Permission issues with 10.5 AD clients on win2003 server

[DmaC09]

We have recently migrated all our OS X (10.4.11 and 10.5) local accounts over to AD accounts, with permissions controlled by user account and security groups in AD. With all the 10.4.11 accounts we have not had any issues with permissions to folders on the 2003 shared drives, when I update any of the users to 10.5, the have some issues accessing only some of the folders on the server and cannot color code a folder or file as well. As soon as I log that same user account into a 10.4.11 machine, i have no issues accessing the same folder or color coding the folders/folders?

Some background info:
– No OD/OS X Server involved
– No AD account changes in past yr, as far a as security groups and permissions
– I have had server team push down permissions from top folder down to all below
– all accounts are AD account – NO LOCAL accounts
– all 2003 shared drive mounted via SMB – server team will not activate or load any other protocols on servers
– No problem using AD accounts to change passwords
– time on all machine in question are up to date with servers

Any help would be GREATLY APPRECIATED, we have designers who color code folder as to status of production and this is seriously hampering their production.

If more info is needed please ask – thanks in advance for any assistance

[DmaC09]

Let’s see if I can elaborate a little more and simplify issue

On a windows 2003 file share a OS X 10.4 can see a folder with a blank space in the end of the name the same folder has a red circle and is denied access on the 10.5 machine. I understand 10.5 is supposed to be more inline with windows file naming, but is there a way to modify this on the 10.5 machine?

I know a blank space in not correct, but I am hoping that if I can modify 10.5 to act like 10.4, in this situation, I might be able to fix the other permission issues as well.

Again any help would be greatly appreciated?
thanks

[fatherzimfire]

I’ve hit exactly the same problem, in a very big way.
Unfortunately the only “solution” I’ve been using is to manually rename thousands of files by hand (on a 10.4 machine), which is what I have been doing.
It appears to be a 10.4 SMB bug (fixed in 10.5). However, SMB in 10.5 (and windows) are unable to understand the old files as they aren’t legal NTFS file names.

Feel free to ask any further questions. I’ve become an unwilling “expert” on this irritating bug.
One final thought – Why the hell would you put a bloody space at the end of a filename anyway? Idiotic users are partly to blame in this mess.

FZ

[kennyj]

I’ve seen the same thing in the past… I have noticed that the AD plug-in in 10.6 seems to work a lot better to resolve issues like this… although it seems to create other issues as well. I’m not sure if there is a way to “fix” the implementation in 10.5, unfortunately there don’t seem to be a lot of people binding only to AD and not utilizing the “Golden Triangle” approach.

The only thing I can think of is to try and download a evaluation copy of centrify or likewise and try binding your machine using that rather than the built-in AD plugin in 10.5. I don’t like the idea of using a third party plugin for this… but if it may be a solution.

In our situation it will be difficult to get designers to pay for and switch to new software as some of them are still running old versions of quark and creative suite that will not work on 10.6. If 10.6 turns out to work well though, I think they may have no other choice.

[Author]

Posts