Permissions problems with 10.5 client on 10.3 server

Similar Messages

• Open Directory or LDAP Problem with 10.5 Client and 10.4 Server

  Yesterday, the client-server setup we've been using successfully FOR YEARS decided not to work on a v10.5.8 MacBook Pro client. Did not do anything to the v10.5 client recently (other than to boot it up). Not sure if any software was updated on the server recently (where do I check for this?). Curiously, a v10.4.11 client running on a Mac Pro (tower) continues to work fine/as though nothing's changed. It appears as though the only difference is v10.4 client (working) vs. v10.5 client (not working).
  Here is what IS working:
  1) Network Home Directories on dedicated drive partition of Mac running OS X Server v10.4.11. AFP, DNS, and Open Directory are all up and running (normally, I think) as shown in Server Admin application.
  2) Mac Pro (tower) client running v10.4.11 binds to and authenticates at v10.4.11 server. Any valid user can access their home directory on the server seamlessly when logging in at this v10.4.11 client Mac.
  3) That same v10.4.11 client Mac also contains a LOCAL admin user with its home directory on the local hard drive. That LOCAL admin account is used to update software on a per machine basis (and preclude users from adding unauthorized software, needing to use a specific machine, etc.).
  Here is what IS NOT working:
  4) On a MacBook Pro client running v10.5.8, the LOCAL admin account looses access to the partition containing its local home directory. The drive partition literally disappears. The only "solution" I've been able to find (and it's not truly a solution) is to turn off the Open Directory/LDAP binding (using the Directory Utility application). With binding turned off, the LOCAL admin user has no problem accessing their home directory on the local hard drive partition. Turn binding on again (using Directory Utility application), and the LOCAL admin user can no longer see its local home directory.
  Again, binding is necessary to allow regular users to use the v10.5 MacBook Pro with Network Home Directories (as in items 1-3 above). Binding should be turned on for this reason. However, with binding on, the LOCAL admin user cannot manage the computer because the local partition containing the admin home directory disappears/is inaccessible. Turn binding off, and the partition containing the admin home directory reappears.
  Perhaps there's something in the sever logs that will help. I don't really know how to read these, so if your help involves the logs, please refer to them explicitly (e.g., "in Server Admin, go to Open Directory->Logs->LDAP log" or similar).
  Any help greatly appreceated.

  Nope. Never used sso_util.
  I try to use Apple's GUI server management tools unless absolutely necessary/at the end of my rope (i.e., last step before re-install etc.). I figure there's just too many things going on under the hood: using the command line may fix one setting, but not re-configure the two or three others that Apple NEEDS in order to have the whole thing working in harmony. Unless you really know what's going on with all the configuration files, it's best to let the GUI manage the settings.
  In my particular circumstance, I've now got ALL Leopard clients, one Leopard v10.5 server, and one Tiger v10.4 server. Everything is working fine now, but it was not a simple matter getting the Tiger v10.4 server re-integrated into the otherwise ALL Leopard environment. OD/Kerberos is on the Leopard v10.5 server. Home directories are still on the Tiger v10.4 server.
  Two keys to getting THIS/MY set-up working:
  1) Tiger v10.4 server needs to have Open Directory set to "Connected to a Directory System" and has to be joined to the Kerberos realm that was set-up on the Leopard v10.5 server (use Server Admin to do all of this).
  2) Sharepoint on Tiger v10.4 server has to have SOME, but NOT ALL checkboxes for guest access enables/checked. See:
  http://discussions.apple.com/message.jspa?messageID=10903468#10903468
  Number 2 immediately above is contrary to what Apple manual for User Management reads, but this is what worked for me/my set up, after pulling my hair out following the manual's instructions to the letter and not getting the thing to work!

• Problem with update SCCM client to Sp1 CU3 on Windows 2008 server

  Hi all,
  I have problem with update SCCM client on Windows 2008 Server to 2012 Sp1 CU3. I have sent to deployment package with update (SP1 Cumulative Update 3 - server update) on four servers and after few minutes I have got in Monitoring\Deployment details four
  this same errors in "Asset Details":
  USER Message ID
  Status type Description
  NT\AUTHORITY\SYSTEM  1006
  Error 3003
  I love that types of error... which is har to find answer on google :-( I have tried but I haven't find any constructive :-( Did you met with something similar? Which log I should check (sorry - I'm still noob in SCCM2012) to update actual SCCM Client SP1
  (5.00.7804.1000) to SP1 CU3 (5.00.7804.1400)? 
  Thank you.

