10.7.4 AFP bound to 10.6.8 OD for Network home?

Similar Messages

• AFP Network Home Question

  I have an Xserve and RAID set up for Network Homes shared over AFP, i need to login as the root on that box, if I log out will people who are connected be disconnected?

  If you login and then logout of the server users should stay connected. I do this all the time.

• Stumped on AFP network home directories.

  Heyo,
  Been RTFMs on File Services, User Management and Open Directory. Also looked in www.AFP548.com but didn't find anything helpful.
  We have a mixed environment and windows users aren't having any problem with network domain logins or using smb shares. Mac clients can mount the network shares with afp but network homes are a no go.
  Made the changes needed for the firewall and tried it with the firewall off just to be sure.
  The /Home share is automounted (not using the default /Users).
  Guest access is on in Sharing and AFP.
  Network Mount for /Home is set to Enable network mounting, AFP and User Home Directories.
  SMB Windows Homes are in the same directory and run without problems.
  Directory Access on the Client saw the server and looks ok.
  Only ref. I can find for the login attempt is under Open Directory Password Service Server Log:
  Apr 23 2006 16:42:31 RSAVALIDATE: success.
  Apr 23 2006 16:42:31 USER: {0x00000000000000000000000000000001, netadmin} is the current user.
  Apr 23 2006 16:42:31 AUTH2: {0x00000000000000000000000000000001, netadmin} CRAM-MD5 authentication succeeded.
  Apr 23 2006 16:42:31 QUIT: {0x00000000000000000000000000000001, netadmin} disconnected.
  and OD LDAP log:
  Apr 23 16:42:31 ci slapd[81]: bind: invalid dn (netadmin)\n
  Nothing in the AFP log.
  Any thoughts on what I should try or something obscure I may have missed when setting up MacOS client network home directories with AFP?
  Thanks
  Mitch
  Server: 10.4.6
  Workstations: 10.4.6

  Getting closer.
  Kerberos wasn't running and the ODM wouldn't Kerberize.
  This thread sorted out the issue:
  http://discussions.apple.com/thread.jspa?messageID=2186542&#2186542
  Kerberos is running now but still canna login for mac clients.
  hostname and sso_util info -g both resolve properly.
  but when i run:" slapconfig -kerberize diradmin REALM_NAME "
  all looks good until the command (with the proper substituions)
  "sso_util configure -r REALM_NAME -f /LDAPv3/127.0.0.1 -a diradmin -p diradmin_password -v 1 all"
  automatically runs and I get a list of:
  SendInteractiveCommand: failed to get pattern.
  SendInteractiveCommand: failed to get pattern.
  SendInteractiveCommand: failed to get pattern.
  and "sso_util command fialed with status 2"
  the sso_util command by itself spits out
  Contacting the directory server
  Creating the service list
  Creating the service principals
  kadmin: Incorrect password while initalizing kadmin interface
  SendInteractiveCommand: failed to get pattern.
  kadmin: Incorrect password while initalizing kadmin interface
  SendInteractiveCommand: failed to get pattern.
  kadmin: Incorrect password while initalizing kadmin interface
  SendInteractiveCommand: failed to get pattern.
  etc...
  even though the login/pass are good
  any thoughts on what i should check or where i should go next?
  Thanks
  Mitch
  iMac G5   Mac OS X (10.4.6)  
  iMac G5   Mac OS X (10.4.6)  

• SL bound clients can't logon Lion Server network accounts

  Sorry if this has been covered or resolved elsewhere elsewhere, if so please point me in the right direction!
  I posted this in a different thread and it was suggested this one would be more helpful.
  I've spent all day with a new mac pro with Lion Server installed trying to set up a small network. Created an OD Master (from the Server App) then used WGM to make accounts. From the Server app I'd created sharepoints (where has File Sharing gone in Server Admin?) one of which was enabled to be used as home directories for which I configured back in WGM. I then bound SL clients computers to OD making sure there were no hypens in the computer names and allowed all network users to logon onto the machine as well as adding the Lion servers IP address as a DNS record.
  The problem is, I go to logon with the network account and it starts to logon, i.e the icon expands rather than shakes then stops with the not very informative error  "Cannot log you on because an error occurred".
  The bound clients appear in WGM. The user accounts look ok. I've not enabled SSL on anything. This is really frustrating.
  Any help much appreciated.
  Regards,
  Evan

