OS X Lion Users cannot access _some_ Windows File Shares
I have 3 users in my environment who run Mac's. Prior to upgrading a few months ago to Lion, they could access our network share drives without (to many) issues. Now, they are unable to access a few critical file shares.
The computers are bound to AD.
They need to connect to shares on 2 machines:
1 - the department manager who uses Windows 7 and we have a folder shared on her computer, they can access this share with no problem.
2 - our primary file storage server which is where we are having some issues. There are three shares that are needed:
The group in question, and the users of the Mac’s, all have full control over the advertising share at the NTFS level and via the share permissions. The Mac’s can connect to this share without any problems hassle or difficulty.
\\myserver\data Share permissions allow all domain users to have full control over the share, NTFS permissions are significantly different. They allow domain users to list folders and read files but they cannot open the majority of folders. We have some “common use” folders on this share which everybody has access to, some are read everything, some are read/write everything, but you only have access to the folders that your department group has been given access to. In the case of all the users and machines in question, they should be able (and used to before upgrading to Lion) see the folders, look in the ones they had access to and there is an additional “Advertising” folder under data which they have full control over. Not only can we not use finder to access \\myserver\data, we cannot use connect to server and jump / mount directly to \\myserver\data\advertisin
\\myserver\home\...\userna
Again, this stuff worked fine before we switched to Lion.
I’m not sure if there are additional modules I need to install on either the macs or on my server. If the user logs into a windows PC, they have access to everything they need on these shares. In the past I have had some issues with Macs and non windows clients communicating with file shares if the shares were hosted on domain controllers but that is not the case here and both the macs and file server are domain members.
If I reset the user’s domain password that password has to be used on the macs so I know that they’re authenticing and our web proxies and web filters see valid logon events from the macs hitting the DC’s for logon events which is how they associate traffic to users so I’m pretty confident that the macs are getting their authentication tokens properly.
I’m not sure of my next steps to even check, Apple support is no help. Granting full control of the share to this group is not a solution.
Any ideas?
.
The computers are bound to AD.
They need to connect to shares on 2 machines:
1 - the department manager who uses Windows 7 and we have a folder shared on her computer, they can access this share with no problem.
2 - our primary file storage server which is where we are having some issues. There are three shares that are needed:
\\myserver\data
\\myserver\home\additional
\\myserver\advertising
\\myserver\home\additional
\\myserver\advertising
The group in question, and the users of the Mac’s, all have full control over the advertising share at the NTFS level and via the share permissions. The Mac’s can connect to this share without any problems hassle or difficulty.
\\myserver\data Share permissions allow all domain users to have full control over the share, NTFS permissions are significantly different. They allow domain users to list folders and read files but they cannot open the majority of folders. We have some “common use” folders on this share which everybody has access to, some are read everything, some are read/write everything, but you only have access to the folders that your department group has been given access to. In the case of all the users and machines in question, they should be able (and used to before upgrading to Lion) see the folders, look in the ones they had access to and there is an additional “Advertising” folder under data which they have full control over. Not only can we not use finder to access \\myserver\data, we cannot use connect to server and jump / mount directly to \\myserver\data\advertisin
\\myserver\home\...\userna
Again, this stuff worked fine before we switched to Lion.
I’m not sure if there are additional modules I need to install on either the macs or on my server. If the user logs into a windows PC, they have access to everything they need on these shares. In the past I have had some issues with Macs and non windows clients communicating with file shares if the shares were hosted on domain controllers but that is not the case here and both the macs and file server are domain members.
If I reset the user’s domain password that password has to be used on the macs so I know that they’re authenticing and our web proxies and web filters see valid logon events from the macs hitting the DC’s for logon events which is how they associate traffic to users so I’m pretty confident that the macs are getting their authentication tokens properly.
I’m not sure of my next steps to even check, Apple support is no help. Granting full control of the share to this group is not a solution.
Any ideas?
.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've not had a chance to try the terminal command in the KB from schaps, I hope to on Wednesday. I think that the KB accurately describes the issue that I'm having.
Mark_V... - All updates are installed and their authentication seems to be working fine for the most part except for one other problem which I'll open a separate thread on. they can use shares on the file server where they have full access to the root level shares, but that is not the way 90% of our network is setup.
--Mark
Mark_V... - All updates are installed and their authentication seems to be working fine for the most part except for one other problem which I'll open a separate thread on. they can use shares on the file server where they have full access to the root level shares, but that is not the way 90% of our network is setup.
--Mark
If that does not help you, I'll try further.