Jump to content


Photo
- - - - -

Windows 2008 R2 Domain Controller Share


  • Please log in to reply
3 replies to this topic

#1 Ken White

Ken White

    Member

  • Member
  • 2 posts

Posted 25 August 2010 - 08:39 PM

OS: Windows 2008 R2 Standard
Domain Controller: YES
Project: Upgrade from 2003 R2 to 2008 R2 Standard & Enterprise
Users: Windows XP Pro, Windows 7 & MAC OS 10.5.8 and up
WIN 2008 Server Firewall : DISABLED for all roles/locations


We just upgraded one of our schools file servers to 2008 R2 from 2003. As a standalone server, MAC users are able to connect via SMB://servername and access shares and resources normally. After upgrading to a Domain Controller users now receive errors accessing ANYTHING.. WE have dropped permissions all the way down to EVERYONE full access on both the share and the NTFS permissions with no luck. PC Users are not having any trouble. It only affects MAC's and ONLY when the system is promoted to a DC from all of the testing..

Have already modified the following GPO's:

Allow Cryptography Algorithms Disabled - ENABLED
LDAP Server requirements - NONE
Network Security: LAN Manager auth level - Send LM & NTLM Responses
Digitally sign communications (always) - DISABLED
Digitally sign comminications (if client agrees) - DISABLED

Domain Member:
Digitally encrypt or sign secure channel data (always) - DISABLED
Digitally encrype secure channel data (when possible) - DISABLED
Digitally sign secure channel data (when possible) - DISABLED

------------------------------------------------------------------------------------

Nothing seems to be working.. I need HELP ASAP as school starts in two weeks. We have a mixed environment of MAC (2000 clients) and PC (2200 clients). What should be set on DC's / AD to ensure we have no trouble with MAC's and what needs to be done to fix this FILE Share problem.

#2 Ping

Ping

    Pat Says...

  • Elite
  • 16 posts
  • Gender:Male

Posted 30 August 2010 - 06:44 AM

If you have set folder permissions as "Everyone" then its explicitly set as 'every domain user' - since your Mac client's are not on your domain (unless you have some sort of federation setup) you wont be able to connect (atleast thats the way I figure).
Can you not try connect to the file server and use stored credentials in your keychain?

#3 Ken White

Ken White

    Member

  • Member
  • 2 posts

Posted 30 August 2010 - 09:32 AM

I should have mentioned ALL of our MAC's are bound to active directory and authenticate correctly. We have many other servers that are Windows 2003 which utilize the Domain Users and other security groups with no Trouble. This ONLY occurs on Windows 2008 R2 DC's. If the servers are demoted from a DC to a member server (2007 R2) folder permissions work correctly. I tried opening up the share and the NTFS permissions to Everyone on both sides with no luck.

#4 Ping

Ping

    Pat Says...

  • Elite
  • 16 posts
  • Gender:Male

Posted 08 September 2010 - 06:05 AM

Is anything being logged? Do you have Auditing enabled - is a failed logon being recoreded in the security log or in FS application log?

You're not sharing files via DFS are you?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users