MAC permissions problem with Iomega NAS on Windows Domain

Posted on 2010-11-29
Last Modified: 2012-05-10
We have a Windows 2003 SBS server and use PCs and MACs. We recently purchased an iomega StorCenter StorCenter ix4-200d to act as our fileserver to take the load off our server.  All seemed fine until the MAC users said they had problems writing to folders, even ones that they had created themselves only minutes before.  After some investigation, it seems that from OS versions 10.6.4 and above, if the MAC is added to the windows domain, the permissions on new folders are set with Read-Only attributes for Everyone, and some of our global User groups.  This can be resolved by logging in to a PC as the MAC user who first created the folder and setting full access again to Everyone and the other groups.  As you can imagine this is painful!  If I remove the MAC from the domain on 10.6.4 upwards, it seems to work fine but I need them on the domain to be able to secure our NAS drive with Active Directory.

Also, I've noticed that below 10.6.4 we can copy files from the MAC's desktop to the NAS by first removing the dotslash files (using Terminal), but on 10.6.4 and upwards, even removing the dotslash files doesn't help and the file copy fails with 'you do not have permission..'

My options seem to be to downgrade all MACs to pre 10.6.4 (not going to go down well) or take them off the Windows domain - not practical.

One more thing - all MACs can copy files absolutely fine to a share on the original Windows 2003 Server.  We are using this as a temporary area for MAC users to get files on to the server.. they copy to the Windows Server and someone on a PC then moves the files on to the NAS for them.


Rich Reeves
Jellyfish Creative
01604 233 933
Question by:rawsharklives
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 15

Expert Comment

ID: 34231314
I think you have two options:
1: contact Iomega for help sorting out the permissions and privileges.
2: mount the NAS to the windows 2003 server and have your macs continue down this route.

Author Comment

ID: 34231455

I will try the iomega route, but as I can get the MACs to work when not on the domain, and PCs work when on the domain, I was assuming they wouldn't get involved.  Worth a shot though.

As to point 2.  Can you clarify what you mean by mounting the NAS to the windows 2003 server?  Do you mean setting up a share on the main server pointing at the NAS?  How would the MACs then access it?

Thanks for your help so far.


Author Comment

ID: 34265020
I'm now logging a call with IOMEGA support once I have the serial number of the drive from the office.  I will let you know if they resolve it and pass on points appropriately.


Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

LVL 15

Expert Comment

ID: 34988168
did this get resolved?

Accepted Solution

rawsharklives earned 0 total points
ID: 34995271
Yes. But not with any help from iomega.  In the end I had to remove the NAS from the Windows Domain and connect to it with local NAS users.  PC users seems to connect ok, and the MACUSER supply a NAS specific user and password and we no longer get the permissions being changed by MACs.

We are still finding folders with messed up permissions and the solution is to copy and paste the entire folder using a PC which resets all permissions.  Then delete the original folder using the NAS control panel itself.

So, no proper Windows Domain support working with this NAS. I'm sure with all MACS or all PCs it would be fine.  It seems to be the mix of the two.

LVL 15

Expert Comment

ID: 34996020
I would request closing this question with you solution as the preferred answer.

Author Closing Comment

ID: 35042271
Could not resolve problem on Windows Domain.  Had to take if off the domain and go about it another way.

Expert Comment

ID: 35285829
I have had a simular problem. I need both MAC and Windows computers to be able to access the NAS device while autenticating to ADS.

After speaking with iomega techs, and having them tell me to only way to have both Windows and MACs access the device was to set it to workgroup modes- not an option for us.

Well, good news!!  --Sort of.  I got to thinking,
While having the NAS setup to access ADS, I enabled the FTP features on the NAS and then installed FTP client applications on the MACS.
Now the Windows and Mac users are albe to authenticate against the Active Directory!

There are just a few minor inconvienences when using this method on a MAC, such as not being able to open a file directly from within an application (perhaps some can recomment a client app that would fix this); and, you need to copy or move the files back and forth.


Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question