  I see in fodler with CU3 updates, are four packages:
  - SP1 Cumulative update 3 - x64 client update
  - SP1 Cumulative update 3 - x86 client update
  - SP1 Cumulative update 3 - server update 
  - SP1 Cumulative update 3 - console update
  It will be stupid but... maybe I should deploy x64 client update package? 

• A problem with WAAS mobile client

  The customer has a problem with WAAS mobile client. When he disabled WAAS mobile client - all is working, but http is not working.:-( On the server the accelerated networks are configured.The browser send the http request, but the response is not received:-( For other clients it is working. Thank you for help.

  I have WAAS mobile server version 3.4.0.1460 on the Windows2003 server with SP1. Client OS is Windows XP. All clients who use WAAS mobile client have WinXP on their notebooks. All clients are on the same network. This client sees this problem when the waas client is active, disabled, and for now when the waas mobile client is uninstalled - it seems like waas mobile client changed registers for IE or FireFox - so all http answers are redirected to nonexisting waas mobile client:-(
  Thank you
  Roman

• There is a problem with the security certificate of the proxy server. Error code 18 and 38.

  Hi All,
  After several hours and a short night of sleep I'm out of ideas and hopefully someone here can help me trying to solve this one. First of all the situation:
  Exchange 2013 on a remote location with a CA-certificate.
  Outlook 2010 and 2013 on different locations, locally installed and on RDS.
  When I open Outlook on my laptop all is fine, no errors, good sync, no problem. But when I open Outlook on our Remote Desktop Servers with Outlook 2013 I'm getting errors like "There is a problem with the security certificate of the proxy server. The
  name on the security certificate is invalid or does not match the name of the site. Outlook is unable to connect to this server. (Error code 18)". Opening Outlook 2010 the message is the same, but the error code now is 38.
  After this Outlook opens and is working, there's one more error though. After a while an security warning pops up with the message: "Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the
  site's security certificate. * The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority. * The security certificate is valid. * The name on the security
  certificate is invalid or does not match the name of the site."
  Strangest thing is, it is the certificate of my RDS! It isn't my valid en officially bought certificate from my mailserver. What's going on? I'm out of options, what I've tried so far (in random order):
  - restarting mailserver and AD;
  - restarting switches;
  - restarting routers;
  - restarting RDS, AD and all other servers;
  - bypassed proxyserver for RDS;
  - created a new profile;
  - checked recently installed updates;
  - checked certificate on mailserver;
  - checked RDS on a different location, working fine.
  Nothing helped, what can I do next? Please advice.
  Regards.

  Found a thread that solves half my problem (https://social.technet.microsoft.com/Forums/office/en-US/70d18244-889a-4d95-ac3f-e234672a82b2/there-is-a-problem-with-the-proxy-servers-security-certificate-error-when-starting-outlook?forum=exchangesvrclients).
  The first message can be suppressed by adding this to the Exchange config:
  set-outlookprovider -Identity EXCH -CertprincipalName msstd:webmail.domain.tld
  set-outlookprovider -Identity EXPR -CertprincipalName msstd:webmail.domain.tld
  Giving the command get-outlookprovider, gives me empty information regarding the certprinipalname. Filled
  this and after recreating the profile or deleting the ost-file I still have the second alert with the local certificate of my RDS.
  Not completely where I want to be, any help regarding the second alert is greatly appreciated!

• Problem with clob_write under client 9.2.0.6: UnsatisfiedLinkError

  Hi all,
  I'm running Oracle client 9.2.0.4 on Windows XP and Java 1.4.1_3.
  Writing or reading clob's works pretty well.
  As i tried to update to Oracle client 9.2.0.6, i got the error
  Communication failed: java.lang.UnsatisfiedLinkError: clob_write when i tried to write a clob. The same error appears when i tried to read a clob.
  Is there a specific problem with clobs under this client?
  All other JDBC operations work as good as before.
  Thanks.

  Here is another hint.
  In your classpath, use the jdbc driver that's under your oracle installation to which you are trying to connect to (ie, <ORACLE_HOME>\ora92\jdbc\lib\ojdbc14.jar).
  I had the same problem in 9.2.0.6 and its gone when I replaced the ojdbc14.jar. I copied the ..\ora92\jdbc\lib\ojdbc14.jar to my java client program's classpath, and ran the java client without getting the UnsatisfiedLinkError.
  It looks like the ocijdbc9.dll under ora92\bin has to match correctly with the jdbc drivers you would be using. I got this idea from this link:
  http://episteme.arstechnica.com/groupee/forums/a/tpc/f/6330927813/m/705001068631/inc/-1
  Hope this helps.

