macintosh, Cannot assign Mac permissions in trusting domain

microsoft.public.win2000.macintosh - Microsoft Windows 2000


macintosh >> Cannot assign Mac permissions in trusting domain

by Byron Kendrick » Sat, 25 Sep 2004 01:36:14 GMT

The environment is Windows 2003 Active directory in mixed mode. There are
three domains; lets call them forest_root, domain1 and domain2.
We are running WINNS in the 2child domains. the trust relationship is the
default child trust between each domain and the forest root and there is a
one way trust between the two child domains themselves with domain1 (staff
and Faculty login) being the trusted domain and domain2 (student login) the
trusting. There are no resource domains. There is a shared volume on one
of the domain2 bdc's (NT 4.0 sp6a) that is used for a faculty drop box.
This morning the permissions for the faculty are no longer there.
Everything looks good on the PC side but the Mac side will not recognize the
domain1 users. I can go into the Mac permissions on each folder and set the
owner to the domain1\user account but when I go back in to view the
permissions the ownership is set to <Account Unknown>. I tried to set the
primary group to domain1\domain users but it came back as forest_root\domain
users. Has anyone had this experience before. This is happening on both
both domain2 bdc's (both bdc's are NT 4.0 with sp6a). I have tried removing
WINNS from the serve but that has not helped.

Thanks
Byron



Top

macintosh >> Cannot assign Mac permissions in trusting domain

by Jim Gordon MVP » Sat, 25 Sep 2004 10:55:24 GMT


Hi,

You don't mention what version of MacOS you are using or whether or not
you are using Dave software or MacOS to make your connections. If you
post a follow-up message it might be easier to offer suggeestions.
Thanks.

-Jim

--
Jim Gordon
Mac MVP
MVP FAQ
< http://mvp.support.microsoft.com/default.aspx?scid=fh ;EN-US;mvpfaqs>






Top

macintosh >> Cannot assign Mac permissions in trusting domain

by William Smith » Sun, 26 Sep 2004 09:04:57 GMT

In article <# XXXX@XXXXX.COM >,



Hi Byron!

Wow, this reads like an MCSE test question!

First WINS should have nothing to do with your permissions but since you
mention WINS I'm guessing you're using a Mac OS X 10.2 or later system.

By your phrasing I'll also guess that this setup was working at some
point and now doesn't. So this would indicate a change on the servers.

Have any passwords changed lately or have any domain name changes been
made anywhere? This feels like there should be more information.

bill
--
William M. Smith
(Microsoft Interop MVP)

Top

Cannot assign Mac permissions in trusting domain

by Byron Kendrick » Mon, 27 Sep 2004 21:06:55 GMT






It shouldn't but since WINS is the only thing that has been changed It is
still suspect. especially since We have gone to Active directory the summer
and there for the domain name changes that come with it, ie. from just the
servername to servername.domain.organization.edu. But That was earlier in
the summer and was not a problem until now. The problems were not noticed
until Friday. The changes in WINS were made on Thursday evening. We have
Mac's running from OS 7.5 to OS 10.3. They first one to call in was running
7.5 on one and 9.2. It may be isolated to the older Macs isnce they use
Appletalk. I know these don't these don't use WINS but the servers do and
it appears that that is where the problem is. That is why I didn't include
the Mac OS in the first reply.


Yes it worked for years without a hitch.





Top

Cannot assign Mac permissions in trusting domain

by William Smith » Tue, 28 Sep 2004 10:08:26 GMT

In article <# XXXX@XXXXX.COM >,




Interesting situation. What changes were made to WINS?

This could be a variety of things but I would start by looking at static
WINS entries for your servers.

Also, were any WINS entries deleted without being tombstoned? Something
may have come back from a replication partner that shouldn't have. If
DNS is performing a WINS lookup against some stale records then one of
your AD servers may be receiving some erroneous information.

bill
--
William M. Smith
(Microsoft Interop MVP)

Top

Cannot assign Mac permissions in trusting domain

by Byron Kendrick » Tue, 28 Sep 2004 11:33:10 GMT






Just briefly there are 2 WINS servers on the network. One in each domain.
For some reason the person who set them up tried to make the domain1
(trusted domain) server the primary for both domains. Even the server in
domain2 (trusting domain) was set to use the domain1 WINS server as a
primary instead of itself. All the servers in both domains as well as all
the DHCP scope were set that way. The changed that took place were to set
up the domain2 servers and scopes (VLANS) for the dorms, computer labs and
such to point to the WINS server in their login domain, domain2. I can't
give a lot of detail as I was not involved.in the setup or the changes that
were made on the WINS servers. The changes that were made cleared up some
authentication problems that we were having in Domain2 but that was mostly
adding domain2 PC to the domain.

I have found out today that it appears to be isolated to the older OS's. OS
10.3 systems seem to be OK. I'll check out the static entries on the WINS
servers tomorrow and get back.

Byron



Top

Cannot assign Mac permissions in trusting domain

by Byron Kendrick » Wed, 29 Sep 2004 02:46:33 GMT

WINS settings look OK.

