Read-only permissions on portable drives while bound to domain on OSX

[martynh]

Hi,

I'm having some problems with a number of machines running OS X 10.4.3. The machines are standard client installs, bound to our corporate domain and authenticating to an Active Directory service, using OSX's directory access facilities.

When the machines are bound to the domain, plugging in and mounting an external drive (Maxtor One Touch II or similar - have tested several manufacturers) via USB2 or Firewire gives only read-only access. The 'Get Info' for the drive shows its owned by a user '99percent' - an account I've never heard of! The only way to restore full read and write access is to open the Get Info, and toggle on-and-off 'Ignore Ownership on this Volume'.

I've tried logging in as a local administrator, and as many options and properties as I can think of, but the only thing that seems to sort this is un-binding it from the domain.

Has anyone seen this before, or know a possible work-around. Worst case, is there any scripting I could apply to detect the mounting of a volume and correct the permissions?

Thanks in advance- brilliantly helpful site!

Martyn.

 

[martynh]

Thought it might be helpful to put my latest findings in here as well:

Hi, thanks for your help - Apple have acknowledged that there are some fundamental problems with their Active Directory support, which is causing this.

I've just installed a piece of software called ADmitMAC from Thursby software- www.admitmac.com - which has much better AD support than Tiger provides natively. It didn't solve this problem (although ironed out lots of other quirks, improved support for mounting home directories etc.) but did give me some more information on whats going on. The user 99percent shown in the screenshots is now displayed as '99percent@emap.net' - emap.net being our domain. A search in the active directory controllers revealed that 99percent is a user on the domain - in fact, the first in the list alphanumerically.

So it would appear that what OSX is doing is scanning a list of possible owners, and assigning the first it finds - in this case from the AD domain. It then also is ignoring the state of 'Ignore Ownership On This Domain', thus resulting in read-only permissions for the current user.

So, until Apple fix this I need to find a work-around. Does anyone know what component of OSX triggers when a removeable drive is connected? Thinking if I can modify or replace that, specifying the permissions explicitly it may help.

Thanks for your continued help.

Martyn.