AFP & AD

[sketch]

I apologize if this has been asked and answered, but I did a search and didn’t find anything so…

I have a 10.3 server bound to Active Directory. I created a local group called “softwareshare” and imported the appropriate AD users and 1 local user into the group.
I created an AFP share called “Software”, and set ownership at root:softwareshare and permission to 770 (rwxrwx—)

I can log int to the share with any user in the “softwareshare” group (all others are rebuked), but I can’t do anything with it. If I add permissions to Everyone, then I can.

Anybody have an idea?

PS an additional curiosity: when I’m sitting at the server with the local admin account that is also a part of “softwareshare” and do a “Get Info” the Finder tells me I have full access, but it won’t let me into the folder.

[taco]

My experience has been that it won’t let you mix local/AD users into a local group. I tested on my test server and like you I could get the share to mount, but could not see the contents of the share.

[benfeea1]

I have the solution for you. Sorry it is not sooner but I just saw your post.

I am going to assume your Mac OS X clients are also bound to AD. That is part of the reason they have no privileges.

To solve this you have to modify /Library/Preferences/com.apple.AppleFileServer.plist
Set
noNetworkUsers
true

It is the craziest thing I have ever seen, but it works.

[Author]

Posts