dcxman 0 Posted January 13, 2004 Morning all. I know, I know, why am I dealing with Macs. Well, Apple, to say the least has their foothold in a niche market where for the media industry they are king. That being said I have some macs running on my Win2K/Win2K3 network and have not had the time to adjust my Schema containers in order to accomodate the Macs from authenticating directly against my AD through my Mac OS 10.x server. My issue lies with creating "Drop Box" folders on my Win2K server and having the Macs understand just the "write" permission. I've tried everything from just selecting the "write" permission check box alone to giving modified and full permissions and then denying them "read" in the sub-permissions sets under "advanced." I set it up awhile back where the drop boxes were successful on the Mac (so I know it is possible), but stoopid me, I did not bother at the time to add it in my knowledge base as to how I did it. I'd much appreciate the refresher. Thanks to all in advance as always. Share this post Link to post
clutch 1 Posted January 13, 2004 When you set it up before, were you using AppleTalk or SAMBA? If you are using SAMBA now, it could be what is giving you issues. The newest OS from Apple has (or will have soon) an integrated AD client added to its LDAP support which should make all of this seemless. In addition, the schema mods will not be necessary unless you are looking to manage the Macs via Group Policy in your AD environment. I guess what I don't understand is what your ultimate goal is. Are you looking to create a directory on the server, manage it from the server, and then allow for write only (to protect doc confidentiality between the clients)? If so, the SAMBA client should allow for this if NTFS permissions are set on the directory, as the share can have whatever it wants listed, but the server will only give back what is permitted. This should address the limitations of the client. I am not sure at what level you were applying your previous Write Only permissions. I don't have the Mac anymore to test this, but the AD client seemed fine (we were beta testing it) with resolving this, and SAMBA in Linux performed similarly. Share this post Link to post
dcxman 0 Posted January 14, 2004 You're right on your first guess. I am using AppleTalk (Macintosh services running on Windows server) in order to setup a file share server for both a Windows 2000/XP and MacOS 9.x/10.x network. I've setup SAMBA as well in testing awhile back as well and whole heartedly agree it works great handling Windows file shares from a MacOS 10.x client. But I get into trouble using it on a MacOS 9.x client (which I'm stuck with because of hardware restrictions). What I'm trying to do is to create a secure file share on the Windows server using AppleTalk (along with UAM5), which MacOS 9.x understands, for the client along with a "Drop" Folder which colleagues of him/her could use in order to drop items in without changing the contents of the folder after their items have been dropped in. LOL, so in short yes, I am trying "to create a directory on the server, manage it from the server, and then allow for write only (to protect doc confidentiality between the clients)." AppleTalk is pretty good at the basic top level permissions such as read, modify and full control. Other than that if you try to choose just "write" on the top level set of permissions, the share fails as will indicate on the Mac client (both OS's) that "you do not have enough permissions to modify this folder" when you try to save to the drop box folder. I've tried other possible combinations of the top level permissions along with the sub-sets using the "deny" on some choices as well to no avail. I remember I did have some sort of combination of permissions set that worked but for the life of me I can't remember. I would appreciate greatly if someone had that combination. I would promise to write it down this time. Btw, I have both the new full retail Panther client and server. AD works seemlessly as Apple promised. I just wish I had the hardware for all my clients to be able to run it. Oh, to be in a perfect world where management would buy new hardware at the drop of a hat. Thank you Clutch for the response. And thanks in advance to any other reponses to follow. Share this post Link to post
maverik_john 0 Posted January 29, 2004 I'd also like a review I have Win2K server and I create folders in a student directory for classroom use, all the tech spec kids can put files in their folder... but sometimes I want to make the folder into a "drop folder" so they can put stuff in but not mess with other student's work. I tried creating the folder and giving the students write permissions which I was sure worked back when I had NT server.... but no such luck... when I try from a mac it tells me that I can add but not see files, and when I agree and try to add it tells me I don't have the right to modify this folder.... so if anyone else knows the magic combination of rights as well... I'd be thankful for it as well. Thank you Share this post Link to post