A Tale Of Two Macs

[learner]

Greetings, all.

This an odd problem that has me and others stumped, hoping you can help. I've got

A client has two Macs: an iMac and a MacBook. These are in use in an Active Directory environment, but (as far as I've been able to determine) are not joined to the domain.

On the MacBook, the client can enumerate all the shares on the server by clicking Go, Connect to server, and entering smb://dc01, and authenticating. No problem at all.

On his iMac, he follows the same steps but gets an error saying that either he doesn't have rights or there are no shares. Neither of those are correct, considering the fact that he does have the rights and there are shares available (see above). He is able, though, to connect directly to a share by clicking Go, Connect to server, and entering smb://dc01/sharename, and authenticating. The part that isn't working is enumerating all the shares from the root level, but only on the iMac. It should probably go without saying, but we are able to ping the server from a terminal window.

Any and all assistance is appreciated!

 

[honestone]

What Mac OS is each Mac running?

 

[Cory Cooper]

Hello,

You can check AD status by going to  > System Preferences... > Users & Groups > Login Options > Network Account Server. It will show a green dot next to the AD domain name if it is joined. If not, you will just see a Join button.

The Macs can still mount the shares even if they are not bound, since users can simply authenticate with AD credentials.

C

 

[learner]

Thanks for your replies!

Both machines are running 10.10.5

I'm > 90% sure that neither machine is a member of the domain, but I will check again to be sure. It's a little challenging to get much time on the machines since the end user is a named partner.

 

[learner]

Update: confirmed that neither machine is joined to the domain. In fact, the Join button is greyed out on both machines.

Thoughts / suggestions?

 

[Cory Cooper]

Normally, it's best to join the Macs to the AD domain. It makes connecting to shares much easier. The Join button will be grayed out until you click the lock and authenticate with an Admin account/password. You can the click the Join button to bind.

Two additional things you could check would be  > System Preferences... > Network > click on Ethernet or Wi-Fi, whichever is used to connect to the network > Advanced... > WINS and see if the Workgroup is the same. Also, check to see if the firewall is active in  > System Preferences... > Security & Privacy > Firewall.

C

 

[learner]

Cory, thanks for your continued suggestions.

I just now was able to verify that the workgroup name is the same on both machines, and that the firewall is off on both machines.

I did not add them both to the domain because I have a question about that: will adding them to the domain cause any sort of issue if/when the client wants to use them off-network?

Again, thank you for your kind and patient help!

 

[learner]

Another quick note - I noticed today that the iMac has two active network connections (ethernet and wifi), whereas the MacBook only has one (wifi).

Possibly an issue?

 

[learner]

Bump for visibility.

Brief summary of last two questions:

1. Will adding a Mac to the domain cause any issues if user wants to use it off-network?
2. Will having an active Ethernet and active wifi cause any issues?

Thanks in advance!

 

[Cory Cooper]

Hello again,

Sorry for the late reply.

You can use multiple network connections without any harm. Each Mac will simply use the first available connection as set in  > System Preferences > Network > (click the gear icon next to the - and +) > Set Service Order. Normally, Ethernet should be at the top of the list, then Wi-Fi. Ethernet is the preferred connection, as it doesn't have any "overhead" like Wi-Fi, and it will simply be ignored if there isn't an Ethernet cable plugged in.

If the Mac is joined to AD, it shouldn't affect it when used outside of the network. The AD/network resources simply won't be available unless you are on that network, or using a VPN login remotely.

Hope that helps some.

C