[kreynen]

Same thing. The user owns the file.

[kreynen]

I know this is old, but I was searching for a solution to a different drop box problem and I’ve seen these same error in the past. In my situation this would happen on a 10.3 server with AD users, but it wasn’t consistent. Sometimes connected to the server via wireless would cause the problem. Other times we’d see it on the wired connections. We determined it wasn’t happening with 10.4, so we upgraded the server and I haven’t seen these errors again.

All I can say is if your server is bound to AD, I doubt it is caused by individual directory permissions.

[kreynen]

Here’s the situation…

I have a few OSX servers and a hundred or so OSX clients all bound to AD. Student folder permissions are set so they are the owner and everything works fine. Faculty have class folders that have drop boxes. If a student is using a laptop or is logged into a lab computer as someone else, the dropboxes work fine. If the user is logged into the lab computer as their AD user, they can’t use dropboxes. They can connect to the server, modify files in their user dir, even see that the dropbox is a dropbox… but when they start transfering files they get an “operation cannot be completed because you do not have sufficient priviledges for some items” error.

Again… the student can copy to their user directory, just not a dropbox… but they can use a dropbox from any unbound machine or even a bound machine that is logged in as someone else. The clients are 10.4.3. The server is 10.3.9.

Any ideas?

[kreynen]

ANSWER:

I have servers bound to AD.

Once bound, users can login.

Rather than automagically create directories, I use…

mkdir usersdir
chown -R username usersdir

I have a script that converts my class rousters into command line instructions.

ftp won’t drop them into their homedir, but I changed the ftp root to be the top user dir.

QUESTION?

While I can’t get Apache security “realms” to work with AD users, it doesn’t seem to work with groups. Anyone know how to fix that?

[kreynen]

Password expiration notices ARE sent to clients connecting to a share on a server that has clear text passwords disabled when the client had Microsoft’s UAM installed.

[kreynen]

Installing the Combined update solved my authentication problem.

[kreynen]

My server hung at 30% on optimization. Rebooted fine, but the Open Directory “improvements” seems to have locked out every authenticating via LDAP.

Tried downloading the update to reapply. Won’t verify the checksum. Rebooted off the firewire backup… same thing. Corrupt checksum.

I was able to download the Combined update and I’m installing that now.

[kreynen]

These are OD passwords.

If I reset the password though WGM or even import a new user, the password works. I don’t have time to manually reset 800 passwords.

I would have to re-import all 800 users and redistribute passwords… not something I’m interested in the last 2 weeks of classes.

The unchanged passwords work when authenticating via AFP to a 10.3.6 server that is authenticates to the OD master when it is booted in 10.3.5, but not 10.3.6. I have not tried to replicate to 10.3.5 OD to the 10.3.6 child, but I will try this over break.

Currently I’m running the server off a firewire drive that has the Carbon Copy Cloner back-up. Even if you have an incrimental back-up system, I HIGHLY recommend CCC to firewire drive for your system partition. Your downtime is limitted to the time it take to reboot.

[kreynen]

with the exception of the primary group, users can’t write to folders based on group permissions… unless of course the user isn’t logged into the client machine as themselves. id returns the list of groups including the general Students group and the class groups the students belong to. Did I miss something in the documentation?

What is the relationship between machines that authenticate to Open Directory via LDAP and the group permissions on the server?

[Author]

Posts