I have EMC Celerra-class file servers in production. They mainly provide SMB services via a proprietary CIFS daemon (or maybe its some embedded version of Windows - I dont know much about EMCs core tech).

We also have NFS services set up on the Celerra too - mainly for Linux clients. My Tiger, Leopard, Snow Leopard clients all work well over SMB/CIFS on the EMC gear, but NFS is broken. Alexb Nebula Programs That Help. It doesn't work for any of my Mac clients including Tiger, Leopard and Snow Leoaprd.

Apr 22, 2015 OSX 10.9.2 and Windows 2012 R2 file shares. Sits a proper Mac file server. I had weird permissions errors with our Macs on Server.

They all fail with the same permission error. The NFS Export will mount on the Mac clients, but the user always gets the effective permissions of 000 (cant read write or execute). This is reproducible 100% of the time regardless if I connect using the Finder's 'Connect to Server' GUI tool or from the Terminal's command line using the 'mount' command (or the 'mount_nfs' command). Tried tons of options on the client-side. Nothing has worked yet.

The Macs and the EMC servers are all bound to Active Directory, and the SMB ACLs work perfect but NFS exports behave incorrectly. I have ran packet traces and the connection appears to be solid in terms of ports, etc. Its definelty a permissions issue not a network or NFS or RPC protocol issue. And I think its a problem on the Mac OS X side. When I crank up the NFS logging level on the EMC servers the NFS connections look fine. In fact, I have created test NFS exports and opened them up to the world with full 777 access and the Mac clients STILL think that the user doesn't have any access (root squashing disabled, the works).

Doesn't matter what VLAN or subnet range my Mac clients are located on. 'Permission denied'. I have looked over EMCs tech troubleshooting docs and nothing stands out as a glaring misconfiguration. My Linux workstations can connect fine to the EMC NFS servers. I have heard that BSD-based NFS clients (including Mac OS X) prefer to use ports >1024 while most Linux NFS clients will use the 'secure' option of using ports. I have several Celerra NS-120 and NS-480 clusters in facilities and though in production there are only linux boxes mounting the shares I quite often need to mount an export on my Macbook Pro to check something, I've never has a problem but will admit that the GUI nfs setup in OSX is pretty janky, I just do it via the CLI these days.

There is a configuration option in the Celerra or Clariion (I'm assuming you are clariion backed, but I believe this config is in the celerra)that governs how permissions get set on nfs and cifs shares, and our implementation manager told us that things can get wonky if you are serving nfs off AD ACL's instead of simply trusting the permission bits. I don't have and CIFS running on my Celerra's so I'm not 100% clear on the what/why of that. So you might want to look around a little deeper in the manuals? Do you have a powerlink login? If not I can login and try to look around for you.

If your Mac & Linux clients were all failing to mount the same shares, I'd say that you needed to check your file system mounting options and see what your multiprotocol mount mode is. The Celerra has several different methods of deciding how NTFS & POSIX permissions are parsed on a given object, and how everything fits together isn't always immediately obvious. (I believe this is what oldskool is referring to). However, if you have Linux clients that are accessing the data OK but the Macs aren't, then that shoots that theory down. Are you actually doing multiprotocol--CIFS & NFS access to the same shares--or do you just have some CIFS shares and some different NFS exports? When all else fails, call EMC. They have significant troubleshooting resources they can bring to the table.

Originally posted by dstranathan: All the share points are exported via both CIFS and NFS. We are using AD ACLs not just the POSIX bits. So, are your file systems mounted in Native mode, Secure mode, Mixed mode, or Mixed-compat mode? The behavior you're describing sounds like you're in Secure mode and seeing the results of parsing both the NTFS ACLs and also the POSIX bits, plus potentially the NFS ACLs if you're using NFSv4.

We seem to be having issues with our OSX 10.9.2 users access file shares off of Server 2012 R2. The individuals can get to the shares, see the documents but when the go to click on them is says they do not have access to open the documents. Generally when we copy and paste the documents to the desktop on OSX we can open them and copy / paste them back to the server - but the added step is a bit painful. Any thoughts on this would be helpful. Other important information: 1.

We have tried uses both SMB and CIFS to access the file share. The Mac OSX computers are added to Active Directory and the users have permission to read / write to the file shares. The issue happened after upgrading form Server 2008 R2 to Server 2012 R2.

Thanks for any help. ExtremeZ-IP isn't the solution here. If you use it, any files going through it won't get deduplicated (See: ). The cheaper solution, or workaround rather, would just be to disable deduplication on the Windows 2012 server. This isn't something we can do! Annoyingly 10.9.3 doesn't resolve this issue. Tried to see if Apple would offer any assistance via applecare, they say we would have to pay for a cross platform support incident for this () which costs £469 - I'm having trouble swinging this one, as they don't guarantee a resolution..

Any update on this from the OP? I have a Server 2012 VM with deduplication enabled.

I had weird permissions errors with our Macs on Server 2008 R2 that seemed to have been dormant for the past 6 months or so. Then I needed to add more storage for the graphic design/photography department so I just created a new VHD/VMDK with deduplication to an existing 2012 VM and did an xcopy to get the data from the old 2008 R2 server to the new 2012 server.

I had a Mac user just call me, and I had to reapply the permissions twice to get it to allow him to copy something from the share to his desktop. Sam, Being curious, when I was stopped by a 'register for trial' page, I looked up the price for the Acronis ExtremeZ-IP solution. At $795 it is not a solution. We are a non-profit and only have 2 macs in use.

I don't have the budget to spend the equivalent of half another Mac computer just to connect a couple of shared folders. At that price I'll probably move the files to an external drive and go local.

I guess my real problem is seeing you post so many times that this IS the solution (to the point of being clever with your answers) when it is clearly not affordable by everyone.