OSX Created files can't be delete from Win2k Server

P

Peelay

Registered
Hey there, Newb here. I've done my best to search for a similar post/thread but no luck.

We have a Win2k Server with various shares. OSX 10.2/10.3 clients connect to those shares using smb:// connections. They use username/password combos that are located in Active Directory.

What happens? Mac users create files and or folders and then they can't delete/modify them. Neither can any other user, including myself a domain admin logged directly into the Win2k server. On occasion getting the Mac user to disconnect their network drive will free up the files, other times this doesn't work either. The files/folders just stay there. The error message is something like "Access denied, Files make be in use or you have insufficient access".

Are there any known solutions out there? Special permissions for Mac users locally or on the server?

Any help would be greatly appreciated!!
Cheers,
Phill
 
There was a bug we found in 10.2 -> 2000 Server where permissions weren't properly kept and users were unable to delete files properly.
 
Go3iverson said:
There was a bug we found in 10.2 -> 2000 Server where permissions weren't properly kept and users were unable to delete files properly.
Click to expand...
So do you think upgrade of Mac OSX (to 10.3) would fix it? or Upgrading 2000 Server to 2003? (although I don't think anything changed about ntfs, but I could be wrong). I really am quite surprised that there aren't more people who have encountered this. Maybe I'm an oddball and actually want Macs and PCs to get along and play nice. They each have their roll in the sandbox, why can't we get along?

Thanks for your insight anyway ;)
Cheers,
phill
 
:)

Nope, I specialize in cross platform environments, so I like them playing nice as well!

Apple's SMB code is really home grown...very home grown, so the differences between 10.2 and 10.3 could be very large. We were unable to deploy 10.2 in our 2000 environment, but 10.3's SMB worked fine. Out of curiosity, are you using the AD plugin with Kerberos, or are you keeping local accounts on your Macs and then having them manually authenticate for the shares they require?
 
Mac users have local accounts (i.e. Bob Smith) and then when they map an smb drive they are requested for authentication by the server when they enter their AD domain user name and password (our standard is bsmith and pass). So yes, authentication is manual. I'm not 100% I'm familiar with the Kerberos AD plug-in, do you have a link to info on it so I can read up a bit? How does it related to SMB authentication?

Thanks again!
Phill
 
So, if you have an Active Directory and your using SMB authentication to Windows, this is pretty simple. In Applications -> Utilities -> Directory Access is a list of Directory Services that you can enable for Authentication methods on your Mac OS X systems. You can set up your OS X machines to authenticate against your existing AD, if you like, rather than your local accounts, for better security. Also, this will enable Kerberos, so that the users do not have to authenticate for their SMB shares on the Windows server, they simply can connect to it, like any other Windows client could.

Take a look at the plug in and let me know if you have any questions! :) I have a link to my website in my sig. If you click on the Connect link, it'll email me from there, if you need really specific instructions for your domain. :)
 
You must log in or register to reply here.
Back
Top