• Permissions problem with external HD

  Prior to updating to 10.4.3, I was able to write to any external HD to transfer large files betweek my iBook and a windows PC. After upgrading, I am no long able to use 3 out of the 4 external HDs that I used to be able to. I always get an error message stating a problem with permissions. I get info on the drive and it says read only and will not allow me to change to read and write. I plug the same drive into my Windows PC and change the permissions to read and write, and get the same message when I go back to my iBook, I get the same read only problem.
  Any ideas?

  Eric,
  I, too, apologize for the delay in posting. I have been away from the discussions for a rather extended period.
  Well, any NTFS formatted volume will only be accessible to you as read only. No, this is not something new, but has always been the case. To make matters worse, I have heard that Windows no longer provides any way to create a FAT-32 volume; one must use OS X to format the volume or use a third-party application in Windows. This information may be incorrect, but I wouldn't be surprised if it is true (we're talking about Microsoft, here).
  If you can copy any data on this drive to some other location, then use Disk Utility to format it as FAT-32, the data can then be copied back and it can be used to transport the data cross-platform, with read/write access on both ends. Is this a possibility for you?
  Scott

• [PX6-300D] Access permissions problem with shares

  Hello,
  Let me explain the problems.
  When i try to connect one share to PC by mapping network device everything is normal - we have access to the storage and so on, but when i try to simply type the \\address\share in explorer i'm receiving "\\address\share is not accessible" popup window.
  Strange here is that i can access the \\storageDevice but i can't access the \\storagedevice\Sharename
  With lot of clicking and editing accounts in px6 i didn't received results, but i tried to increase the security for local network encryption to Always and voila i received access to the share and 15 minutes later i loss it again. (worked one time only)
  My big problem is that i use Acronis backup solution and the software can't find the share where the backups are.
  In last 10 days i have 5 successfull backups and 5 failed due to access problems with the device.
  Can any one help?
  Solved!
  Go to Solution.

  Hello Stimar
  Is the unit connected to a domain controller?  Are you having issues accessing the shares using a domain user or a local user, both?
  If connected to a domain, have you set a preferred server ?  If not, the unit will use the DNS under the Network page to try resolve the AD server.  You will want to make sure you have the correct preferred server or DNS or you may run into permission issues.
  Double check that the user(s) have at least read access permissions from the web interface, if you have the file level encryption option enabled, you may need to adjust permissions from your domain controller as well.
  If you are on a different sub-net than the px6 that can cause share access issues.
  If the above suggestions do not help, LenovoEMC support should be contacted. 
  LenovoEMC Contact Information is region specific. Please select the correct link then access the Contact Us at the top right:
  US and Canada: https://lenovo-na-en.custhelp.com/
  Latin America and Mexico: https://lenovo-la-es.custhelp.com/
  EU: https://lenovo-eu-en.custhelp.com/
  India/Asia Pacific: https://lenovo-ap-en.custhelp.com/
  http://support.lenovoemc.com/

• Package permissions problem with Snow Leopard

  Under Leopard, changing permissions at the Get Info window for a package file also changes the package contents to the same permission settings. This no longer works in Snow Leopard. For example, I have tried adding another user name with read & write privileges. The package file displays the correct setting, but all the contents of the package have the newly added user as read only. This is causing me problems with a virtual machine I want to share with other users of my computer. I also tested it with iWork (Pages) packages - in Leopard the package contents keep the r&w setting for the new user, but not in Snow Leopard. Note that for package files, there is no option to apply to contents, as is the case for folders, but it should do it automatically.
  I would be grateful if someone could verify this bug. Also, I intend to use chmod -R at the terminal, but I am not sure how to use it to add a specific user with r&w privileges, so any help appreciated.
  Many thanks
  George

  I don't believe it's ever worked you the way you describe in leopard. I just tried it on my leopard machine with an application package and changing permissions to the package itself did nothing to its contents.
  you can change permissions recursively from terminal but it's easier from GUI.
  make a folder and put the package in that folder. *DO NOT* use system created folders for this. go to the permissions panel for the folder and set permissions as you like. then click on the "gears" action button at the bottom of the "get info" popup and select "apply to enclosed items". This will change permissions recursively on everything in that folder.
  NOTE: as I said, never do it with system created folders as they often have hidden ACLs and doing so will propagate those ACLs inside.
  to give a particular user read+write right to the whole package from terminal run the following terminal command
  chmod -R +a "username allow list,addfile,search,add_subdirectory,deletechild,readattr,writeattr,
  readextattr,writeextattr,readsecurity" /path/to/package