  Sorry if this has been covered or resolved elsewhere elsewhere, if so please point me in the right direction!
  I posted this in a different thread and it was suggested this one would be more helpful.
  I've spent all day with a new mac pro with Lion Server installed trying to set up a small network. Created an OD Master (from the Server App) then used WGM to make accounts. From the Server app I'd created sharepoints (where has File Sharing gone in Server Admin?) one of which was enabled to be used as home directories for which I configured back in WGM. I then bound SL clients computers to OD making sure there were no hypens in the computer names and allowed all network users to logon onto the machine as well as adding the Lion servers IP address as a DNS record.
  The problem is, I go to logon with the network account and it starts to logon, i.e the icon expands rather than shakes then stops with the not very informative error  "Cannot log you on because an error occurred".
  The bound clients appear in WGM. The user accounts look ok. I've not enabled SSL on anything. This is really frustrating.
  Any help much appreciated.
  Regards,
  Evan

• AFP logon window takes 60 - 90 seconds for remote users

  We have a 10.4.11 server running AFP and multiple other services. About 25 users connect to the AFP sharepoints via the internal network and the login window appears immediately. Another 25 users connect through a hardware VPN from another office and their login screen appears immediately as well. We have another set of 25 users who connect directly over the internet, and only recently, it is taking 60 - 90 seconds for the logon window to appear. Once it does appear, the connection runs at normal speed.
  It makes no difference whether the address is specified as FQDN or IP address. I've tried turning off Bonjour, and adding the host domain name to the search domains, but this made no difference either.
  This problem did not exist until recently. It may have been about the same time as the 10.5.4 update, but I can't be sure.
  Also, our ISP is known to play with "Shaping" although we did have AFP set to high priority and Port 548 is not restricted.
  Is there another service that Apple uses to bring up the logon window? If so perhaps our provider is restricting bandwidth on that.
  - Tim

  This problem related to AFP requesting a "Service Record" first and waiting until that timed out before requesting the "A" record for the site. It seems to be an issue with OS X 10.5.4 and OpenDNS. Hopefully they will sort it out soon.

• String index out of bounds... issue regarding checking for non-integers

  okay. i have been racking my brain about this for the last couple of days. i looks like everything is alright, but i keep getting string index out of bounds exception: string index out of range 1.
  heres the code.
                 for(int x=0; x<size; ++x)
                      count=x+1;
                      System.out.println("Please enter value #"+count+(":"));
                      numnum=console.nextLine();
                      if(Character.isDigit(numnum.charAt(x)))
                           goodInput=true;
                      if(!goodInput)
                           System.out.print("Please Enter Only Integers!");
                      else
                           values[x]=Integer.parseInt(numnum);
  its probably something really stupid, but if someone can figure this out, id be most grateful.
  -thanks

  Be sure values contains data.
  Then make sure that size = values.length
  Either you don't have any data to iterate through, or the size variable is too big. So it's trying to search in parts of the array that don't exist.

• Attribute "xmlns" bound to namespace was already specified for element

  I get the following error message when validating the googleSearch process:
  main:
  [bpelc] [Fatal Error] :9:10: Attribute "xmlns" bound to namespace "http://www.w3.org/2000/xmlns/" was already specified for element "definitions".
  [bpelc] BPEL validation failed.
  [bpelc] BPEL source validation failed, the errors are:
  [bpelc]
  [bpelc] [Error]: CompilationError
  [bpelc] [Description]: in line 0 of "bpel.xml", Failed to read wsdl.
  [bpelc] Error happened when reading wsdl at "D:\orabpel1\samples\demos\ParallelSearch\GoogleSearch\GoogleSearch.wsdl", because "WSDLException: faultCode=INVALID_WSDL: Invalid XML in document: Attribute "xmlns" bound to namespace "http://www.w3.org/2000/xmlns/" was already specified for element "definitions".".
  [bpelc] Make sure wsdl exists at that URL and is valid.
  [bpelc] .
  [bpelc] [Potential fix]: .
  [bpelc] .
  BUILD FAILED: D:\orabpel1\samples\demos\ParallelSearch\GoogleSearch\build.xml:34: Validation error
  Total time: 1 second

