accessing Windows shares from MAC OS X Lion

Hello MAC experts

We have a user who is adamant on getting a MacBook Air for all it's beauty.

Now we have a file server (Windows 2008 R2) with complex NTFS permissions and ownership for various folders which are shared on the network.

This user wants MacBook but he is also very feisty when he can't access something.

So the whole thing is on hold till I confirm this.

I have been hearing from a lot of people on Twitter that there is some issue with accessing SMB shares from MAC OS X but I can't categorically say which version of MAC OS X and which version of Windows OS where the share is hosted.

I looked at the forums as well and they have some issues discussed in them but they are all from 2008 or so. I don't know these issues exist today.

I spoke to Apple and they said as long as the Windows is running SMBX, it will be fine. I have no idea what is SMBX, may be upgraded version but I don't know if our Windows 2008 R2 server is running that or the old SMB.

Then there is the Dave software from Thursby (

This product exist solely to replace SMB because it has better features and it is more "compatible".

So at the moment, I don't know if we will have any issues accessing shares on the Windows server from MAC OS X Lion.

Can someone help me with any clear article by MS or Apple confirming or dismissing such issues?

I have looked around and after that I have turned to this forum.
Who is Participating?
You guys are making this so hard . . . We have hundreds of Mac customers accessing shares on Windows servers (2003,2008,SBS 2011). Simply turn off SMB signing in AD group policy and the "Digiitally sign traffic". Then simply access windows shares on the Mac by go to server and type:  smb://server/share. when prompted for a password enter the users AD username and password and if required tick the box that says "remember this password" or add to keychain. Once the share is mounted on the Macs desktop drag it to the dock and next time they just click it on the dock and it opens up if you selected remember password.
This brings up a couple of issues.

First, is the user a VIP with the clout to get what he/she wants?

Since it looks like you are a Wintel shop, is there a business reason for the user needing a MAC?

Just wanting something because it is shiny and cool, which the MacAir is (my wife has one) is not sufficient reason to introduce complexity into a business computing environment.

If the answers to the 2 questions above are "no" then get management to say no to the MAC.

Now if there is a business reason to bring MACs into the environment, then continue your due diligence and develop a plan for how to administrate and support them. Beyond Trust and other vendors provide tools for managing disparate platforms (vis. MAC and Linux) in an Active Directory infrastructure.

Lastly, to your question: the latest versions of MAC OS X seem to work fine with SMB file shares, which are supported out-of-the-box on the MAC. We have several MACs in a large AD/Wintel environment and the users regularly access the same files (e.g. spreadsheets & documents) as PC users.

The bottom line is to keep things as simple as possible. Catering to the capricious whims of individuals leads to support headaches.
Basically it should just work. If you take the time to add the Mac to AD using the built-in Mac directory utility or something the ADMitMac or other third party domain joiners for the Mac then when the user logs in with his Domain creds he should be able to map to any share using the Go to Server command in Finder and then putting in SMB://servername/sharename.

If the Mac isn't in AD or the user is logged on with another set of creds he should be prompted to enter in domain creds when he attempts to mount that share to authenticate to the share.

Be aware that share mounts in OS X do NOT as a rule stick when the user logs out and then back in again.  It's possible to automatically mount them with a n AppleScript or by putting them in the login items area of the System Preferences for Accounts for his account.
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

alex110109Author Commented:
Hi Raq

Yes, the user does has the clout so we will end up having to support MAC.

I am trying to keep things simple.

Jhy - would you recommend adding the MAC to the AD? what are the advantages and disadvantages?

Any link for the Apple script to keep the mounts?
As  jhyiesla mentions, adding MACs to AD allows the use of AD creds to sign onto the MAC and then no subsequent pwd prompts to access file shares. This is supported natively.

If you have the budget for it, 3rd party tools such as BeyondTrust's PowerBroker or Quest and others make MAC administration a little easier and centralized.

Even though the users is a VIP with clout, there is still a possibility of making the business use case. Will incorporating additional technologies help the business (e.g. make more money)?
Adding the Mac to AD is not necessary.  But, using Mac DU or some third party utility does make it easier to do things that require creds like mounting shares and accessing network printers. It also allows you to do some management of the account like with Windows AD and when his password expires he can change it on the Mac like he would in Windows.  I am Including a sample script that I use.

tell application "Finder"
      delay 0.3
            mount volume "smb://Server1/Sharename"
            mount volume "smb://Server2/sharename"
      end try
      delay 0.3
end tell
when entering the username for the windows share you may have to use the windows domain name like this  domain\user and then enter the password, i.e mycompany\fred
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.