• Problems with transmision torrent client

  Dear all,
  I have Iomega EZ-3 and on it running transmission torrent client.
  lenovoemc_Torrent 3.2.19250  Up to date
  The problem is the destination of downloaded torrents. It's not on desired destination. On selected folder 2 subfolders were created - "add torrents here" and "incomplete". And when torrent is downloaded, there is no file. In web gui double click on torrent gives some additions informations:
  Location: /mnt/pools/A/A0/Documents/Downloads
  Where is this location and how can I access it? I have a lot more problems with built-in torrent download client so this one problem should be easier to solve... I have latest firmware on Iomega EZ-3: 4.0.8.23976
  Kind regards,
  Ziga

  I'm not sure why the completed file would not end up in the destination folder. Have you searched the all the folders on the device to see if it ended up in another folder somehow? The built-in torrent client has some issues on some devices, which is why we added support for Transmission.
  Maybe try asking their support forums? - https://forum.transmissionbt.com/
  Have questions and need answers?
  Search the database for answers to FAQ's, software/driver downloads, tutorials, news, features and more!
  LenovoEMC Support & Downloads
  LenovoEMC North America Support Contact Page

• Problem with Oracle 9i client to access multiple oracle databases

  I am having problem setting up oracle client 9i to access multiple oracle db. When I finish installing Oracle 8.x client, I simply replace the tnsnames.ora that the installation created with the ones that I have. I can access three different databases. I only need to add three diffrent entries in the tnsnames.ora file. I cannot be able to do this with Oracle 9i client. I follow the instruction from the CD installation to use local naming method. It appears that Oracle client try to create multiple entries on my tnsnames.ora file but I can only be able to access one db.
  Any help is appreciated.
  Thanks! HD

  the old tnsnames.ora is working with Oracle 8 client. The new tnsnames.ora (if I use the Oracle Net config) have two entries, one is dev and the other is prod.
  Thanks!

• Strange problem with SQLPLUS when client and server on the same box

  Hi,
  I have the problem with SQLPLUS when clinet and server on the same machine.
  With client and server on the same machine i am running the command
  sqlplus -l username/password@connect_identifier as SYSDBA.
  With this command, even if you pass in wrong username or wrong password or both as wrong you can able to connect to database and execute queries.
  Once Connect_identifier is correct and trying to log in as SYSDBA ,sqlplus will log in to DB with any username and password.
  How to get rid of this behaviour. Is there any way to do this.
  I am running this command by creating a process in C#
  Edited by: user11000236 on Jun 16, 2009 10:31 AM

  user11000236 wrote:
  Thanks for the info.
  How does Oracle/SQLPLUS allows any username or password to log in to DB with SYSDBA Privillages? What is the concept behind this.?
  This is explainted in the above mentioned link:
  Operating system authentication takes precedence over password file authentication. If you meet the requirements for operating system authentication, then even if you use a password file, you will be authenticated by operating system authentication.

• Possible Permissions problems with adobe

  I have been dealing with a problem with Adobe Creative Suites where Photoshop and Illustrator either crash or simply refuse to open files, "Cannot open filetype" errors.
  So I attempted to reinstall the programs from the original discs twice and they still would not work. For some forgotton reason I created a new User Account on the Mac and installed Photoshop in that User and it worked perfectly. I really do not want to have two Admin users on this machine so I would like to get the first user to work properly.
  Anyone know what could possibly be wrong with the permissions on the first user?
  Thanks

  See the steps I posted for resolving conflicts/corrupt plists in:
  http://discussions.apple.com/thread.jspa?messageID=4703015

• Permissions problems with Shared files

  In my office of two users I have set up file sharing between two Macs, one is is running Snow Leopard 10.6.2 and the other (a PPC machine) is running 10.5.8 (The Leopard Machine was migrated over from a Tiger Machine by doing a fresh install of Leopard and then using Migration Assistant to move the user account off of the Tiger Machine).
  Occasionally, I need to send files to the Leopard Mac from my Snow Leopard machine, so I connect to the other Mac's Shared folder, navigate to the Drop Box, and pop the file in.
  Looking at the file on the other machine, it comes through as Read Only, ie. if I Get Info on it, it says 'you have custom access' and lists users as Nobody: Read Only; (Unknown): Read Only and Everybody: Read Only. These permission remain like this once the file is copied or moved out of the Drop Box.
  I've had a look at the Sharing Prefs on both machines and they are set up to have the admin account as Read and Write and Everyone as Read Only - the Drop box is then set to have the admin account as Read and write and Everyone as Write Only (Drop Box).
  The permissions problems happen in either direction, whether copying from machine A to machine B or vice versa.
  Can someone help me fix this.
  Thanks

