Accessing DFS shares from non domain Macs

We have just acquired a company and they are trouble accessing our DFS shares on Windows 2012R2 from their non contoso domain Apple Mac OSX Yosemite.

They have a site to site VPN with us and can access via \servershare but not \contoso.ltd.ukns1sales.

On the DFS root share (ns1) permissions are set to Everyone to have Read Only.

On the DFS Link (sales) permissions are set to with AD security group to Full Control

I have checked the firewall and the access rules are in place and no packets are being dropped.

When a MAC user connects via cifs:\contoso.ltd.ukns1sales or smb:\contoso.ltd.ukns1sales
they get prompted to insert the AD credentials which we have provided from our domain after 5 minutes it times out.


Server entries have been found and referral entries.



From a previous EE question: http://www.experts-exchange.com/Networking/Apple_Networking/Q_28623663.html#a40630006



It's possible that you may just have to set up an SMB workgroup with a name that matches the AD or workgroup of the Windows systems.

http://www.7tutorials.com/how-change-workgroup-mac-os-x-easy-networking

Go to System Preferences --> Networks
Click on Advanced
Click on WINS
Change the Workgroup name.

Otherwise join the AD, if you have one.
http://www.techrepublic.com/blog/apple-in-the-enterprise/integrate-macs-into-a-windows-active-directory-domain/
Go to System Preferences --> Users & Groups
Click Login Options
Click Join
Enter AD Domain name.



From a previous EE question: http://www.experts-exchange.com/Networking/Apple_Networking/Q_28623663.html#a40630006



It's possible that you may just have to set up an SMB workgroup with a name that matches the AD or workgroup of the Windows systems.

http://www.7tutorials.com/how-change-workgroup-mac-os-x-easy-networking

Go to System Preferences --> Networks
Click on Advanced
Click on WINS
Change the Workgroup name.

Otherwise join the AD, if you have one.
http://www.techrepublic.com/blog/apple-in-the-enterprise/integrate-macs-into-a-windows-active-directory-domain/
Go to System Preferences --> Users & Groups
Click Login Options
Click Join
Enter AD Domain name.



Please see below smbutil in verbose mode;

ahavp:~$ smbutil -v dfs smb://contoso.ltd.uk/ns1/Sales

------------- Domain Entry 1 -------------
Domain requested : /contoso.ltd.uk
ExpandedName: /DAC-DC-DR.contoso.ltd.uk
ExpandedName: /M3-DC-02.contoso.ltd.uk
ExpandedName: /tom-dc-02.contoso.ltd.uk
ExpandedName: /tom-dc-01.contoso.ltd.uk
ExpandedName: /BEI-DC-01.contoso.ltd.uk
ExpandedName: /M3-DC-01.contoso.ltd.uk
ExpandedName: /BEI-DC-02.contoso.ltd.uk
SpecialName: /contoso.ltd.uk
NumberOfExpandedNames: 7
ServerType: 0

------------- Entry 1 -------------
Referral requested : /contoso.ltd.uk/ns1
list item 1 : Path: /contoso.ltd.uk/ns1
list item 1 : Network Address: /BEI-FS-02/ns1
list item 1 : New Referral: /BEI-FS-02/ns1
list item 2 : Path: /contoso.ltd.uk/ns1
list item 2 : Network Address: /DAC-FS-02/ns1
list item 2 : New Referral: /DAC-FS-02/ns1
list item 3 : Path: /contoso.ltd.uk/ns1
list item 3 : Network Address: /DAC-FS-01/ns1
list item 3 : New Referral: /DAC-FS-01/ns1

{type = mutable dict, count = 2,
entries =>
1 : {contents = "DfsServerArray"} = (
{
NumberOfReferrals = 1;
PathConsumed = 0;
ReferralHeaderFlags = 0;
ReferralList = (
{
ExpandedNameArray = (
"/DAC-DC-DR.contoso.ltd.uk",
"/M3-DC-02.contoso.ltd.uk",
"/tom-dc-02.contoso.ltd.uk",
"/tom-dc-01.contoso.ltd.uk",
"/BEI-DC-01.contoso.ltd.uk",
"/M3-DC-01.contoso.ltd.uk",
"/BEI-DC-02.contoso.ltd.uk"
);
ExpandedNameOffset = 64;
NumberOfExpandedNames = 7;
ReferralEntryFlags = 2;
ServerType = 0;
Size = 34;
SpecialName = "/contoso.ltd.uk";
SpecialNameOffset = 34;
TimeToLive = 600;
VersionNumber = 3;
}
);
RequestFileName = "/contoso.ltd.uk";
RequestTime = 1429876774;
}
)
2 : {contents = "DfsReferralArray"} = (
{
NumberOfReferrals = 3;
PathConsumed = 36;
ReferralHeaderFlags = 3;
ReferralList = (
{
DFSAlternatePath = "/contoso.ltd.uk/ns1";
DFSAlternatePathOffset = 140;
DFSPath = "/contoso.ltd.uk/ns1";
DFSPathOffset = 102;
NetworkAddress = "/BEI-FS-02/ns1";
NetworkAddressOffset = 178;
NewReferral = "/BEI-FS-02/ns1";
ReferralEntryFlags = 0;
ServerType = 1;
Size = 34;
TimeToLive = 300;
VersionNumber = 4;
},
{
DFSAlternatePath = "/contoso.ltd.uk/ns1";
DFSAlternatePathOffset = 106;
DFSPath = "/contoso.ltd.uk/ns1";
DFSPathOffset = 68;
NetworkAddress = "/DAC-FS-02/ns1";
NetworkAddressOffset = 174;
NewReferral = "/DAC-FS-02/ns1";
ReferralEntryFlags = 0;
ServerType = 1;
Size = 34;
TimeToLive = 300;
VersionNumber = 4;
},
{
DFSAlternatePath = "/contoso.ltd.uk/ns1";
DFSAlternatePathOffset = 72;
DFSPath = "/contoso.ltd.uk/ns1";
DFSPathOffset = 34;
NetworkAddress = "/DAC-FS-01/ns1";
NetworkAddressOffset = 170;
NewReferral = "/DAC-FS-01/ns1";
ReferralEntryFlags = 0;
ServerType = 1;
Size = 34;
TimeToLive = 300;
VersionNumber = 4;
}
);
RequestFileName = "/contoso.ltd.uk/ns1";
RequestTime = 1429876776;
}
)
}



I will try the below, however should I set the workgroup name to contoso or contoso.ltd.uk ?


Go to System Preferences --> Networks
Click on Advanced
Click on WINS
Change the Workgroup name.



Add DNS suffix contoso.ltd.uk and DNS servers via DHCP to all clients, even though the acquired company has the contoso DNS servers set as the forwarders.

Use CIFS instead of SMB.



This solution worked for me.

Share this

Related Posts

There was an error in this gadget