Connecting a Macintosh running Mac OS 10.5 to an SBS 2003 ServerBy
Now that Mac OS 10.5 has hit the streets, there are folks who are wanting to know how to connect a Mac running the new operating system to an SBS network. This document covers steps for connecting a Macintosh running Mac OS 10.5 to an SBS 2003 network. This document assumes a healthy SBS network set up according to best practices.
Note: Before you start, make sure the local user name on the Macintosh does not match the Active Directory login name that will be used to access resources on the SBS network. This includes both the long name and the short name for the local Macintosh account. If the local Mac account for Jane Dough has a long name of “Jane Dough” and a short name of “jane” and the Active Directory account for the user is “jane,” you will not be able to authenticate to active directory properly. See “ Outstanding Macintosh Connectivity Issues” for more details.
Phase 1 â€“ Network Configuration
If the SBS 2003 server is set up properly and the Macintosh is getting its network information from DHCP, the network settings should be ready to go out of the box, so to speak. These steps will confirm proper network settings on the Macintosh to work with the SBS network.
- Open the System Preferences application from the Dock or from the Apple Menu.
- Select the Network panel from the System Preferences application.
- Review the settings for the active network connection. You should see settings that match the values expected for the SBS network. You will also see the DNS server address listed (but grayed out) as well as the internal domain name in the Search Domains field. If these values to not match your SBS network, make the necessary adjustments. The DNS server should point to the internal IP address of your SBS server, and the Search Domains field should contain the internal domain name of the network (i.e., domainname.local).
- Click the Advanced button in the Network pane.
- Click the WINS tab.
- Select the correct NetBIOS domain name from the Workgroup drop down list. The WINS server address should already be populated and be the internal IP address of the Server.
- Click OK and then Apply in the main Network panel.
- Close System Preferences.
- Open the Macintosh HD icon and select the Application icon from the navigation tree.
- Open the Utilities folder and scroll down to the Terminal icon.
- Open the Terminal application. Ping the SBS server by its short name (i.e., if the fully-qualified domain name for the server is servername.domainname.local, ping servername).
- If the Mac is getting proper DNS resolution, the internal IP of the address will respond to a ping. Note that you will need to press Control-C to stop the ping command. If you do not get the proper IP address of the server from the ping command, go back and review the network setup steps.
- Close the Terminal application.
Phase 2 â€“ Accessing Server Resources
Mac OS 10.5 can access shares from the SBS server via the SMB (server message block) protocol like earlier versions of OS X. There are some key differences, however. You must still disable SMB Signing on the server in order for the Mac to be able to read and write files to the server share (seeÂ this postÂ for instructions on how to disable SMB signing on the server). If you have Windows 2003 Service Pack 2 on the server, you also need to make sure that all scalable networking components are disabled as well. See MS KB936954 and the step 4 in this post on the Official SBS Blog for instructions on disabling the scalable networking components.
The key difference between Leopard and previous versions of the Mac OS are that you will be able to authenticate against the server and open shares on the server even if SMB signing is not disabled. However, you will not be able to read or write files in the server shares. In previous versions of the OS, you would not be able to authenticate against the server at all if SMB signing were still enabled.
Once you have disabled SMB signing on the server, follow these steps to access the shares on the server from the Mac.
- From the Finder, select Connect to Server from the Go menu, or press Command K to open the Connect to Server window.
- Enter the server path as smb://servername in the Server Address field and click Connect.
- You will be prompted to enter your domain username and password to access the share. Enter the username in the domainname\username format.
- After you authenticate, you will be presented with a list of shares on the server that you may connect to. Select the share and click OK.
- Another key difference in Leopard from previous versions of the Mac OS is that the network share no longer appears as a mounted disk volume on the Mac. Instead a new window will open to the share, and the server will appear under the Shared area of the navigation tree with an Eject symbol next to it. If you close the window and need to get back to the share, you can click on the server name in the navigation tree and see a list of the shares available on the server.
- In the Connect to Server window, you can enter the full path to a share in the format smb://servername/sharename. You can save the path in the Favorite Servers list by clicking the plus sign next to the Server Address field. You can also open a folder on the share directly by using the format smb://servername/sharename/foldername.
- When you click Connect in the Connect to Server window, a new window will open to the path specified in the Server Address window. If you selected a folder under a share, that folder window will open directly.
Phase 3 â€“ Joining Active Directory
By default, you will have to enter your domain username and password every time you access a server resource when that resource is not connected to the Mac (i.e., right after bootup, after a share has been â€œejectedâ€, or if a network connection drops the connection to the server). By joining the Macintosh to Active Directory, you can log into the Mac with your Active Directory user credentials and not have to enter them every time you access a shared resource. To be able to log in to the Mac with Active Directory credentials, follow these steps.
- From the Utilities folder in the Applications folder, open the Directory Utility application.
- Once the application opens and finishes the process of detecting directory servers on the network, click the Show Advanced Settings button.
- When the Advanced Settings appear, click the Services icon.
- Click the lock to get access to the panel. You will be prompted for credentials. Enter your Macintosh username and password, then click OK.
- Double-click on the Active Directory line to open the Active Directory configuration.
- Click on the Show Advanced Options triangle.
- Enter the internal domain name in the Active Directory Domain field (i.e., domainname.local).
- Change the name of the Mac to a shorter name in the Computer ID field if desired.
- Turn on the Create mobile account at login checkbox.
- Select the Administrative tab.
- Turn on the Prefer this domain server checkbox and enter the fully-qualified domain name of the SBS server (i.e., servername.domainname.local).
- Turn on the Allow administration by checkbox.
- Click Bind to join the Macintosh to the domain.
- Enter the domain administrator username and password when prompted. The Macintosh will be placed in the Computers container by default. This can be changed in Active Directory later if needed.
- Once the join process is complete, you will see both the Active Directory Forest and Active Directory Domain fields populated.
- Confirm that the Active Directory checkbox is enabled in Directory Utility and close the application.
- Open System Preferences and click the Accounts icon.
- Click the lock to make changes and enter the password for the local Mac account.
- Click on the Login Options icon in the navigation tree.
- Set Automatic Login to Disabled.
- Close System Preferences.
- Log out of the Mac account by selecting Log Out from the Apple menu. You do not need to restart the Mac to be able to log in with your Active Directory credentials.
- When you get the login screen, click Other.
- Enter your Active Directory credentials as domainname\username.
- You will be prompted to create a mobile account. Click Create Now.
- Once login completes, open System Preferences and open the Accounts pane.
- Click the lock to make changes.
- When you are prompted to enter an administrator credentials, you will need to enter information for the local Macintosh account. You will need to enter the short name as the account name. If you are not sure what the short name is, log back in as the Mac user and look for the name of the home folder. The home folder is named with the short name of the account.
- After you enter the authentication information, turn on the Allow user to administer this computer checkbox.
- You will get a message that you need to log out and log back in for the settings to take effect. Click OK.
- Log out and log back in with the Active Directory credentials.
- Open a new Finder window and select the server name in the Shared section of the navigation tree. All of the shares on the server will appear and can be selected from here. You can also use the Connect to Server method described earlier in this document to connect. The difference is that you will not be prompted to enter a username and password when you enter the network resource you wish to use.
- A version of the document complete with screen shots will be available at
smallbizserver.net in the near future.Â