MACs using Windows shares; permissions issues
Hello. Have a new location that is a mix of MAC and Windows, but mostly MAC. They have a Windows server (2012) that is hosting file shares. The MAC users need to be able to create, delete, edit, rename, etc. folders and files under these MAC shares. Currently, when using the Command + K to connect to the smb shares via smb://machinenamehere/shar
ASKER
Hello. Thank you for the comment. The user/users do have full access to the shares via the windows file sharing security /rights. I agree that it should be no different than NTFS/AD shares and security, and yet, I am having these access issues.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you again for this good info. I have already done this edit as part of my troubleshooting. Keep those ideas coming!
Make sure you reboot the windows server after the registry change.
ASKER
My thought on this...
The issue appears to be the the Windows users are not passing thru (or vice versa) to the mac finder, connections. When attempting to rename a folder, for example; I am getting error "finder wants to make changes - type your password to allow this" The prefilled username is not the users windows name but the mac machine name. Even if I type in the windows name and correct password, I'm still not able to make the changes. Then, I get a "you don't have permission to rename the item <insert folder name here>" error.
The issue appears to be the the Windows users are not passing thru (or vice versa) to the mac finder, connections. When attempting to rename a folder, for example; I am getting error "finder wants to make changes - type your password to allow this" The prefilled username is not the users windows name but the mac machine name. Even if I type in the windows name and correct password, I'm still not able to make the changes. Then, I get a "you don't have permission to rename the item <insert folder name here>" error.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi MacGuy47. Thank you for your comments / input. I have checked and rechecked the folder permissions and security. I did review the link you sent, and I appreciate that info. I will double-check these details again, just to be sure.
I just want to stress that the errors are only occurring when Mac users are accessing shares. Those same user accounts (and others), when accessing the same shares via Windows PCs are not having any issues.
I just want to stress that the errors are only occurring when Mac users are accessing shares. Those same user accounts (and others), when accessing the same shares via Windows PCs are not having any issues.
ASKER
** update ** I may have had a break through here. I had always felt like the issue was that the AD permissions were not 'passing thru' to the MACs or vice-versa, and that's why the users were not able to edit/get to what they needed. I just didn't know how to explain that, or ask where those credentials go in a MAC 'mapping' to a windows share.
After getting NO help with Apple Care, I called in some MAC resources. One of them suggested unbinding and rebinding the machines to the Active Directory. Once I got into this process, I realized that even though the 'bind' was showing a greeen dot, they were not really bound. Once I unbound and rebound, then I was getting the active directory pass-thru I was expecting.
See link here for general instructions on the binding. http://www.trainsignal.com/blog/join-mac-to-windows-domain.
Once I did that, it was looking better. Removed entry from keychain for the shared resource. Connected again. Didn't get prompted for credentials because they were coming thru from AD!!! So, I think these permissions items are 95% resolved now. We could still have some minor issues, but that might be more closely related to MACguy47's posting.
Also, unrelated, but related to this, the weird ownership changes (another layer of an issues) I am seeing may be coming from a backup to a NAS device run from one of the MACs. Note the warning message highlighted towards the bottom of the first image. The second snip is the results / or 'unknown' account an it's permissions meddling.
LaCieDevice.PNG
DenyAccount-Marked.PNG
After getting NO help with Apple Care, I called in some MAC resources. One of them suggested unbinding and rebinding the machines to the Active Directory. Once I got into this process, I realized that even though the 'bind' was showing a greeen dot, they were not really bound. Once I unbound and rebound, then I was getting the active directory pass-thru I was expecting.
See link here for general instructions on the binding. http://www.trainsignal.com/blog/join-mac-to-windows-domain.
Once I did that, it was looking better. Removed entry from keychain for the shared resource. Connected again. Didn't get prompted for credentials because they were coming thru from AD!!! So, I think these permissions items are 95% resolved now. We could still have some minor issues, but that might be more closely related to MACguy47's posting.
Also, unrelated, but related to this, the weird ownership changes (another layer of an issues) I am seeing may be coming from a backup to a NAS device run from one of the MACs. Note the warning message highlighted towards the bottom of the first image. The second snip is the results / or 'unknown' account an it's permissions meddling.
LaCieDevice.PNG
DenyAccount-Marked.PNG
ASKER
Thanks to all that contributed.
So, how did this all shake out? We ended up getting Microsoft involved after days of not being able to resolve permissions issues. It turns out that Microsoft was also perplexed by our continued permissions issues and they are involved in trying to figure out what is going on. The server was decommisioned (and replaced with a MAC server), and Microsoft will be testing the 'troublesome server'. Right now, they are only saying it is 'unexpected behavior'. Seems to be related to migration from SBS 2003 to Server Essentials 2012. What a nightmare this was!
So, how did this all shake out? We ended up getting Microsoft involved after days of not being able to resolve permissions issues. It turns out that Microsoft was also perplexed by our continued permissions issues and they are involved in trying to figure out what is going on. The server was decommisioned (and replaced with a MAC server), and Microsoft will be testing the 'troublesome server'. Right now, they are only saying it is 'unexpected behavior'. Seems to be related to migration from SBS 2003 to Server Essentials 2012. What a nightmare this was!
You will need to modify the NTFS permissions on the Windows 2012 server. In your example make sure user Deb has MODIFY permission to the files/folders.
Other than editing the NTFS/Active Directory account it's not different from windows file share admin.
Hope that helps.