  Easybourne wrote:
  Thanks for the tip. Once the other user vacated their Mac last night I ran the commands but...
  Unfortunately, I still seem to be having issues with files being 'read only' on the Leopard machine. If I send a file from the Snow Leopard Mac to the Leopard Mac's drop box, it shows up with what looks like read/write access for 'nobody', 'everyone' and 'unknown user', but if I open the file, work on it and try to save via an app's save dialog, it says the file is Read-only. In the words of t'internet: W T F?
  I ran your commands on the Snow Leopard machine too, and curiously, if I send a file from the Leopard machine to the Snow's Drop box, I CAN read and write to the file.
  One thing that troubles me is that My User name is now listed TWICE in the list of permissions I get (My User Name): Custom Access and (My User Name) Read/Write. That seems odd.
  no, that's normal. this happens because of the ACLs.
  Something similar is happening on the Leopard machine too.
  I created a fresh user account on my Snow Leopard Machine to see what the default permissions should be and I get other entries in the permissions list that aren't present on either of the two Machine's main user accounts. Users such as 'Staff', for example. Frankly, I'm lost.
  I've read somewhere that there could be permissions problems on machines where user accounts have been upgraded from Tiger to Leopard as is the case with one of the machines in question.
  yes, that could be. we can fix that if necessary.
  I've also read that I can do a complete reset of ACLs by using the Reset Password utility on the Leopard installer DVD. Would this be worth a go, and could it cause more problems if it doesn't work?
  yes, you can try resettings ACLs on the leopard machine using the leopard install disk. however, the acl reset utility on the leopard disk is somewhat buggy and sets wrong groups on everything it touches. therefore after you are done with it, reboot normally and run the following terminal command
  sudo chown -R `id -un`:`id -gn` ~
  you'll have to enter your admin password (which you won't see). that's normal.
  If you can bear it, could you please help me some more. Thanks very much.
  Message was edited by: Easybourne

• Permissions problems with multiple discs in Mac Pro

  Hi.
  I have three discs in my Mac Pro. One is the boot drive, which is an SSD, another is a 2TB Seagate and the other is a smaller spare for setting stuff aside. The SSD and 2TB drives are NOT a fusion drive. They work okay but there are problems with permissions and I am trying to figure out what the permissions on each need to be for them to work in close harmony. The user account is on the boot drive but music and photo libraries, for example, are referenced on the big drive.
  Permissions on the boot drive show: system - r&w, wheel - ro, everyone - ro...
  On the big drive they are: Drieu(Me) - r&w, staff - r&w and everyone - ro. Ignore ownerships is not ticked and I am undecided about this.
  None of these seems to be correct. I know how much chaos can ensue if changes are made rashly, so I am loth to experiment but things are wrong enough to need to do something. Does anyone have any suggestions, given I am not sharing the machine with anyone, other than the default public folder.
  The spare drive has Drieu (Me) - r&w, system - ro, admin - r&w and everyone - ro!

  The Samsung 840 pro SSD boot disc
  10.9.5 and later turn ON kext signing, which turns OFF TRIM Enabler. A non-Apple SSD without TRIM cannot eliminate deleted files, so it will eventually become choked with an accumulation of deleted data. Doing the Install under these conditions could add 20GB or more of deleted data, and it could become super-slow.
  The 2TB disk [that was the Boot Disk]
  that permissions over the whole disc vary. Some files require that I enter the password to move them.
  Permissions for different folders vary widely. For example, System Directories are write-locked to you, and moving files from them would require that you authenticate as Admin.
  Files transferred from the desktop to this disc require to have the command key applied to move, rather than copy.
  The default in a Drive-to-Drive transfer IS Copy. To change that to Move, you must hold the Command or Option key. This is a Documented Feature, and is working as designed. Default for Folder-to-Folder On the same Drive is Move.
  I also find that when modifying blocks of files they can suddenly disappear and I have to come out and run round the block before I can go back in to finish the job. It works okay but it is unnerving, despite having a backup.
  One or both of those drives may be having problems. What you describe does not sound normal.