I’ve successfully setup my Leopard Server using the AD/OD Sandbox document on this site. I have my server serving up MCX records for an OD group containing a nested AD group. Authentication is not required to bind to the OD server.
I’m trying to test doing the same thing for File Sharing, but I’m running into some permissions errors. I setup two OD groups, client1 and client2. I nested the equivalent AD groups inside each of them.
I then first tried creating the share point in Server Admin, and adding the OD groups and propagating the permissions and ACL. This worked up to the point of creating any new files, or saving over old files, or creating new directories. I could see the client1 as accessible (normal folder icon) and client2 as inaccessible (with a red minus folder icon). But once I get into the directory, I can’t write files, I can’t duplicate or save over a file.
I then read that Server Admin can do a poor job of setting ACLs, so i removed them using [code]sudo find /Volumes/Disk/client1 -exec chmod -a# 0 {} \;[/code]
I then set permissions using Terminal: [code]sudo chmod -R +a “client1 allow readattr,readextattr,readsecurity,list,search,read,execute,\
writeattr,writeextattr,delete,delete_child,add_file,add_subdirectory,write,append,\
file_inherit,directory_inherit” /Volumes/Disk/client1[/code]
Still the same result. Not sure where I’m getting stuck here. Anyone else using AD -> OD for AFP access?
Thanks, this site has been a big help so far!
Brian
.
.
Comments are closed