  This is most likely a bug. I thought it was fixed in 0.9.10. Which version of the BPEL designer are you using? Could you please send us a list of steps to follow to reproduce it so that we can open a bug and track it down?
  Work around:
  for now, please manually add a prefix to the BPEL process for the google namespace and then import the partnerlink. (the designer will not try to guess a prefix and you will not run into this problem.
  Thank you,
  Edwin

• Access AFP, email, Remote Desktop via VPN and local network but NOT web

  How can I do this? Right now I can set up all these services where I can access them via VPN only, but not on the local network or via the web. If I want to access them via the local network I have to open up the ports in the firewall, however this opens up access via the web (not requiring VPN) which I do NOT want. How do I remedy this?

  How can I do this? Right now I can set up all these services where I can access them via VPN only, but not on the local network or via the web. If I want to access them via the local network I have to open up the ports in the firewall, however this opens up access via the web (not requiring VPN) which I do NOT want. How do I remedy this?

• AFP going away? Not being supported

  I am hereing rumors that the New Mac OS 6 will not support AFP anymore, and that other network servers such as windows and novell will not as well. Is this true?
  Message was edited by: ptirado

  What's "Mac OS 6"?
  Do you mean Mac OS X 10.6 (aka 'Snow Leopard')?
  If so, you are, indeed, mistaken. AFP hasn't gone away, and there's no talk of it either - at least that I'm aware of. It's still the preferred format for network home directories.
  Therefore, whatever sources you're reading/hearing from are either misleading, or you're misinterpreting what they're saying.
  Maybe they're talking about AppleTalk, the old network protocol which has been defunct (or at least dying) for years. That's a whole different kettle o' fish and not related to Apple Filing Protocol (AFP). Pretty much the only AppleTalk-based devices you'll find are 1990's-era printers. Everything else moved to Ethernet years ago.

• How do i create a single sign on environment from scratch?

  setting up a single mac mini 10.6.6 server in a small law firm and want to create a sso environment from scratch. i have currently got everything working fine as an open directory master, but every reference to sso that i can find, talks about joining an existing sso environment, or joining ad, creating a triangle, but never a stand alone od master to create the sso. am i missing something, or is it not possible or practical to do in such a small office with just a few users?
  thanks for any help understanding this.

