I have 3 users in my environment who run Mac's. Prior to upgrading a few months ago to Lion, they could access our network share drives without (to many) issues. Now, they are unable to access a few critical file shares.
The computers are bound to AD.
They need to connect to shares on 2 machines:
1 - the department manager who uses Windows 7 and we have a folder shared on her computer, they can access this share with no problem.
2 - our primary file storage server which is where we are having some issues. There are three shares that are needed:
The group in question, and the users of the Mac’s, all have full control over the advertising share at the NTFS level and via the share permissions. The Mac’s can connect to this share without any problems hassle or difficulty.
\\myserver\data Share permissions allow all domain users to have full control over the share, NTFS permissions are significantly different. They allow domain users to list folders and read files but they cannot open the majority of folders. We have some “common use” folders on this share which everybody has access to, some are read everything, some are read/write everything, but you only have access to the folders that your department group has been given access to. In the case of all the users and machines in question, they should be able (and used to before upgrading to Lion) see the folders, look in the ones they had access to and there is an additional “Advertising” folder under data which they have full control over. Not only can we not use finder to access \\myserver\data, we cannot use connect to server and jump / mount directly to \\myserver\data\advertisin
me -- this share is even more restricted, users are not allowed to access anything other than their directory and they do not have list permissions. Our windows logon scripts (and Active directory home directory mappings) drill all the way down to the users home directory. The … indicates location number, department. In the case of these users their full path would be \\myserver\home\98\B\adv\u
sername the users have full control over their direcoty but again, we cannot use “connect to server” and open the directory. I would not expect finder to allow you to drill up or down since users do not have list permissions.
Again, this stuff worked fine before we switched to Lion.
I’m not sure if there are additional modules I need to install on either the macs or on my server. If the user logs into a windows PC, they have access to everything they need on these shares. In the past I have had some issues with Macs and non windows clients communicating with file shares if the shares were hosted on domain controllers but that is not the case here and both the macs and file server are domain members.
If I reset the user’s domain password that password has to be used on the macs so I know that they’re authenticing and our web proxies and web filters see valid logon events from the macs hitting the DC’s for logon events which is how they associate traffic to users so I’m pretty confident that the macs are getting their authentication tokens properly.
I’m not sure of my next steps to even check, Apple support is no help. Granting full control of the share to this group is not a solution.