servers (2003,2008,SBS 2011). Simply turn off SMB signing in AD group policy and the "Digiitally sign traffic". Then simply access windows shares on the Mac by go to server and type:  smb://server/share. when prompted for a password enter the users AD username and password and if required tick the box that says "remember this password" or add to keychain. Once the share is mounted on the Macs desktop drag it to the dock and next time they just click it on the dock and it opens up if you selected remember password.
0
 
LVL 6

Expert Comment

by:shayneg
Comment Utility
when entering the username for the windows share you may have to use the windows domain name like this  domain\user and then enter the password, i.e mycompany\fred
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

The /etc/authorization file in Mac OS X 10.x can be used to control access to the various panes of the System Preferences amongst other things. It’s used by some of us Mac Sys Admin’s to give Standard Users access to System Prefs panes that only adm…
In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now