  i appreciate your input Rikakiah, although i am glad i don't have to pronounce your alias out loud
  anyway, that's starting to sound like something i might want to try, because so much of what i want to do is not really working the way i'm doing it. it had crossed my mind, but wasn't sure i was going to avoid problems by using network home folders instead of mobile accounts. at this point, i have only one of the four workstations bound to the server, which was purchased as a mac mini snow leopard server with the dual internal drives, and was set up as a mirrored raid with the 2 internal 500 gig drives.
  i am seeing what seems to me like some odd behavior with network accounts working with the log in screen (all the users show up in the log in screen properly as network accounts, but only one account, the one that matches exactly the local account user name and password and allows log in) and auto mounting group shares are not seeming to work at all. what seems odd, is that management of the local account seems to be working great, and has merged management with the local account. the user still has all their existing documents and settings, but i can see that the things like the control panels i locked them out of are grayed out. so to be try to be clear here, i have 4 network accounts set up in wgm, and on the log in screen, i see 3 network accounts with the typical network user icon, and what looks like the original account with the original icon. i can only log in using that account, but when i get in there, it's managed ok. i expected to see the original local account and 4 network accounts, but evidently using the same user name on the server as the local account caused this. when i try to log in with one of the other network accounts, the login screen shakes it head no.
  for the record, from another post talking about network log in issues, on the local system, setting System Preferences>Accounts>Login Options>Allow network users to log in at login window>Options>Only these network users: can mess this up, but my settings there are fine, since i had never messed with that. it says "allow all network users" or something like that.
  here's what i am trying to get to: auto mounting group shares and single sign on for afp group folders and ichat, and as you said to allow the users to move around from workstation to workstation as needed. as you know, there's a myriad of settings to make this all happen. i don't see how anyone can help me fix the 2 things that aren't working, unless i give a long winded explanation of what my settings in workgroup manager and server admin are, so here goes…
  i have dns and open directory running fine, a static map of ip addresses so that i can do authenticated directory binding, which seems great so far. in wgm, i have under preferences / computer list the one computer i have bound - computername$ and under window checked always, heading - directory status, list of users, show local users, network users, computer administrators, and other. under options checked always, enable fast user switching, computer administrators may refresh or disable management, and start screen saver after 5 minutes. under access checked always, clicked the gear button once which caused network users - allow - * to appear in the access control list, local only users may log in, local only users use available workgroup settings, and combine available workgroup settings. scripts and items have never checked.
  then for workgroup folders to auto mount, i have set afp auto mounts for each of my 2 groups, partner admin and support staff in server admin / afp. under accounts / groups / support staff / group folder, the support staff auto mount is selected, and the user i am working with is obviously a member of that group under the members tab. finally, under preferences / groups / support staff / items, always and add group is checked and the support staff volume shows up in the list. authenticate selected share point with user's login name and password is grayed out and not checked, and merge with user's items is grayed out and checked. i'm not sure what i am missing to get auto mounting group folders here. btw, the user can for sure log into the group folder with the same user name password that she logs into the workstation with, if she does so manually under the go / connect to server menu.
  oh, and ichat seems to work as expected. she gets sso there! sweet!
  if i do end up trying to go for network home folders, (i would like to see auto mounting group folders working first, before i try) i found something that looks like a no-brainer to add to the mix…
  http://tools.mconserv.net/NHR.html
  thanks everyone for your interest in helping me deploy this server.

• Lion client can connect ONCE to SL server...

  I've been running a small network of about 30 macs (largely iMacs) for a few years now.  Server is 10.6.8, most clients are 10.6.8 as well, with a couple 10.5.iforget.  I haven't really had many issues.  However, we just added a few more computers and (of course) they are running Lion.  Out of the box, they wouldn't even seem to see my server until I upgraded to 10.7.4.  However, now, I can log in with a network account when I first boot up.  If I log out and try to log back in with ANY network account, I get "Unable to login to account X at this time".  Restarting the computer allows me to log in.  I can't seem to see anything in the logs that would indicate a problem, but I'm also not exactly sure which logs or lines to really be focusing on.
  Another issue is that after binding the Lion client, the computer does not show up in WGM.  I have the 10.7 Server Admin tools installed on the Lion clients.

  Idon't see why not I'm running SLS od master and lion od master (has to be for profile manager)
  The lion server is bound to the SLS (without password) and gets my users and groups from the SLS
  I also have lion clients managed by SLS using PHD I'm not seeing the problems your getting
  Does it make a difference if you wait a minute or so before logging in again
  Do you have the same problem with none loin network accounts
  Are your network homes AFP
  Sounds like lion can't find your network home when you re login

