I have a 10.3.9 machine I'm using to test AD and how the Apple plug-in behaves on my network. We just migrated to AD from the legacy NT-style of authentication, and our AD forest is running in "Interim" mode.
In any case, the system binds just fine, I can login using any AD account, admin permissions are properly set, and so on.
The problem I'm having is when I modify permissions on shares on any of our Windows servers. If I give a user access to a particular share, for example, the change is replicated almost instantly to my Windows clients. My Mac client, on the other hand, still sees a blank directory listing, even after ejecting the share and re-connecting. SSO seems to be working fine (other shares with existing credentials work without re-authenticating.) Logging in as a user with access to that share results in the proper directory listing, as expected.
Does the Group Search Interval Hours setting in the ActiveDirectory.plist file affect this sort of behaviour? I work for a large ad agency, and the AD/Mac scenario is new territory for us.
Are there any workarounds? Or any other way to solve this? I can see my worst nightmare coming true... an artist out, a looming deadline, and a quick permissions fix needs to be made to allow someone else access to that particular share. If it takes 1 hour (or more) for the permissions to propagate, I might as well start cleaning my desk out now.
We are rolling out Tiger, and that would hopefully fix this... If it does, I might just hurry that roll-out along.
Thanks so much for the help!
EDIT: The same thing happens similarly with user permissions. One of the many test accounts I'm using was a member of the Domain Admins group, giving it admin permissions on my test Mac. After removing the user from the Domain Admins group, and logging back in, admin permissions still persisted. I restarted a number of times, did a lookupd -flushcache, etc... but nothing has changed... I still cannot see the contents of the share, and my user still has admin privileges, yet shouldn't...