DFS – questions on Samba/SMB/CIFS

[eekaboig]

Has anyone successfully used any of these third party software in a predominately Windows environment? If so what, and could you hook a girl up with some tips? I was secretly hoping the AdmitMac (since dave is now wrapped up in it) would work well because i do mostly client side, but its got major bugs and its looking more and more like it will have to be sever side. Anyway, i appreciate any input out there. thanks, eek

[thomasb]

Hi @eekaboig,

How is your DFS setup? What are you trying to achieve? Are you dealing with DFS based home folders, or just general shared storage in a DFS configuration?

At work, we ended up using ExtremeZ-IP and their Zidget for our general shared storage. Works great, and easy for users to locate and mount shares with a solid and fast AFP connection. For home folders we extended our schema (which we were doing anyway) and added two extra attributes, “apple-user-homeurl” and “apple-user-homeDirectory”, which we populate with full paths using a script on the Windows side that at intervals reads the full path from DFS and updates the values mentioned. This way, the Windows clients get DFS based home folders, and the Mac users get the full path. This is kind of a hidden feature of the Apple AD plugin.

[b]man dsconfigad[/b]
[b]-useuncpath[/b] This flag determines whether the plugin uses the UNC specified in the Active Directory when mounting the network home. [b]If this is disabled, the plugin will look for Apple schema extensions to mount the home directory.[/b]

We are not trying to do portable home folders, but we do mobile accounts and would like the home folder to automount on login with AFP. Our setup works pretty good, but we still have some minor issues. I would be happy to tell you how we did it, once we are happy with the setup. I have already outlined a “howto” for it.

[eekaboig]

hey thomasb, thanks for the info. we are set up with a dfs config. users can still map using smb but we move folders around so much it becomes problematic so AD is looking to be strictly dfs. AD is of course adamantly adverse to extending their schema but i think there is some lack of understanding there as well. we are testing the xzip zidget on a test domain and it works GREAT but there are no home drives on the test network so its hard for me to say “yeah this will work”. I am trying to get them to test it on the live servers but so far i run into a brick wall so they are going to try to have my test domain mirror the live domain. AD dislikes Macs immensely here so its been rough.

I am going to pass this on to my mac techs to see what they think, as well as the rogue ad person who does not hate my macs.

If we choose the xzip our users should be able to access their drives via the vpn client we provide, in theory. Did you try the admit mac or any other product? just curious. I would be very interested in seeing your “howto” doc when you are finished. How do you have your mac users log in, locally? Do you have networked printers? if so how do you configure them?

I have a lot of newb questions i know, but well its an entire new program and i really want it to fly. Interestingly, i’ve had a hard time finding “real” reviews of the products and how well they really work. thanks for your input, eek

[eekaboig]

ps-what we are trying to achieve is
password expiration notifications and the ability to change it on the domain
network printer mapping
network drive mapping using dfs (users have three drives associated with their id’s)
use of network drives on and off campus-90% of our mac users are on a laptop

inventory and software concurrent licensing but i am hopeful with caspers recon and their new sccm plugin…

[M@]

First, the spam filter on this forum is horrid. I’ve tried posting unsuccessfully several times and can’t for the life of me figure out what’s triggering it. I think it has to do with the fact that I only have one post.

[QUOTE][u]Quote by: eekaboig[/u][p][b]ps-what we are trying to achieve is
password expiration notifications and the ability to change it on the domain[/b]
[/QUOTE]

Our University uses alternative methods for this — a website with a form combined with an e-mail notification. I can check on this for you if you’re interested.

[b]network printer mapping[/b]

Last time I checked, MacOS saved the user’s AD password in a plaintext file on the machine. While you have to have admin access to the machine, we consider this too insecure. We map directly to the printer — you could script this to happen at login.

[b]network drive mapping using dfs (users have three drives associated with their id’s)[/b]

We pick one of our three DFS servers to point Macs at — if that server goes down, then we have to point the users elsewhere, but they’re identical and only one character changes in the name. That server share also contains the development and production webserver shares so that makes it less complicated.

[b]use of network drives on and off campus-90% of our mac users are on a laptop
[/b]
Via VPN first, I’d imagine? MacOS works great with Microsoft’s VPN.

[b]inventory and software concurrent licensing but i am hopeful with caspers recon and their new sccm plugin…[/b]

We actually use OCS-Inventory (the price is right) and Apple Remote Desktop for patching. For concurrent licensing, Sassafras K2 is supported at the University level, but it’s somewhat of a nightmare when it screws up, and the interface is so complex that it’s difficult to figure out the most often question: “who has what licenses checked out where?!?” (causing user X to get a license denied message)…

[eekaboig]

Thanks M@

We are testing the Casper Recon now for inventory since it now has an SCCM plugin(woohoo!). One of my biggest hurdles is do not have any one or two Mac specific peeps to work on the project. We are all doing two or three jobs at a time here.

[eekaboig]

The VPN works great with the Macs, now we just have to decide which product to use.

[eekaboig]

argh spam bot

[eekaboig]

up yours spam bot

[Author]

Posts