09-26-2011, 08:46 AM
Hey all, I'm hoping someone will be able to help me out with this problem with having in the school I work in. The problem is that our PLC students are able to not only access their own network folder, but that of all other PLC users.
We have a golden triangle setup, consisting of a Dell PowerEdge 2950 with Server 2008 R2, which hosts Active Directory as well as our DNS, DHCP and file services, and a Snow Leopard 10.6.7 Mac Mini with Open Directory.
The Mac Server is bound to AD, and all Mac Clients are bound to both AD and OD, AD for authentication and their remote shares + profiles, and OD for policies.
PLC Students are stored in AD under Users/PLC Students/#Class Group#/%username% (obviously, where Class Group is the name of whatever course their in, and %username% is the users login name, usaully first.last name)), and their Profile shares are mounted at \\ADSERVER\PLC_Home$\#Class Group#\%username% (which is actually L
PLC Home Folders\#Class Group#\%username%).
The share permissions are set to allow Everyone Read access, and Administrators Full Control, and the NTFS permissions are set to Inherit standard, default permissions from the root of the HDD. On a Windows machine, AD restricts the user to their own folder, but Snow Leopard seems to mount their network share at \\ADSERVER\PLC_Home$\ and ignore the rest of the profile path specified (yes, \\ADSERVER\PLC_Home$\ is the root shared folder)
This seems to be such a niche problem, I'm sure it probably has something to do with the NTFS permissions, but I'm stumped by it, and info on working Golden Triangle set-ups are flaky at best, so I hope someone can at least point in in the right direction to fixing this!!