• You are unable to log in...; Network Home directories; 10.4 & 10.5 Servers

  I have a solution!
  Note: this is a new post because all previous posts dealing with this topic have been archived, MANY without an answer.
  Problem:
  Users with Network Home directories can't log in. After entering their correct username and password, the following error message appears:
  "You are unable to login to the user account 'username' at this time. Logging in to the account failed because an error occurred."
  Problem occurs with v10.5 Leopard client attempting to login to a Network Home directory hosted on a v10.4 Tiger server.
  _Significant Troubleshooting Symptom:_
  Client mac Console log (all Messages) contains the following entry at the time the user attempted to login to their Network Home directory:
  authorizationhost[509] ERROR | -[HomeDirMounter
  mountNetworkHomeWithURL:attributes:dir:Path:username:] |
  PremountHomeDirectoryWith Authentication( url=afp://server.example.com/Homes, homedir=
  /Network/Servers/server.example.com/Volumes/ServerHardDisk/Homes/username,
  name=username )
  returned 2
  _Computing/Network Environment:_
  v10.5 Leopard server doing: DNS; Open Directory with Kerberos for Single Sign-On; AFP for half of all users' Network Home directories.
  v10.4 Tiger server doing: AFP for the other half of the Network Home directories. Also, note that Open Directory is not running on this server, BUT IT IS CONFIGURED (using Server Admin) as "Connected to a Directory System" and has joined the Kerberos realm on the v10.5 Leopard server.
  v10.5 Leopard clients.
  Solution:
  v10.5 User Management manual
  http://manuals.info.apple.com/enUS/User_Managementv10.5.pdf
  says share points for Network Home directories have to have Guest Access ENABLED. See step 5 on page 117 and step 12 on page 118. Note that these are two different settings, but seem consistent with each other.
  I had followed/complied/set Guest Access according to steps 5 (page 117) and 12 (page 118) on BOTH the v10.5 Leopard AND the v10.4 Tiger servers. The solution that allows users to log on normally is:
  Uncheck/disable Guest Access (as set in step 12 page 118) for the v10.4 Leopard server only. Leave "Share this item using AFP" checked. Uncheck "Allow AFP guest access."
  The above worked for me. Your milage may vary. If anyone knows how to report this to Apple for fixing in the server software and/or clarification in User Management manual, please do. If anyone knows that this solution "breaks" other stuff, please post back.

  Other posts that dealt with this same issue and other potential solutions:
  http://discussions.apple.com/thread.jspa?messageID=5700241&#5700241
  http://discussions.apple.com/thread.jspa?messageID=5784186&#5784186
  http://discussions.apple.com/thread.jspa?threadID=1215039&start=0&tstart=0
  http://discussions.apple.com/thread.jspa?messageID=9204496&#9204496
  http://discussions.apple.com/thread.jspa?threadID=1522353&start=0&tstart=0
  http://discussions.apple.com/thread.jspa?messageID=10226660&#10226660

• Portable Home Directories in 10.8 Server?

  I have a Mac mini Server running 10.6.8. Now that 10.8 is out, Apple will probably stop supporting 10.6 (as is their policy) and that means either slowly eroding security or moving to 10.8. I have been looking at the documentation and it seems underneath it all is still by an large the same basic unix-stuff like postfix, dovecot, a dns system, etc. Giving the lack of support for GUI-managing the more complex setups, I'll probably be doing it command-line (stuff like multiple virtual mail domains, multiple web domains, etc.). Not fun (and a business opportunity for some enterprising software engineer).
  But what I haven't been able to see in the documentation or anywhere else is Portable Home Directories. In my current setup, I have a 10.6.8 Server and 10.7 clients. On these clients is a single local administrator acocunt and the rest are 'managed mobile accounts'. These are local acocunts. They work when away form the network on which the server is, but when in range of the server, the server may push settings and stuff. And on login/logout and when connected to the LAN and during work, the home directory of the user is constantly synchronized with a copy of the user's home directory on the server. This means my users can take any computer and get their own account and a synchronized copy of their home directory. They can also take a laptop off line for a while and when they return to my LAN (either physically or by VPN), any changes will be synced. This is a sweet setup and it works with 10.7 clients and 10.6.8 server.
  But what I haven't been able to find if this will still work with 10.8 Server. I have looked at teh 10.8 Server documentation and haven't found anything about it. Will it still work somehow and if not, is there a good alternative?

