PDA

View Full Version : OD AD Integration - Permission problems




jashley
Sep 23, 2013, 12:03 PM
Hello,

I work at a school that is about 80% Apple 20% Windows. For many years we have maintained separate directories. We have always had our windows clients mount the user's network home folder that resides on the Mac server. In the past I have attempted the "Golden Triangle" but have always had some issue or another...

Most recently, we upgraded our 10.6 server to 10.8. As of now, my mac clients are bound only to OD and they log in just fine and mount their network home folders and permissions are fine. HOWEVER, when a windows client logs in their home folder is mapped and they can explore only the root of the folder. They can not access the documents, desktop, etc...

I'm not sure if my problem is with Kerberos, NTLM, SMB, or what... I have tried to reset the permissions using Passenger.

Here is where I'm really going to show how little I understand, so, bear with me... It seems like, in the past, when an AD user account logged in with the same credentials as their OD user account, the permissions were delegated to the AD account and they had full access to their home folder on the Apple server. Is my problem related to the new SMBD protocol in use with 10.8? Can I solve my problems by setting up SSO with Kerberos? I have called Apple a few times on this, but, the techs I speak to can't really help me because the problem involves Active Directory users.

Any ideas?



alexrmc92
Sep 23, 2013, 07:52 PM
Hello,

I work at a school that is about 80% Apple 20% Windows. For many years we have maintained separate directories. We have always had our windows clients mount the user's network home folder that resides on the Mac server. In the past I have attempted the "Golden Triangle" but have always had some issue or another...

Most recently, we upgraded our 10.6 server to 10.8. As of now, my mac clients are bound only to OD and they log in just fine and mount their network home folders and permissions are fine. HOWEVER, when a windows client logs in their home folder is mapped and they can explore only the root of the folder. They can not access the documents, desktop, etc...

I'm not sure if my problem is with Kerberos, NTLM, SMB, or what... I have tried to reset the permissions using Passenger.

Here is where I'm really going to show how little I understand, so, bear with me... It seems like, in the past, when an AD user account logged in with the same credentials as their OD user account, the permissions were delegated to the AD account and they had full access to their home folder on the Apple server. Is my problem related to the new SMBD protocol in use with 10.8? Can I solve my problems by setting up SSO with Kerberos? I have called Apple a few times on this, but, the techs I speak to can't really help me because the problem involves Active Directory users.

Any ideas?


Are you saying you have two different directories with he same usernames and passwords?

Apple recommends you have all macs bound to AD, along with all windows clients (including the OD servers), as well as being bound to OD Then you kerberize the services of the Mac servers into AD (easy). This allows all users and groups to be managed in AD and all mac features with OD.