I need to get a single MAC using OSX (ver 10.x?) working on a small
SBS2003 network alongside four Windows XP Pro workstations.
It has leased and IP from the DHCP and DNS is pointing at SBS 2003
server.
Have installed File and Print for Macintosh, retarted and now have
Microsoft UAM volume, not quite sure what to do with this next ? How
do you enable MAC Volumes or whatever ?
What more do we have to do ?
Certificate signing in Domain Controller Security Policy ?
Once the server is setup the person using the MAC doesn't know how to
look for stuff on the network, so that's down to me to...
There's a program called finder ?
also I've seen some stuff mentioning .local domain naming...
Of course our SBS2003 server is setup: servername.local , so too late
for anything on that front..
Client Access licenses ?
Anything else ? ISA, e-mail ?
Jim.
John
"Jim Smith" <jdr....@virgin.net> wrote in message
news:9cd3f88f.04051...@posting.google.com...
>.
>
> I remember reading this. The workaround, as I mentioned
> in another post, is to use something like .company. I
> believe you have the option of changing your server name
> only up until you complete the install though, no? If so
> you may be looking at reinstalling SBS. If so, this time
> you might want to check the read me's and other
> documentation regarding OSX first.
>
> >-----Original Message-----
> >You are going to have serious problems with the .local
> domain. There's
> >supposedly a workaround but it doesn't work for everyone.
At this point John has said he's installed the File Services for
Macintosh and the Mac is seeing the Microsoft UAM volume. The .local
problem will affect name resolution but apparently he's already made the
connection.
John, you have the default Microsoft UAM volume, which is created
automatically when you install the File Services for Macintosh. It is
read-only and intended to stay that way. What you want to do is use the
Computer Management console (right-click Shared Folders in it, I
believe) and create a Macintosh volume. This is similar to creating a
Windows Share. You'll select an existing folder and create a Mac volume
(share it) and then you can make its permissions read, write or any
combination.
If you named your server with a .local suffix as suggested for SBS, you
may want to consider changing it to something else to avoid name
resolution problems in the future.
Hope this helps! bill
--
William M. Smith
(Microsoft Interop MVP)
The server has been installed and running for a while now, so there's
no way that I'm going to re-install it just to use one MAC...don't
need it that badly I'm afraid...just would have been handy..
Nothing is ever straightforward with MAC's is it, no wonder they're
where they are today....didn't anyone at Apple forsee any of this ? or
did they do it deliberately..I wonder..
Jim.
William Smith <meck...@REMOVETHIS.mn.rr.com> wrote in message news:<mecklists-A5FF1...@msnews.microsoft.com>...
Hi, Jim.
Let me address two issues in this thread. The first relates to creating Mac
shares on the server. Follow these instructions to create shares that the
Mac will be able to access (other than the Microsoft UAM Volume):
1. Right-click on My Computer and select Manage.
2. Expand the Shared Folders icon.
3. Right-click on Shares and select New Share.
4. Click Next.
5. Enter the path to the folder on the hard drive or click Browse to select
the folder.
6. Click Next.
7. If the folder selected is already shared to your Windows clients,
uncheck the Microsoft Windows users checkbox.
8. Enable the Apple Macintosh users checkbox and enter a name for the share
in the Share name field.
9. Click Next.
10. Click Finish.
11. Click Close.
12. Right-click on the new share and select Properties.
13. Uncheck the This volume is read-only checkbox and click OK.
Also, there is a workaround for the .local problem, and it works on all
Macs when done correctly. Follow these instructions:
1. If the Macintosh is getting its IP information from anywhere other than
DHCP on the SBS server, configure DNS on the Macintosh
1.a. Open System Preferences (Apple Menu -> System Preferences).
1.b. Click the Network icon.
1.c. Select Built-in Ethernet and click Configure.
1.d. Enter the IP address of the server in the DNS Servers field.
1.e. Click Apply Now.
1.f. If there is an address appearing next to the IPv6 Address field, click
Configure IPv6, select "Off" from the Configure IPv6 drop-down menu, and
click OK.
1.g. Quit System Preferences.
2. Enable unicast .local resolution
2.a. Open the Terminal application (Macintosh HD -> Applications ->
Utilities -> Terminal).
2.b. At the command prompt, type "sudo su" (no quotes) and press Return.
2.c. Type in the password for the current user account and press Return.
2.d. Type "cd /usr/sbin" and press Return.
2.e. Type "cat > EnableUnicastDotLocal" and press Return. You will not see
a command prompt at this point.
2.f. Enter the following four lines, pressing Return at the end of each
line (the file is local.ONE not local.L):
#!/bin/tcsh
echo domain local > /etc/resolver/local.1
grep -v domain /etc/resolv.conf >> /etc/resolver/local.1
echo search_order 2 >> /etc/resolver/local.1
2.g. Press Control-D. The command prompt will appear again. The output
should look like this:
2.h. Type "chmod +x EnableUnicastDotLocal" and press Return.
2.i. Type "/usr/sbin/EnableUnicastDotLocal" and press Return.
2.j. Type "cat /etc/resolver/local.1" and press Return. The output should
look like :
domain.local
nameserver 192.168.16.2
nameserver 192.168.16.2
search_order 2
2.k. Press Control-D and quit the Terminal application.
Hope this helps!
Eriq Neale, MCP
Microsoft Corporation
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Hello Andrew.
