Home Forums OS X Server and Client Discussion Open Directory Group permissions don’t work when the same user is logged into the client and server

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • September 13, 2004 at 10:57 pm #359137
    kreynen
    Participant

    I’m at a loss to expliain this. I have 800 users on a 10.3 server using Open Direcotry. The 10.3.4 clients authenticate using a modified Open Directory connection that maps the group and home dir to a static value.

    Authentication to the clients works fine. Authentication to the server works fine. But when the same users is authenticated to the client and server, group permissions don’t really work on the server. The user can still write to the user directory they own, but not to folders unless everyone is given write access.

    What’s really weird is a drop boxes show up as drop boxes, but when a user starts to copy to it… they get the normal “you will not be able to see what is in this dropbox”, but then the copy fails. When their logged into the client as a different user, the drop box works fine.

    I’ll post more details later, but if anyone has seen this before… PLEASE HELP!?!

    September 15, 2004 at 3:52 am #359157
    kreynen
    Participant

    with the exception of the primary group, users can’t write to folders based on group permissions… unless of course the user isn’t logged into the client machine as themselves. id returns the list of groups including the general Students group and the class groups the students belong to. Did I miss something in the documentation?

    What is the relationship between machines that authenticate to Open Directory via LDAP and the group permissions on the server?

    October 13, 2004 at 9:31 pm #359518
    ghostman
    Participant

    okay, I’ll bite.

    Besides changing the local user ID to match the Open Directory UID, how do you statically map UIDs? I’ve done the change of local UID with bad results – users had no permissions. Just wondering what I missed.

    October 18, 2004 at 7:31 pm #359570
    ghostman
    Participant

    I’m still having an issue with this. My users can authenticate fine. But for some reason, when connected to one of my Open Directory Slave machines via AFP, the command line will still return unknown groups.

    I’ve actually matched user and primary group IDs on my test computer to an account the OD, but I still get the error. I thought it might have been a software version issue (OD Master was 10.3.5, slaves were 10.3.3 and 10.3.4), but updates didn’t help. Doing an ID comes back correctly and shows all the groups the network user is suppose to belong to.

    Thoughts?

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.