Home Forums OS X Server and Client Discussion Active Directory 10.6 server bound to 2008 AD will not show correct permissions on AFP share

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • February 17, 2010 at 11:09 am #377995
    generic_penguin
    Participant

    Hi All

    This one is doing my head in a bit, wondering if anyone has come across this

    I have a 10.6 server that is bound to a 2008 AD server
    Binds OK and looks like all is well.

    I setup a folder and share using AFP. define an AD group as read / write to that folder

    When a user belonging to the AD group then goes into that folder they have READ ONLY access to the folder itself

    Showing effective permissions inspector reveals the same “READ ONLY” for that user

    Yet the group on the ACL says it has read / write.
    If I go into workgroup manager and look at the group membership the user DOES exhist in the AD group

    the strange thing is that some users that belong to the AD group do have correct permissions while others in the group don’t

    No other group has been defined in the ACL

    If I add the individual user into the ACL then it works, It is just when I add the group to the ACL that is is strange.

    I was wondering if anyone else has seen this before ?

    Troubleshooting done

    * Network time server pointing to AD server
    * $ dirt -u “username” -p “password” is OK
    * $ id “username” is OK
    * DNS all good, A records and PTR records all sweet
    * No disjoint AD domain
    * http://support.apple.com/kb/HT3394 “All Good”
    * Even tried Allow of cryptography algorithms compatible with Windows NT 4.0 “http://support.microsoft.com/kb/942564”

    February 17, 2010 at 7:22 pm #378006
    HelgeTjelta
    Participant

    Well, we have a SMB 2003 with AD, and having the same situation.

    ACL members in a group will net get the group permission (using effective permission rights) , but if I put the user in the ACL list, all is ok…

    I want the group to work!! Please help.

    /Helge, norway

    December 15, 2010 at 1:10 am #380148
    kennyj
    Participant

    HAs anyone resolved this one yet? I’m seeing a similar situation in which it seems that AD group membership isn’t being properly resolved. So when a user tries to auth to a share, they receive a message saying there are no shares available for that user

    December 16, 2010 at 11:01 pm #380167
    cashxx
    Participant

    This started with Windows 2003 R2 server and this is what we came up with:

    Mac OS X Permissions Problems with Window Server 2003 R2

    If you re-push the permissions it should be fine. If you script folders to be made for users use icacls.exe instead of calcs.exe. There is an inheritance flag not being set for some reason.

    I have been fighting Apple on this for a year or two now and no help has been given! Put in a bug report if you haven’t already please…..bugreport.apple.com.

    ooops I just re-read the first post you are setting up shares on a Mac Server……..what I posted probably doesn’t pertain to that situation. If the share is on a Windows server then yes.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.