You have to have DNS name resolution working before you can get your Mac to
join the domain in Directory Access. I've set up several Macs running OS
10.2 and 10.3 and successfully joined them to an SBS server domain, but I
had to get name resolution working first. With Entourage, you don't have to
join the domain before being able to connect to the Exchange server. With
Entourage 2004, you're actually connecting through OWA, not MAPI, so once
name resolution is in place, you're good to go. If you're using an earlier
version of Entourage, then you will be connecting using IMAP.
As to your initial question, if Directory Access is returning that error,
name resolution is not working correctly. When configuring Directory Access
to join an SBS domain, you enter the base domain name (i.e., domain.local)
in both the AD Forest and AD Domain fields. There are two quick ways to
test and make sure name resolution is working correctly:
1. Open a Terminal window and type "ping [servername]" (without the quotes)
where [servername] is the NetBIOS name of the SBS server. If DNS is working
correctly, ping will return the correct IP address for the server and start
pinging the address.
2. Open Safari and connect to http://[servername]/exchange where
[servername] is the NetBIOS name of the SBS server. If DNS is working
correctly, you'll get the Outlook Web Access login page (probably after a
warning about the SSL certificate if you're using the self-signed
certificate created in the CEICW).
If these tests fail, you'll have to fix name resolution before anything
else related to Windows networking will function correctly.
Hope this helps...
-Eriq
------------------------------
Eriq Neale - MCSE 2003, MCSA Messaging, MCP Small and Medium Business
Microsoft Corporation
Get Secure! - http://www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
For SBS 4.5 issues, post to: microsoft.public.backoffice.smallbiz
For SBS 2000 issues, post to: microsoft.public.backoffice.smallbiz2000
For SBS 2003 issues, post to: microsoft.public.windows.server.sbs
Hello Andrew.
Follow these steps to fix the name resolution problems on the Mac:
1. Update Macintosh to the latest update (recommended)
2. If the server domain ends with '.local'
a. If the Macintosh is getting its IP information from anywhere other than
DHCP on the SBS server, configure DNS on the Macintosh
i. Open System Preferences (Apple Menu -> System Preferences).
ii. Click the Network icon.
iii. Select Built-in Ethernet and click Configure.
iv. Enter the IP address of the server in the DNS Servers field.
v. Click Apply Now.
vi. If there is an address appearing next to the IPv6 Address field, click
Configure IPv6, select "Off" from the Configure IPv6 drop-down menu, and
click OK.
vii. Quit System Preferences.
b. Enable unicast .local resolution
(http://docs.info.apple.com/article.html?artnum=107800)
i. Open the Terminal application (Macintosh HD -> Applications -> Utilities
-> Terminal).
ii. At the command prompt, type "sudo su" (no quotes) and press Return.
iii. Type in the password for the current user account and press Return.
iv. Type "cd /usr/sbin" and press Return.
v. Type "cat > EnableUnicastDotLocal" and press Return. You will not see a
command prompt at this point.
vi. Enter the following four lines, pressing Return at the end of each line
(the file is local.ONE not local.L):
#!/bin/tcsh
echo domain local > /etc/resolver/local.1
grep -v domain /etc/resolv.conf >> /etc/resolver/local.1
echo search_order 2 >> /etc/resolver/local.1
vii. Press Control-D. The command prompt will appear again.
viii. Type "chmod +x EnableUnicastDotLocal" and press Return.
ix. Type "/usr/sbin/EnableUnicastDotLocal" and press Return.
x. Type "cat /etc/resolver/local.1" and press Return to confirm that
"domain local" and the IP address of the nameserver are entered correctly.
xi. Press Control-D and quit the Terminal application.
3. Configure Directory Access
a. Open Directory Access (Macintosh HD -> Applications -> Utilities ->
Directory Access)
b. Click the lock to make changes
c. Enter password for local Macintosh account
d. Select SMB and click Configure.
e. Enter the NetBIOS name of the domain in the Workgroup field
f. Enter the IP address of the server in the WINS server field
g. Click OK
h. Click OK.
i. Click Apply and close Directory Access.
4. Disable SMB Encryption on the SBS Server
a. At the server, open the Server Management console..
b. Expand Advanced Management.
c. Expand Group Policy Management.
d. Expand the Forest.
e. Expand Domains.
f. Select the local domain. The SBS policy objects will display in the
right-hand pane along with the Default Domain Policy.
g. Right-click the domain icon (domain.local) and select "Create and Link a
GPO Here".
h. Enter "SMB Signing Disabled" (without the quotations marks) for the GPO
Name and click OK.
i. Right-click on the new GPO in the right-hand pane and select Edit to
open the Group Policy Object Editor.
j. Under Computer Configuration, expand Windows Settings.
k. Expand Security Settings.
l. Expand Local Policies.
m. Select Security Options.
n. In the right-hand pane, scroll down to "Microsoft network server:
Digitally sign communications (always)" and double-click on the policy
object.
o. Select the Disabled radio button and make sure the checkbox is enabled
for Define this policy setting.
p. Click OK.
q. Repeat steps n-p for "Microsoft network server: Digitally sign
communications (if client agrees)."
r. Close the Group Policy Object Editor.
s. Right-click on the SMB Signing Disabled policy object and select
Enforced. In the Linked Group Policy Objects window, the SMB Signing
Disabled object should show Yes under both Enforced and Link Enabled.
t. Move the SMB Signing Disabled policy just above the Default Domain
Policy in the window. The SMB Signing Disabled policy object should be
number 5 in the list and the Default Domain Policy should be number 6 for a
default SBS installation.
u. Open a command prompt window on the server.
v. Type "gpupdate /force" (without the quotation marks) and press Enter.
w. When the policy update completes, close the command prompt window.
Hope this helps.
-Eriq