Hey Guys!
I am going to be setting up my 2nd ever magic triangle network soon
and the first time I did it I wasn’t over pleased with some of the
permissions going wrong on the home folders for users and groups and
so I wondered if someone could give me a few
pointers/tips/instructions on the correct method;
The network structure is AD > Users OU > sub-ou for each year of
students so 2007, 2008, 2009. Withing 2008 (for example) are all the
user accounts for students who started in 2008 and there is a user
group (called 2008users) that contains all the 2008 users. On the OD
server (which is also hosting home folders) I have a share point for
each user group 2008, 2009 etc and I have created a group called
2008import which has the AD group 2008user nested inside it.This is
where it goes blurry…
How should the group folders be created on the Apple server and the
user folders within those to make sure (because this was the problem
with my last setup) no two users in the same OU group (2008users for
example) can seen inside each others home folder but “Administrators”
can still read and execute (but not wright). I was using the command
line tool “createhomedir” because when setting the home folder
location for the user account in AD it would try to make the folder
and make a hash of the permissions (so I took away AD Administrator
permissions from the share points and made them by hand). How does
everyone else do this and what should I be doing? All windows clients
are XP SP3 and Apple clients are a mix of 10.4.11 and 10.5.7.
Thanks for reading guys any help is appreciated.
Regards,
James 😉
.
.
Comments are closed