On 29 Feb 2012, at 17:51 , Chris Murphy <[email protected]> wrote:
> This behavior occurring on all current versions of 10.7.x, i.e. 10.7.0 > through 10.7.3? It's worse than that. Lion's SMB package is buggy beyond compare. > They've really been working on the problem for 9+ months? Longer. Strong rumor has it that this problem, and others wrt the new SMB package, have been around since the earliest Lion betas. That's heading into 2 years now. I know that I have had a prob with Housecat... ah, Lion Server, wrt to connecting with Windows clients _and_ Windows servers, since 10.7.0. Because it is, mostly, a problem with Server 2003 and WinXP, Apple appears to be content to let time solve the problem by removing all the Server 2003 and WinXP systems. However, it sometimes happens with Server 2008 R2 and Win7, too, so I suspect that they're gonna have to actually fix this, they just don't wanna. > > Nevertheless, I think there's something wrong with the client-server paradigm > if its design includes the expectation that the client honors server sent > privilege metadata. All one needs is Mac OS X 10.7 client, a single user > authenticated, and that user can now see all users' data on the server? > > How is this not a huge security hole for both the client *and* the server? I've pointed this out. Does the phrase 'works as designed/expected' have any meaning for you? > > > Chris > > > On Feb 29, 2012, at 2:28 PM, Susan Alston wrote: > >> I contacted Apple support on this issue, and their response was that >> Windows Active Directory group membership and group permissions are not >> read properly in Lion. We are not using Active Directory on the server, >> just simple users and groups, but we are relying on group permissions. >> Currently there is no workaround, but they are working on the problem. >> >> On Mon, Feb 27, 2012 at 10:10 AM, Susan Alston <[email protected]> wrote: >> >>> I have a lab of iMacs for students. From any iMac a student can connect >>> to general Windows server volume and access their own individual file >>> storage folder. They only have permission to see or open their own folder >>> on this server, (not any other student's folder). That is, this is how it >>> worked under Tiger, Leopard, and Snow Leopard (A red circle with a dash >>> displays on these other students folders and they are not accessible to >>> anyone but themselves). >>> >>> I just upgraded one of the iMacs to Lion, and when I connect as a student >>> to the server, I can view *all* other student folders. I have changed >>> nothing on the server side. What can I do to ungrant permission for a >>> particular student to see all other student's work in this Windows volume? >>> >>> -- >>> >>> >>> Susan Alston >>> Internet Developer/Blackboard Administrator >>> 110 McSweeney >>> Chowan University >>> 252-398-6263 >>> >> >> >> >> -- >> >> >> Susan Alston >> Internet Developer/Blackboard Administrator >> 110 McSweeney >> Chowan University >> 252-398-6263 >> _______________________________________________ >> MacOSX-admin mailing list >> [email protected] >> http://www.omnigroup.com/mailman/listinfo/macosx-admin > > _______________________________________________ > MacOSX-admin mailing list > [email protected] > http://www.omnigroup.com/mailman/listinfo/macosx-admin _______________________________________________ MacOSX-admin mailing list [email protected] http://www.omnigroup.com/mailman/listinfo/macosx-admin