  Gerben Wierda wrote:
  Or: you create the users anew in the network directory, you replace their home directories with the content of what is on the MacBook (TDM is your friend) and do the chmod. Easier still.
  That way, I suggest the migration in that way; because, you can test everything out before the data gets moved over. There's nothing like something going wrong in the setup/migration, and you have to do it all over again.
  Kirk, you can always put the Home directories/folder on an external. But if you do, you'll probably want to run this command in Terminal:
  sudo defaults write /Library/Preferences/SystemConfiguration/autodiskmount AutomountDisksWithoutUserLogin -bool YES
  That sets the system-wide setting to mount external HDs on startup. The default behavior  in OS X, probably around 10.3 onward (but Apple may have flip-flopped on this), is to mount externals on user GUI-login, not on startup like internal HDs. The default behavior is a huge problem with network users, whose home directories reside on the external, since the external on GUI login often mounts "too late" and new "phantom" home directories are created (along with warning messages that the home directory can't be found) and you sometimes get duplicate mount points. In short, the default behavior creates a bit of mess. To spare you some frustration, run that command, which will mount the externals on startup, so the home folders are always available.
  It's also handy if you plan on creating other shares on the external; it prevents some flaky behavior.
  Gerben's "general description" can be applied to Lion and Mountain Lion, although with Mountain Lion you have fewer tools, and you'll often be working in Server.app rather than some of the older tools like Server Admin.
  Again, basically you need to:
  (1) Setup file sharing, where you designate a directory/folder as a share to hold the network home directories. On the default install, Apple makes /Users a share, and you could (similar to what Gerben did) use that to hold not only local accounts' but also the network accounts' home directories. In that setup all users' home directories reside in the same place. All you have to do then is check the box "Make available for home directories over" and leave "AFP". See below; note the very last checkbox; that needs to be checked:
  I preferred to keep the local and network users separate, so I actually use a different share for the network users, and not /Users. If you go that route, pay attention to the permissions, it's somewhat easy to get them wrong. I think I cheated and used Carbon Copy Cloner to clone the /Users directory to another HD, then just renamed the directory. FYI you're actually not seeing this in these screen shots, since I'm using a "fresh install" virtual machine to make the screen shots.
  Also if you don't need it, I'd probably uncheck "Share with Windows clients (SMB).
  2. You need to setup Open Directory, so you can manage Network Users. Since you want portable home directories, then you might consider using Profile Manager (introduced in Lion Server), which is Apple's latest tool for that. You can also download separate Workgroup Manager as well. Not sure which is better, or exactly why there are both. I think the documention indicated for older pre-Lion OSes, Workgroup Manager is still around.
  2a - If you go straight to Profile Manager, and set it up, it will first make you setup Open Directory, then the rest of the setup for Profile Manager itself.
  2b - Or you can always "two-step", first setup Open Directory, then later if you want "Profile Manager".
  3. Once you have OD (step 2), and the share setup for network home directories (step), you use Server.app to create the network users, and assign their home directory to the share not local. Note the entry "Home Folder"; use the pull-down menu to select your share. See below.
  If you forget to set the Home Folder, you can always "edit" the user and change the Home Folder to the share, and not Local Only.
  4. To get portable Home directories, I'm pretty sure you're going to have to setup and activate Profile Manager or use Workgroup Manager. Sorry not much details I can provide there, I've only played with it a bit, and was planning on upgrading my MacBook Pro to Mountain Lion before giving it a go again.

