Jump to content

Win AD + Mac OD Network Share Issue

2 posts in this topic

Recommended Posts

Hey all, I'm hoping someone will be able to help me out with this problem with having in the school I work in. The problem is that our PLC students are able to not only access their own network folder, but that of all other PLC users.


We have a golden triangle setup, consisting of a Dell PowerEdge 2950 with Server 2008 R2, which hosts Active Directory as well as our DNS, DHCP and file services, and a Snow Leopard 10.6.7 Mac Mini with Open Directory.


The Mac Server is bound to AD, and all Mac Clients are bound to both AD and OD, AD for authentication and their remote shares + profiles, and OD for policies.


PLC Students are stored in AD under Users/PLC Students/#Class Group#/%username% (obviously, where Class Group is the name of whatever course their in, and %username% is the users login name, usaully first.last name)), and their Profile shares are mounted at \\ADSERVER\PLC_Home$\#Class Group#\%username% (which is actually L:\PLC Home Folders\#Class Group#\%username%).


The share permissions are set to allow Everyone Read access, and Administrators Full Control, and the NTFS permissions are set to Inherit standard, default permissions from the root of the HDD. On a Windows machine, AD restricts the user to their own folder, but Snow Leopard seems to mount their network share at \\ADSERVER\PLC_Home$\ and ignore the rest of the profile path specified (yes, \\ADSERVER\PLC_Home$\ is the root shared folder)


This seems to be such a niche problem, I'm sure it probably has something to do with the NTFS permissions, but I'm stumped by it, and info on working Golden Triangle set-ups are flaky at best, so I hope someone can at least point in in the right direction to fixing this!!

Link to comment
Share on other sites

  • 1 year later...

lucidanime, have you went into each folder in OD and checked the security settings for the groups? Basically starting with the root directory and following it down? Make sure "everyone" isn't set on the root and only assign the correct group to the folders they need access to. Kind of like in Server 2008. You have the "share permissions" and the security tab in there. You have to set both usually to restrict the access to root folders, etc.


I'll set up a vm environment and see if i can replicate your problem and maybe give step by step instructions on what to do. Its been a while since i've messed with OD.

Link to comment
Share on other sites


  • Create New...