Go Premium for a chance to win a PS4. Enter to Win


accessing Windows shares from MAC OS X Lion

Posted on 2012-04-03
Medium Priority
Last Modified: 2012-05-28
Hello MAC experts

We have a user who is adamant on getting a MacBook Air for all it's beauty.

Now we have a file server (Windows 2008 R2) with complex NTFS permissions and ownership for various folders which are shared on the network.

This user wants MacBook but he is also very feisty when he can't access something.

So the whole thing is on hold till I confirm this.

I have been hearing from a lot of people on Twitter that there is some issue with accessing SMB shares from MAC OS X but I can't categorically say which version of MAC OS X and which version of Windows OS where the share is hosted.

I looked at the forums as well and they have some issues discussed in them but they are all from 2008 or so. I don't know these issues exist today.

I spoke to Apple and they said as long as the Windows is running SMBX, it will be fine. I have no idea what is SMBX, may be upgraded version but I don't know if our Windows 2008 R2 server is running that or the old SMB.

Then there is the Dave software from Thursby (http://www.thursby.com/products/default.html)

This product exist solely to replace SMB because it has better features and it is more "compatible".

So at the moment, I don't know if we will have any issues accessing shares on the Windows server from MAC OS X Lion.

Can someone help me with any clear article by MS or Apple confirming or dismissing such issues?

I have looked around and after that I have turned to this forum.
Question by:alex110109
  • 2
  • 2
  • 2
  • +1

Expert Comment

ID: 37802042
This brings up a couple of issues.

First, is the user a VIP with the clout to get what he/she wants?

Since it looks like you are a Wintel shop, is there a business reason for the user needing a MAC?

Just wanting something because it is shiny and cool, which the MacAir is (my wife has one) is not sufficient reason to introduce complexity into a business computing environment.

If the answers to the 2 questions above are "no" then get management to say no to the MAC.

Now if there is a business reason to bring MACs into the environment, then continue your due diligence and develop a plan for how to administrate and support them. Beyond Trust and other vendors provide tools for managing disparate platforms (vis. MAC and Linux) in an Active Directory infrastructure.

Lastly, to your question: the latest versions of MAC OS X seem to work fine with SMB file shares, which are supported out-of-the-box on the MAC. We have several MACs in a large AD/Wintel environment and the users regularly access the same files (e.g. spreadsheets & documents) as PC users.

The bottom line is to keep things as simple as possible. Catering to the capricious whims of individuals leads to support headaches.
LVL 28

Expert Comment

ID: 37802178
Basically it should just work. If you take the time to add the Mac to AD using the built-in Mac directory utility or something the ADMitMac or other third party domain joiners for the Mac then when the user logs in with his Domain creds he should be able to map to any share using the Go to Server command in Finder and then putting in SMB://servername/sharename.

If the Mac isn't in AD or the user is logged on with another set of creds he should be prompted to enter in domain creds when he attempts to mount that share to authenticate to the share.

Be aware that share mounts in OS X do NOT as a rule stick when the user logs out and then back in again.  It's possible to automatically mount them with a n AppleScript or by putting them in the login items area of the System Preferences for Accounts for his account.

Author Comment

ID: 37802278
Hi Raq

Yes, the user does has the clout so we will end up having to support MAC.

I am trying to keep things simple.

Jhy - would you recommend adding the MAC to the AD? what are the advantages and disadvantages?

Any link for the Apple script to keep the mounts?
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.


Expert Comment

ID: 37802327
As  jhyiesla mentions, adding MACs to AD allows the use of AD creds to sign onto the MAC and then no subsequent pwd prompts to access file shares. This is supported natively.

If you have the budget for it, 3rd party tools such as BeyondTrust's PowerBroker or Quest and others make MAC administration a little easier and centralized.

Even though the users is a VIP with clout, there is still a possibility of making the business use case. Will incorporating additional technologies help the business (e.g. make more money)?
LVL 28

Assisted Solution

jhyiesla earned 1000 total points
ID: 37802339
Adding the Mac to AD is not necessary.  But, using Mac DU or some third party utility does make it easier to do things that require creds like mounting shares and accessing network printers. It also allows you to do some management of the account like with Windows AD and when his password expires he can change it on the Mac like he would in Windows.  I am Including a sample script that I use.

tell application "Finder"
      delay 0.3
            mount volume "smb://Server1/Sharename"
            mount volume "smb://Server2/sharename"
      end try
      delay 0.3
end tell

Accepted Solution

shayneg earned 1000 total points
ID: 37803810
You guys are making this so hard . . . We have hundreds of Mac customers accessing shares on Windows servers (2003,2008,SBS 2011). Simply turn off SMB signing in AD group policy and the "Digiitally sign traffic". Then simply access windows shares on the Mac by go to server and type:  smb://server/share. when prompted for a password enter the users AD username and password and if required tick the box that says "remember this password" or add to keychain. Once the share is mounted on the Macs desktop drag it to the dock and next time they just click it on the dock and it opens up if you selected remember password.

Expert Comment

ID: 37803818
when entering the username for the windows share you may have to use the windows domain name like this  domain\user and then enter the password, i.e mycompany\fred

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
An article on effective troubleshooting
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question