Don't quite know how to explain this one... but here goes.
Server is XServe 2.26ghz Mac OS X 10.6.4 and I have a suite of 16 iMac 21.5" 3.06ghz Mac OS X 10.6.4.
The organisation here is a Windows 2003 domain, and it has only been in the last fortnight that the Mac network has been integrated using the Active Directory plugin on the Xserve. I'm new to administrating the Xserve/iMacs.
Our users can log into the iMacs using their windows logon. Each windows Active Directory account has a home folder set. On logging into the iMacs the first ever time, all is ok, with the home folder being correctly mounted and access being achieved.
However, presumably on logout, it appears that the ACL is removed from the home folder on the windows server, so no permissions or owner is visible. The next time you try and login into an iMac using that account, you get the error message:
"You are unable to log in to the user account "<name>" at this time. Logging in to the account failed because an error occurred."
Now I know that this error is being caused because access to the home folder for that user is being denied, but does anybody know (or seen before) why the permissions are being removed from the home folder on the windows server.
Incidentally, although we have only being using the iMacs for a couple of weeks, this problem doesn't occur with every user every time they log in. Although, in the last couple of days the problem appears more frequent. It is this randomness which is making it harder for me to understand.
If you reapply the home folder path in AD users & computers does it fix the permissions? And then what about after that, does it break after first logout again?
If re-'apply'ing the home folder path in AD Us & Cs doesn't fix the permissions on your existing home folders, you may need to move the homes to a temporary directory, re'apply' the home folder path again in bulk (using the %username% variable) to create new homes with good permissions, and then do a Windows-style drag and drop merge-move to put all the user data back in the shared folder. It is a bit simplistic but it works for me...
Last edited by jselway; 14th September 2010 at 09:32 AM.
I've spent a lot of time attempting to work out what's going on here, and it really has me stumpted. The randomness of the problem and the total lack of anything in any logs is a real pain.
I've managed to work out that that it appears the ACL is removed - and only from the the top folder in the Home path. For example, if I have a user with home path: <username>$, randomly (and you can watch it happen), on login to a Mac the owner details are removed on the windows data server the home drive is located. If you then reset the local admin to be owner of this folder, you can gain access to the home area and view that all permissions/owner details on sub folders are unaffected.
Even stranger, in all cases where this happens, the 'Library' folder the mac profile creates here is part complete - but always it seems at a different stage. So it seems that the mac can write ok to the home folder (as the Library folder demonstrates), and it can set the permissions on this folder ok.
So why randomly does the top level shared folder occasionally lose it's ACL?
(By the way - in the system.log file on the mac, there is no difference logged between an occasion when the problem doesn't occur compared to when it does - so the logs appear useless.)
After some testing I've been unable to find what is causing this issue. However, the only solution that appears to cure the problem is to change the Home Folder path in AD so that the IP address is used instead of the DNS name.
For example, if path was \\server-1\username$, change it to \\192.168.1.1\username$
Can't explain it though...
I've just read your posts about users losing permissions to network home folders. We are experiencing exactly the same issues and the prevelance seems to be increasing. The arbitary nature of which losers lose permissions has made it impossible to diagnose the problem. All aspects are exactly as you describe - top level only etc.
Have you found a solution or made any further discoveries? Did changing the path to the home folder to the IP address solve your issues?