Access rights of a Macintosh on a Windows share

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello

I have installed the UAM client to all our Macintosh clients. They can use
their AD credentials to access shares on a windows member server. I found
also out that I had to set a "Primary default group" in order for our MAC
users to have "better" access rights than those of the "domain users" group.

But even after changing the "primary group" of a MAC user and even after
assigning NTFS rights to the user directly, the share properties show only
"domain user" rights" (that meens "Read" rights only while he was allowed
"Modify" NTFS rights through a specific group set as primary and even
"Modify" for the user itself).

What is wrong ? Are the NTFS rights the correct way to set access rights for
MAC users or should I only define "Share" rights ?

Thanks for any reply
Nicolas
 
Nicolas Heyer said:
Hello

I have installed the UAM client to all our Macintosh clients. They can use
their AD credentials to access shares on a windows member server. I found
also out that I had to set a "Primary default group" in order for our MAC
users to have "better" access rights than those of the "domain users" group.

But even after changing the "primary group" of a MAC user and even after
assigning NTFS rights to the user directly, the share properties show only
"domain user" rights" (that meens "Read" rights only while he was allowed
"Modify" NTFS rights through a specific group set as primary and even
"Modify" for the user itself).

What is wrong ? Are the NTFS rights the correct way to set access rights for
MAC users or should I only define "Share" rights ?
Click to expand...

Hi Nicolas!

You're modifying rights on the server using ACLs (Access Control Lists)
and Macs don't support this... yet. Tiger, which will be released later
this month is suppose to be fully compatible with Windows ACLs.

Modifying the various properties of an object on the server side can
product bizarre permissions results on the Macs, which only understand
three levels of permissions: owner, group and everyone.

Share your Mac volume from the server then go to a Mac, log in as the
owner and set your permissions that way.

I typically make Administrators the owner. I put those who need
read/write access into a global group nested into a local group specific
to the volume and select that at the group for the volume and then set
Everyone to either read only or no access.

Hope this helps! bill
 
What OS are the clients running and are the Mac shares also Windows shares?

I ask because OS X clients can access Windows shares and will use those
permissions sets or they can connect using AFP and use the Mac (SFM)
permissions. This can get very complicated quickly as settings for AFP
(SFM) and Windows shares are not the same and clients may connect with
either. Installing the UAM does not guarantee that OS X clients will not
connect to Windows shares nor does it guarantee that they will not connect
to a Windows share if the same folder is shared to both AFP(SFM) and Windows
clients.

The easiest way to administer this is be sure the shares are Mac or Windows
only to avoid the multiple connection types.
 
Thanks a lot.

As you wrote it, I connected to the shares using an administrator account on
my MAC and set the rights from the MAC. I did it some days ago, tested it and
noone did complain til now. So I think this is THE solution.

Regards
Nicolas
 
Thanks

I did just share the Mac part und did exactly what William wrote in the
first answer and that seems to work.

REgards
Nicolas
 
Back
Top