• Beginner question: setting up a small lab

  I have a small research lab with several Mac Pro and PowerMac workstations, all running leopard. I just installed Mac OS X server 10.5 on one of the machines. I need a quite simple setup, but got lost in the huge pile of documentation. I can read manuals, but would be very thankful if you can direct me to the right direction. The question: What is the minimal sequence of operations needed for the following setup:
  1. Set up a set of user accounts on the server.
  2. Configure all the machines to allow these users to login.
  3. Have the home directory of all users on a volume in the server.
  That's all for now - nothing else. I found some answers in the "Managing users" manual, but not enough to be able to do so.
  Thanks very much

  Well, I don't have a step-by-step manual for you, but I'll try to point you in the right direction. Feel free to post back with more specific questions about different parts of the setup process.
  The basic steps to follow -
  Install 10.5 Server, run the setup assistant (automatically), make the server a standalone server, and only start DNS. Reboot.
  Once you've rebooted, configure DNS. You need a FQDN (fully qualified diomain name - if you didn't already know) for your server. Something like macserver.mydomain.net
  10.5 server relies heavily on DNS, so you really do need to do this.
  Once DNS works, and you can do a forward and reverse lookup of your server, you can promote the server to OD Master then turn on AFP and whatever other service you need.
  If you've already turned services off and on and fought with the server for a while you should probably start over.
  Once your server gets this far, you can start adding users via WGM and setting their home folder paths. It's best to avoid long path names, (there's a limit of 80something characters for network home paths, or at least there was up through 10.4 server) so creatuing a folder at the root of the server HD (or whatever HD you're storing stuff on) and put user homes in there.
  Once that's set, you use DirectoryAccess on 10.4 and earlier to bind the client Macs to the OD Server. 10.5 clients use Directory Utility. The 10.4 and 10.5 clients pretty much automagically set themselves up once you use the LDAP plugin in DirectoryAccess/Directory Utility to enter the server's IP or FQDN. 10.3 clients take a little more work.
  AFP548.com is a great resource for tips, and you can find a lot searching through here. I also found a web site that has a lot more detail than I just provided it - I have it bookmarked somewhere else - I'll post it if I remember.
  hope this gets you started,
  Jeff

• Adobe Bridge permission issues when working with network account

  We have some users using Adobe Bridge CS3, CS4 and CS5.
  They are using Bridge to browse arround the file server.
  I have ACL's so the users can have full access using the Finder, deleting, making folders etc.
  Users are logged in to their AD account with their home folder synced to a Mac OS X server 10.6.4.
  Unless they are Posix owner of a folder they can't make changes or nothing using Bridge.
  If they log in to a local account on a Mac and then manually connect to a share on the same server all is fine with Bridge. They can make folders, delete files etc etc.
  Any ideas?
  I know Adobe made it easy for themselfs years ago by simply stating it is not supported to work on a server using any Adobe app.

  jhellstrom wrote:
  We have some users using Adobe Bridge CS3, CS4 and CS5.
  They are using Bridge to browse arround the file server.
  I have ACL's so the users can have full access using the Finder, deleting, making folders etc.
  Users are logged in to their AD account with their home folder synced to a Mac OS X server 10.6.4.
  Unless they are Posix owner of a folder they can't make changes or nothing using Bridge.
  If they log in to a local account on a Mac and then manually connect to a share on the same server all is fine with Bridge. They can make folders, delete files etc etc.
  Any ideas?
  I know Adobe made it easy for themselfs years ago by simply stating it is not supported to work on a server using any Adobe app.
  As you said Adobe washed their hands of the matter and as any business customer is almost certainly going to use a server, and as Adobe products are so expensive pretty much only business customers can afford them, this is totally inexcusable.
  I had a similar network login related problem with Acrobat Pro in version 7.0 which after +two years+ (no exaggeration) was eventually fixed in Acrobat Pro 8.1. Unfortunately it was then broken again in Acrobat Pro 9.0. Based on my experiences with Acrobat Pro and due to a totally different reason (nothing to to do with using Adobe SW) I found that when I switched from using AFP for network home directories to instead using NFS, my problems with Adobe software and network login accounts went away.
  So, it might be worth your thinking about switching to using NFS for home directories as a workaround.
  Adobe have become even worse than Microsoft for their software. They use a variety of sucky installers instead of Apple's free Installer (Microsoft have switched to using Apple's Installer), they use product activation, they are even worse than MS Office at working with servers. The only redeeming fact Adobe has is that their Mac and Windows products are mostly equivalent unlike Microsoft who still cripple their Mac software.