user has incorrect permissions, 10.4.2 client bound to AD

[jnelson]

So, the short story is I have a 10.4.2 client image fully up to date through the latest security update 2005-07. The local administrator and domain administrators can log in just fine, but when I use a normal user account from AD for the first time, it creates the local home directory but the user doesn’t have the correct permissions to actually access the folders within their local home directory.

I had this working a few weeks ago and nothing has changed on the server, just my client image. So I’m pretty sure it is a client issue. On the client side I am forcing a local home directory to be used.

Any help, ideas, or info from others with a similar problems would be much appreciated. Thanks!

[jnelson]

Here is a visual update:

So this is what the user’s home folders permissions look like. This is home the foreced local home directory is created. The user’s name is ‘testuser’ and the domain is ‘XXXX’ where ‘XXXX\dom’ = ‘XXXX\domain users’. Only two of the users directories have those correct domain permissions….the others are assigned ‘root’ and ‘wheel’ which breaks everything…

localhost:/Users/testuser admin$ ls -al
total 24
drwxr-xr-x 12 testuser XXXX\dom 408 Aug 23 10:44 .
drwxrwxr-t 9 root admin 306 Aug 23 10:42 ..
-rw-r–r– 1 root wheel 3 Aug 23 10:42 .CFUserTextEncoding
-rw-r–r– 1 testuser XXXX\dom 6148 Aug 23 10:44 .DS_Store
drwx—— 3 root wheel 102 Aug 23 10:42 Desktop
drwx—— 3 root wheel 102 Aug 23 10:42 Documents
drwx—— 17 root wheel 578 Aug 23 10:42 Library
drwx—— 3 root wheel 102 Aug 23 10:42 Movies
drwx—— 3 root wheel 102 Aug 23 10:42 Music
drwx—— 4 root wheel 136 Aug 23 10:42 Pictures
drwxr-xr-x 4 root wheel 136 Aug 23 10:42 Public
drwxr-xr-x 5 root wheel 170 Aug 23 10:42 Sites

[AMSR]

Once you have bound to AD, and are logged into the computer via the local admin account, can you resolve the users ID via the “id” command at the terminal?

Can you manually chown a folder to that user’s AD name?

I’ve not seen this one before, I’d be curious if this is a bug. You might try reporting it as such at http://bugreport.apple.com (you need a free ADC account) and see what they say.

[chwebster]

I just formatted a G4, put on a fresh install of 10.4.2, and then bound to the AD. I am seeing the exact same thing. When the Mac boots I am able to log in with my AD user, but if I try to open any of the folders like Desktop, Music, Documents, etc. it tells me I don’t have permissions.

If I log in as the local admin, however, and look at the permissions, it shows the AD user as the owner.

Has any one else solved this problem?

Craig

[chwebster]

I found one problem – my AD user had a short name with a space in it. Seems the AD plug-in pulls the attribute from AD labeled Pre-Windows 2000 logon name, and that entry for this user had a space in it. When I changed that attribute in AD and removed the space, after trashing the ‘profile’ on the Mac client and logging in again with that user, I was able to open all of the home directories.

Craig

[Author]

Posts