Windows / SMB / AFP

Can someone please help me out with the best configuration for OSX Snow Leopard/Mountain Lion/Mavericks connecting to a Server 2008 R2 shares.

We have several machines running various levels of OSX connecting to a share on a Win 2008 R2 server. Most of the connections were historically AFP using ExtremeZ on the server. Most machines have been rebuilt, I've domain joined them and connecting via SMB.

We are having various problems with permissions right down to one particular odd issue this morning. One file on the server which had Domain Users and Everyone with Full Access, on a Mountain Lion workstation, the file was greyed out and couldn't be copied. After some messing about I got it to show on the mac with everyone as Read & Write, but it was still greyed out and refused to copy. Eventually somehow I got it working. This was connecting via AFP or SMB, I got the same results. Most of the files on the server have had the default Domain Users account removed and some custom groups applied. However bizarrely on the mac, there was a group called Staff and Admin which I could find no record of on the server. I was planning on going through all the files, reading Domain Users but I'm not sure if it's going to have any effect.

I need to find a best practise setup to alleviate all of these problems and find a stable platform so therefore keen on recommendations by others in the same situation

Many thanks

First off, Mavericks has a complete rewrite of SMB, whereas older versions used open sourced versions. Apple rewrote SMB from the ground up to be more seamless with Windows. Which is why using older NAS devices no longer work for both Windows and OS X unless the security is relaxed or SMB is set to use older version.

Staff is the built in group for Standard users in OS X. Wheel being the built in Admin group. and Admin being a user not a group.

You might try viewing the permissions from the Terminal versus the Finder as I don't think the Windows ACLs are correctly displayed in the Finder.

ls -le

Should get you the ACL of the directory contents.

Thanks for the reply. I'll test that next week. At the moment I need to ensure I have everything setup correctly and therefore curious as to the best setup with this environment.

I need to find a happy medium with OS. Would like to obviously using Mavericks across the board but I think I had some issues even putting Mountain Lion on some of them, maybe Lion might be an option.

Then I need to work out the best connection method. Obviously loads of posts online about SMB being slow and tweaks to make. What's the best method and if necessary tweaks? Should they be domain joined and using network accounts or stay standalone? Once I have all this sorted and setup correctly, I feel I can then start to look at what's going on with the permissions.

ExtremeZ-IP was installed before my time to fix the file access issue on the Win Server but I think SMB hadn't been tried. They had file permission problems before Extreme and still there after.

All very odd because I know of somebody else with similar setup and never had issue so it's trying to dig out the root cause of the problem which is proving difficult.

Actually, as of Mavericks 10.9.2 I think, SMB2 is the default connection protocol now, replacing AFP.

Yep unfortunately some of the macs won't take Mavericks, won't even take Mountain Lion