Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

MAC permissions problem with Iomega NAS on Windows Domain

Posted on 2010-11-29
8
Medium Priority
?
2,610 Views
Last Modified: 2012-05-10
We have a Windows 2003 SBS server and use PCs and MACs. We recently purchased an iomega StorCenter StorCenter ix4-200d to act as our fileserver to take the load off our server.  All seemed fine until the MAC users said they had problems writing to folders, even ones that they had created themselves only minutes before.  After some investigation, it seems that from OS versions 10.6.4 and above, if the MAC is added to the windows domain, the permissions on new folders are set with Read-Only attributes for Everyone, and some of our global User groups.  This can be resolved by logging in to a PC as the MAC user who first created the folder and setting full access again to Everyone and the other groups.  As you can imagine this is painful!  If I remove the MAC from the domain on 10.6.4 upwards, it seems to work fine but I need them on the domain to be able to secure our NAS drive with Active Directory.

Also, I've noticed that below 10.6.4 we can copy files from the MAC's desktop to the NAS by first removing the dotslash files (using Terminal), but on 10.6.4 and upwards, even removing the dotslash files doesn't help and the file copy fails with 'you do not have permission..'

My options seem to be to downgrade all MACs to pre 10.6.4 (not going to go down well) or take them off the Windows domain - not practical.

One more thing - all MACs can copy files absolutely fine to a share on the original Windows 2003 Server.  We are using this as a temporary area for MAC users to get files on to the server.. they copy to the Windows Server and someone on a PC then moves the files on to the NAS for them.

Thanks

Rich Reeves
Jellyfish Creative
01604 233 933
richr@jellyfishcreative.co.uk
0
Comment
Question by:rawsharklives
  • 4
  • 3
8 Comments
 
LVL 15

Expert Comment

by:roylong
ID: 34231314
I think you have two options:
1: contact Iomega for help sorting out the permissions and privileges.
2: mount the NAS to the windows 2003 server and have your macs continue down this route.
0
 

Author Comment

by:rawsharklives
ID: 34231455
Hi,

I will try the iomega route, but as I can get the MACs to work when not on the domain, and PCs work when on the domain, I was assuming they wouldn't get involved.  Worth a shot though.

As to point 2.  Can you clarify what you mean by mounting the NAS to the windows 2003 server?  Do you mean setting up a share on the main server pointing at the NAS?  How would the MACs then access it?

Thanks for your help so far.

Rich
0
 

Author Comment

by:rawsharklives
ID: 34265020
I'm now logging a call with IOMEGA support once I have the serial number of the drive from the office.  I will let you know if they resolve it and pass on points appropriately.

Thanks

Rich
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 15

Expert Comment

by:roylong
ID: 34988168
did this get resolved?
0
 

Accepted Solution

by:
rawsharklives earned 0 total points
ID: 34995271
Yes. But not with any help from iomega.  In the end I had to remove the NAS from the Windows Domain and connect to it with local NAS users.  PC users seems to connect ok, and the MACUSER supply a NAS specific user and password and we no longer get the permissions being changed by MACs.

We are still finding folders with messed up permissions and the solution is to copy and paste the entire folder using a PC which resets all permissions.  Then delete the original folder using the NAS control panel itself.

So, no proper Windows Domain support working with this NAS. I'm sure with all MACS or all PCs it would be fine.  It seems to be the mix of the two.

Thanks.
0
 
LVL 15

Expert Comment

by:roylong
ID: 34996020
I would request closing this question with you solution as the preferred answer.
0
 

Author Closing Comment

by:rawsharklives
ID: 35042271
Could not resolve problem on Windows Domain.  Had to take if off the domain and go about it another way.
0
 
LVL 1

Expert Comment

by:HollywoodRay
ID: 35285829
I have had a simular problem. I need both MAC and Windows computers to be able to access the NAS device while autenticating to ADS.

After speaking with iomega techs, and having them tell me to only way to have both Windows and MACs access the device was to set it to workgroup modes- not an option for us.

Well, good news!!  --Sort of.  I got to thinking,
While having the NAS setup to access ADS, I enabled the FTP features on the NAS and then installed FTP client applications on the MACS.
Now the Windows and Mac users are albe to authenticate against the Active Directory!

There are just a few minor inconvienences when using this method on a MAC, such as not being able to open a file directly from within an application (perhaps some can recomment a client app that would fix this); and, you need to copy or move the files back and forth.

0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question