Solved

accessing Windows shares from MAC OS X Lion

Posted on 2012-04-03
7
854 Views
Last Modified: 2012-05-28
Hello MAC experts

We have a user who is adamant on getting a MacBook Air for all it's beauty.

Now we have a file server (Windows 2008 R2) with complex NTFS permissions and ownership for various folders which are shared on the network.

This user wants MacBook but he is also very feisty when he can't access something.

So the whole thing is on hold till I confirm this.

I have been hearing from a lot of people on Twitter that there is some issue with accessing SMB shares from MAC OS X but I can't categorically say which version of MAC OS X and which version of Windows OS where the share is hosted.

I looked at the forums as well and they have some issues discussed in them but they are all from 2008 or so. I don't know these issues exist today.

I spoke to Apple and they said as long as the Windows is running SMBX, it will be fine. I have no idea what is SMBX, may be upgraded version but I don't know if our Windows 2008 R2 server is running that or the old SMB.

Then there is the Dave software from Thursby (http://www.thursby.com/products/default.html)

This product exist solely to replace SMB because it has better features and it is more "compatible".

So at the moment, I don't know if we will have any issues accessing shares on the Windows server from MAC OS X Lion.

Can someone help me with any clear article by MS or Apple confirming or dismissing such issues?

I have looked around and after that I have turned to this forum.
0
Comment
Question by:alex110109
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 6

Expert Comment

by:Raquero
ID: 37802042
This brings up a couple of issues.

First, is the user a VIP with the clout to get what he/she wants?

Since it looks like you are a Wintel shop, is there a business reason for the user needing a MAC?

Just wanting something because it is shiny and cool, which the MacAir is (my wife has one) is not sufficient reason to introduce complexity into a business computing environment.

If the answers to the 2 questions above are "no" then get management to say no to the MAC.

Now if there is a business reason to bring MACs into the environment, then continue your due diligence and develop a plan for how to administrate and support them. Beyond Trust and other vendors provide tools for managing disparate platforms (vis. MAC and Linux) in an Active Directory infrastructure.

Lastly, to your question: the latest versions of MAC OS X seem to work fine with SMB file shares, which are supported out-of-the-box on the MAC. We have several MACs in a large AD/Wintel environment and the users regularly access the same files (e.g. spreadsheets & documents) as PC users.

The bottom line is to keep things as simple as possible. Catering to the capricious whims of individuals leads to support headaches.
0
 
LVL 28

Expert Comment

by:jhyiesla
ID: 37802178
Basically it should just work. If you take the time to add the Mac to AD using the built-in Mac directory utility or something the ADMitMac or other third party domain joiners for the Mac then when the user logs in with his Domain creds he should be able to map to any share using the Go to Server command in Finder and then putting in SMB://servername/sharename.

If the Mac isn't in AD or the user is logged on with another set of creds he should be prompted to enter in domain creds when he attempts to mount that share to authenticate to the share.

Be aware that share mounts in OS X do NOT as a rule stick when the user logs out and then back in again.  It's possible to automatically mount them with a n AppleScript or by putting them in the login items area of the System Preferences for Accounts for his account.
0
 

Author Comment

by:alex110109
ID: 37802278
Hi Raq

Yes, the user does has the clout so we will end up having to support MAC.

I am trying to keep things simple.

Jhy - would you recommend adding the MAC to the AD? what are the advantages and disadvantages?

Any link for the Apple script to keep the mounts?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 6

Expert Comment

by:Raquero
ID: 37802327
As  jhyiesla mentions, adding MACs to AD allows the use of AD creds to sign onto the MAC and then no subsequent pwd prompts to access file shares. This is supported natively.

If you have the budget for it, 3rd party tools such as BeyondTrust's PowerBroker or Quest and others make MAC administration a little easier and centralized.

Even though the users is a VIP with clout, there is still a possibility of making the business use case. Will incorporating additional technologies help the business (e.g. make more money)?
0
 
LVL 28

Assisted Solution

by:jhyiesla
jhyiesla earned 250 total points
ID: 37802339
Adding the Mac to AD is not necessary.  But, using Mac DU or some third party utility does make it easier to do things that require creds like mounting shares and accessing network printers. It also allows you to do some management of the account like with Windows AD and when his password expires he can change it on the Mac like he would in Windows.  I am Including a sample script that I use.

tell application "Finder"
      delay 0.3
      try
            mount volume "smb://Server1/Sharename"
            mount volume "smb://Server2/sharename"
                        
      end try
      
      delay 0.3
      
end tell
0
 
LVL 6

Accepted Solution

by:
shayneg earned 250 total points
ID: 37803810
You guys are making this so hard . . . We have hundreds of Mac customers accessing shares on Windows servers (2003,2008,SBS 2011). Simply turn off SMB signing in AD group policy and the "Digiitally sign traffic". Then simply access windows shares on the Mac by go to server and type:  smb://server/share. when prompted for a password enter the users AD username and password and if required tick the box that says "remember this password" or add to keychain. Once the share is mounted on the Macs desktop drag it to the dock and next time they just click it on the dock and it opens up if you selected remember password.
0
 
LVL 6

Expert Comment

by:shayneg
ID: 37803818
when entering the username for the windows share you may have to use the windows domain name like this  domain\user and then enter the password, i.e mycompany\fred
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
We could spend the next millennium discussing the differences of the Mac and Windows platforms. The next century will continue to have fanatics on both side of the equation and neither side will win the war. However, that’s not why we are here. W…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now