This really looks like an Appletalk issue. When you view the permission
from the PC side everything is correct.
Thursday morning there were some MS patches run. KB873374, KB867801, and
KB833989, but I cannot find anything in MS Knowledge base that indicates
they might be detrimental to Appletalk users. Boy will I be glad to see
Appletalk go away, although it may be gone. There are just too many Macs
out there taht we cannot upgrade just yet.

Byron









Top

Cannot assign Mac permissions in trusting domain

by Byron Kendrick » Wed, 29 Sep 2004 04:15:00 GMT

K here it is. Some how the trust have been broken. When you go to the
domain controllers it looks to be right but according to MS KB article
271924 the trust have been broken. Well I don't knwo what to do since they
look right in the User Manager on the NT4.0 BDC's and on in the Domains and
Trust app on the AD PDCE's. Would it be a good thing to try to break the
trust and re-assign it?

Byron

"Byron Kendrick" < XXXX@XXXXX.COM > wrote in message
news:% XXXX@XXXXX.COM ...



Top
Similar Threads

1. Cannot assign Mac permissions in trusting domain - Macintosh

2. Resolution: Cannot assign Mac permissions in trusting domain 

Corrupted database on BDC.  I used the nltest /sync command to force a full 
syncronization and rebooted.  All is well.

Thanks for the help.
Byron

"Byron Kendrick" < XXXX@XXXXX.COM > wrote in message 
news: XXXX@XXXXX.COM ...
> OK here it is.  Some how the trust have been broken.  When you go to the 
> domain controllers it looks to be right but according to MS KB article 
> 271924 the trust have been broken.  Well I don't knwo what to do since 
> they look right in the User Manager on the NT4.0 BDC's and on in the 
> Domains and Trust app on the AD PDCE's.  Would it be a good thing to try 
> to break the trust and re-assign it?
>
> Byron
>
> "Byron Kendrick" < XXXX@XXXXX.COM > wrote in message 
> news:% XXXX@XXXXX.COM ...
>> WINS settings look OK.
>>
>> This really looks like an Appletalk issue.  When you view the permission 
>> from the PC side everything is correct.
>> Thursday morning there were some MS patches run.  KB873374, KB867801, and 
>> KB833989, but I cannot find anything in MS Knowledge base that indicates 
>> they might be detrimental to Appletalk users.  Boy will I be glad to see 
>> Appletalk go away, although it may be gone.  There are just too many Macs 
>> out there taht we cannot upgrade just yet.
>>
>> Byron
>>
>> "Byron Kendrick" < XXXX@XXXXX.COM > wrote in message 
>> news:uR$ XXXX@XXXXX.COM ...
>>>
>>> "William Smith" < XXXX@XXXXX.COM > wrote in message 
>>> news: XXXX@XXXXX.COM ...
>>>> In article <# XXXX@XXXXX.COM >,
>>>> "Byron Kendrick" < XXXX@XXXXX.COM > wrote:
>>>>
>>>>> > First WINS should have nothing to do with your permissions but since 
>>>>> > you
>>>>> > mention WINS I'm guessing you're using a Mac OS X 10.2 or later 
>>>>> > system.
>>>>> ----deleted----
>>>>> Yes it worked for years without a hitch.
>>>>
>>>>
>>>> Interesting situation. What changes were made to WINS?
>>>
>>> Just briefly there are 2 WINS servers on the network.  One in each 
>>> domain. For some reason the person who set them up tried to make the 
>>> domain1 (trusted domain) server the primary for both domains.  Even the 
>>> server in domain2 (trusting domain) was set to use the domain1 WINS 
>>> server as a primary instead of itself.  All the servers in both domains 
>>> as well as all the DHCP scope were set that way.  The changed that took 
>>> place were to set up the domain2 servers and scopes (VLANS) for the 
>>> dorms, computer labs and such to point to the WINS server in their login 
>>> domain, domain2.  I can't give a lot of detail as I was not involved.in 
>>> the setup or the changes that were made on the WINS servers.  The 
>>> changes that were made cleared up some authentication problems that we 
>>> were having in Domain2 but that was mostly adding domain2 PC to the 
>>> domain.
>>>
>>> I have found out today that it appears to be isolated to the older OS's. 
>>> OS 10.3 systems seem to be OK.  I'll check out the static entries on the 
>>> WINS servers tomorrow and get back.
>>>
>>> Byron
>>>>
>>>> This could be a variety of things but I would start by looking at 
>>>> static
>>>> WINS entries for your servers.
>>>>
>>>> Also, were any WINS entries deleted without being tombstoned? Something
>>>> may have come back from a replication partner that shouldn't have. If
>>>> DNS is performing a WINS lookup against some stale records then one of
>>>> your AD servers may be receiving some erroneous information.
>>>>
>>>> bill
>>>> -- 
>>>> William M. Smith
>>>> (Microsoft Interop MVP)
>>>
>>>
>>
>>
>
>