Jump to content
Welcome to InsanelyMac Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to contribute to this site by submitting your own content or replying to existing content. You'll be able to customize your profile, receive reputation points as a reward for submitting content, while also communicating with other members via your own private inbox, plus much more! This message will be removed once you have signed in.


Win AD + Mac OD Network Share Issue

2 posts in this topic

Recommended Posts

Hey all, I'm hoping someone will be able to help me out with this problem with having in the school I work in. The problem is that our PLC students are able to not only access their own network folder, but that of all other PLC users.


We have a golden triangle setup, consisting of a Dell PowerEdge 2950 with Server 2008 R2, which hosts Active Directory as well as our DNS, DHCP and file services, and a Snow Leopard 10.6.7 Mac Mini with Open Directory.


The Mac Server is bound to AD, and all Mac Clients are bound to both AD and OD, AD for authentication and their remote shares + profiles, and OD for policies.


PLC Students are stored in AD under Users/PLC Students/#Class Group#/%username% (obviously, where Class Group is the name of whatever course their in, and %username% is the users login name, usaully first.last name)), and their Profile shares are mounted at \\ADSERVER\PLC_Home$\#Class Group#\%username% (which is actually L:\PLC Home Folders\#Class Group#\%username%).


The share permissions are set to allow Everyone Read access, and Administrators Full Control, and the NTFS permissions are set to Inherit standard, default permissions from the root of the HDD. On a Windows machine, AD restricts the user to their own folder, but Snow Leopard seems to mount their network share at \\ADSERVER\PLC_Home$\ and ignore the rest of the profile path specified (yes, \\ADSERVER\PLC_Home$\ is the root shared folder)


This seems to be such a niche problem, I'm sure it probably has something to do with the NTFS permissions, but I'm stumped by it, and info on working Golden Triangle set-ups are flaky at best, so I hope someone can at least point in in the right direction to fixing this!!

Share this post

Link to post
Share on other sites

lucidanime, have you went into each folder in OD and checked the security settings for the groups? Basically starting with the root directory and following it down? Make sure "everyone" isn't set on the root and only assign the correct group to the folders they need access to. Kind of like in Server 2008. You have the "share permissions" and the security tab in there. You have to set both usually to restrict the access to root folders, etc.


I'll set up a vm environment and see if i can replicate your problem and maybe give step by step instructions on what to do. Its been a while since i've messed with OD.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.