informit.com — Are you Mac-savvy? Many Windows administrators and technicians have never had to support Macs on their networks, so the idea of suddenly having a handful of Mac workstations might seem really challenging. Ryan Faas gives you a simple guide to supporting Mac workstations and Mac users within your Windows network.
Dec 12, 2005 View in Crawl 4
Closed AccountDec 12, 2005
> Windows Shares and Print Queues: Let the Server or the Mac Do the Work>Letting Mac OS X?s SMB Client Do the Workin fact, this is what i usually do. so... i guess. its just endlessly amusing to me that both linux and OS X do windows filesharing better than windows does.
Closed AccountDec 13, 2005
"Why bash Windows? I find it quite easy to work with. It is just a matter of what you've had previous experience with."This is simply not true. I have many more man-hours on windows and OS X is much easier to use in almost all respects. You have to spend about a month with it to appreciate that, because you have a lot of awkward windows things to unlearn, and that can take a while. Once you've passed that threshold however, life is better. Most windows users are windows users by defaultMost Mac users (and linux users) are Mac users by Choice.
spacebassDec 13, 2005
This article is fairly outdated and simplified. It probably works for most home users but anyone with an AD domain with a 2003 DC would be hard pressed to get it working. Unless you disable SMB signing (This could have been addressed by a recent OS X update, I'm not sure).Also, in a domain enviroment you must make modifications to your smb.conf in order to successfully share files. Specifically you have to change the authentication method to ADC and some other tweeks. Printing is another issue- If you are printing to a shared printer which requires any authentication (even if domain users group has full acces) then you have to authenticate. However, the CUPS and OS X printing system are not configured to use kerberos so you have to manually authenticate and save the password in your keychain (which Im not totally convinced is safe yet). That being said, at home I have 2 windows 2003 boxes 1 xp box for me and 1 xp laptop for work, then I have 4 macs including my desktop and once I got it all working, it is flawless. All of my shares work fine, I get a kerberos ticket upon login, I have made the tweaks to get printing and OSX -> windows sharing to work...One of the above coments about OS X shareing being backwards I think may be confusing. Perhaps the author is confusing the shared personal folders in OS X with true CIFS sharing. Share personal folders are more akin to the the EXACT same thing in windows XP (home or pro not on a domain). You do not have to log in as an admin to create shares on OS X, but you do have to authenticate to shaire your own stuff. To enable system wide changes you do have to authenticate as an admin, just like XP.The REAL issue (in my long rant here) is that like someone said yesterday this has turned into a list of bookmarks. A quick google would fine 100 better articles on networking OS X and Windows. This is out of date and not a good example to follow.
glenmarkDec 13, 2005
spacebass wrote: "Printing is another issue- If you are printing to a shared printer which requires any authentication (even if domain users group has full acces) then you have to authenticate. However, the CUPS and OS X printing system are not configured to use kerberos so you have to manually authenticate and save the password in your keychain (which Im not totally convinced is safe yet)."Actually, it's worse than that. The username and password have to be included in the printer URI, which is stored in a plain text file. Anyone who logs into that Mac can use that print queue definition (and hence the credentials stored in that URI) to print.The problem is rooted in the fact that the version of smbspool included in Mac OS X doesn't support kerb credentials. Smbclient does, and kerberized printing can be done with smbclient from the command line. We've been tinkering around here with bypassing smbspool and using smblient (by replacing smb symlinks) to do printing by default, but haven't yet figured out how to get it to see the cached kerb ticket...The situation isn't any better with IPP printing. Again, the credentials have to be hard-coded into the URI, which is stored in a plaintext file. And IPP-over-HTTPS doesn't work, so the credentials go out over the wire in clear text. Not pretty...
barnskiDec 13, 2005
Check out the previous article here - it discusses integration on the server side.
barnskiDec 13, 2005
Sorry - html tag didn't work - link is here: <a class="user" href="http://www.informit.com/articles/printerfriendly.asp?p=430213">http://www.informit.com/articles/printerfriendly.asp?p=430213</a>
spacebassDec 13, 2005
Glenmark,Good point on printing! I kept it rather over simplified and didn't actually realize that a plaintext file was used!One work-around I'm fooling around with is a domain user with no access except for printing (IE cannot even log in to any machine). Since this is a home network, I think i'm ok with that, but it still irks me to no end.