MACs using Windows shares; permissions issues

Posted on 2013-01-03
Last Modified: 2013-02-24
Hello. Have a new location that is a mix of MAC and Windows, but mostly MAC. They have a Windows server (2012) that is hosting file shares. The MAC users need to be able to create, delete, edit, rename, etc. folders and files under these MAC shares. Currently, when using the Command + K to connect to the smb shares via smb://machinenamehere/sharename.  When prompted for credentials, we are entering the users windows network account name, like "deb" for example; and then her windows password. The issuse is that the MAC users are getting blocked from editing files, folders, etc. under the Windows share. Really need help getting this fixed; it is driving the client, and me mad!  Thanks for insight from those who have MAC/Win mixed environment experience.
Question by:StewartTechnologies
  • 6
  • 3

Expert Comment

ID: 38740708
You will need to modify the NTFS permissions on the Windows 2012 server. In your example make sure user Deb has MODIFY permission to the files/folders.

Other than editing the NTFS/Active Directory account it's not different from windows file share admin.

Hope that helps.

Author Comment

ID: 38740757
Hello. Thank you for the comment.  The user/users do have full access to the shares via the windows file sharing security /rights.  I agree that it should be no different than NTFS/AD shares and security, and yet, I am having these access issues.

Assisted Solution

s3e3 earned 200 total points
ID: 38740810
Check the Windows Server Event Log. Do you seen any errors you can share ?

I had to do the follow a while back however this was on a Windows 2008 server:

Disable SMB Signing

Microsoft network client: Digitally sign communications (always) set to disabled
Microsoft network server: Digitally sign communications (always) set to disabled

    Goto to the file server



    type gpedit.msc and hit OK

    Within GPEDIT go to Computer Configuration

    Windows Settings

    Security Options

    Local Policies

    Find the aforementioned policies in the right hand pane and set them to disabled
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.


Author Comment

ID: 38740851
Thank you again for this good info. I have already done this edit as part of my troubleshooting.  Keep those ideas coming!

Expert Comment

ID: 38740880
Make sure you reboot the windows server after the registry change.

Author Comment

ID: 38741035
My thought on this...
The issue appears to be the the Windows users are not passing thru (or vice versa) to the mac finder, connections. When attempting to rename a folder, for example; I am getting error "finder wants to make changes - type your password to allow this"  The prefilled username is not the users windows name but the mac machine name.  Even if I type in the windows name and correct password, I'm still not able to make the changes. Then, I get a "you don't have permission to rename the item <insert folder name here>" error.
LVL 13

Accepted Solution

Justin Pierce earned 300 total points
ID: 38744749
Hi Stewart,

   As I was reading your question I was swiftly taken back to the days of making tons of edits with file permissions and propagating them down from parent to child. Anyways, please read this Microsoft forum:

cverrier is the post that you are looking for. It is the second box down.

Your problem is most likely the permissions with the folders that your users are accessing, as well as the permissions with everything inside that folder. In short, it is not your Macs but the MS server that is the problem.

Hope this helps.

Author Comment

ID: 38745346
Hi MacGuy47.  Thank you for your comments / input. I have checked and rechecked the folder permissions and security.  I did review the link you sent, and I appreciate that info. I will double-check these details again, just to be sure.

I just want to stress that the errors are only occurring when Mac users are accessing shares. Those same user accounts (and others), when accessing the same shares via Windows PCs are not having any issues.

Author Comment

ID: 38745475
** update ** I may have had a break through here. I had always felt like the issue was that the AD permissions were not 'passing thru' to the MACs or vice-versa, and that's why the users were not able to edit/get to what they needed. I just didn't know how to explain that, or ask where those credentials go in a MAC 'mapping' to a windows share.

After getting NO help with Apple Care, I called in some MAC resources.  One of them suggested unbinding and rebinding the machines to the Active Directory. Once I got into this process, I realized that even though the 'bind' was showing a greeen dot, they were not really bound.  Once I unbound and rebound, then I was getting the active directory pass-thru I was expecting.  

See link here for general instructions on the binding.

Once I did that, it was looking better. Removed entry from keychain for the shared resource. Connected again. Didn't get prompted for credentials because they were coming thru from AD!!!  So, I think these permissions items are 95% resolved now. We could still have some minor issues, but that might be more closely related to MACguy47's posting.

Also, unrelated, but related to this, the weird ownership changes (another layer of an issues) I am seeing may be coming from a backup to a NAS device run from one of the MACs. Note the warning message highlighted towards the bottom of the first image. The second snip is the results / or 'unknown' account an it's permissions meddling.

Author Closing Comment

ID: 38923811
Thanks to all that contributed.
So, how did this all shake out?  We ended up getting Microsoft involved after days of not being able to resolve permissions issues. It turns out that Microsoft was also perplexed by our continued permissions issues and they are involved in trying to figure out what is going on. The server was decommisioned (and replaced with a MAC server), and Microsoft will be testing the 'troublesome server'. Right now, they are only saying it is 'unexpected behavior'. Seems to be related to migration from SBS 2003 to Server Essentials 2012. What a nightmare this was!

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
OfficeMate Freezes on login or does not load after login credentials are input.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question