Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

XServer in an AD Land

  The requirements are easy; just provide a resource that the Mac crew can
work off of, down the road mebbe even with gigabit connections on VLAN;
Reliable; and allow PC users to work off it, too.  Sounds easy enough.
Well...

  At first, I could not get the XServe to read the AD at all, even after
being bound.  Only by finding a great reference at www.afp548.com did I
learn to have to manually edit the smb.conf file to get it to happen.
Changing settings in Server Admin wipes this out, of course, but after a
couple tries it took.

  Then it saw users, but not groups... At first.  Obliterated the
Prefs/DirectoryServices folder and started again.  Then they started coming
down.  The AD updating is not unlike what we have with windows AD.  Slow.
But at least it took this time.  Bind, Unbind, bind, ...

  Initially, I left the group rights to staff, and owner admin.  Everyone
was set to R/W, and sure enough, everyone from the AD could access as well
as write.  OSX clients were set to connect via SMB (as their IT admin want
to do away with AppleTalk (is this possible?)).

  I then find out that they want only a select group to write, the others to
have RO.  Ok, so I make a global security group in the AD called MADRW.  The
dozen or so folks are added in.

  On the XServer WGM sharepoint, I've set the owner as admin, group as
LPDOMAIN\madrw (MADRW has only those allowed to write to the shares), and
everyone has RO.  Now, no one can write to them...  We can all mount them,
see them, peruse them, but that's it.  AFP or SMB, same result.  But again,
they want to do away with AFP here.

  Using native (netinfo/local) afp login, different from AD name; to a
different, non-AD shared sharepoint (owner admin, group staff, everyone RO),
I can attach, write, delete, etc. No probs.  Stupid AD.

  Heading back to the client site now (after biz) to see what else I can
try.

  How can you be sure group rights from the AD are being xferred to the
sharepoint?  

  Do you inherit from parent, or assign specifically at the WGM settings for
AFP, SMB, etc.?

Thanx,
Gunnar

-- 


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.