Intermittant no access to folders on Mac OSX server from Mac clients

[DEMinSoCAL]

Yet another odd issue has been popping up recently for one of our users. Mac Pro (trash can model) on latest High Sierra, with volumes mounted on Mac OS X Server (Sierra). Volumes are mounted via AFP protocol, since SMB seems to cause all sorts of issues (long connect times, corruption of files when saving, etc.).

The problem is, randomly a folder on the server will appear with the red circle/white dash symbol, meaning no access. Now mind you, it was working fine earlier in the day and nothing has changed or is wrong with the permissions. We have discovered a couple of things that restores access to the folder. First, logging out of the Mac and logging back in. Like magic, the user has access to the folder again. Second, eject the volume the folder is in. Then remount the volume, but use SMB instead of AFP. Access is granted. No logout needed here. Tried dismount/remount using AFP, but still no access unless user logs out and back in. Because of issues using SMB, we don't consider this a fix.

Ideas what would cause this all-of-the-sudden denial of access to server folders?

Thanks.

 

[hobowankenobi]

Have you looked at permissions on the Server for the folder in question?

ACLs take precedence over POSIX, so I would suggest being sure ACLs are correct.

Do multiple users access these shares? Do they use their own unique credentials, or a single shared account?

 

[DEMinSoCAL]

Yes I have looked at, and verified the ACL's on the folders. Yes, users use their own unique credentials and yes multiple users to access these shares, but this particular volume is an Archives volume, so not likely that other users are accessing the same stuff as this user.

One important point that leads me to believe it is NOT server side permissions, are the two things I listed in my post--user can log out and log right back in and now has access to the folder. Also, using SMB instead (without logging out and back in), also makes the folder available. If it were permissions, only changing the permissions would allow access.

 

[hobowankenobi]

Yes I have looked at, and verified the ACL's on the folders. Yes, users use their own unique credentials and yes multiple users to access these shares, but this particular volume is an Archives volume, so not likely that other users are accessing the same stuff as this user.

One important point that leads me to believe it is NOT server side permissions, are the two things I listed in my post--user can log out and log right back in and now has access to the folder. Also, using SMB instead (without logging out and back in), also makes the folder available. If it were permissions, only changing the permissions would allow access.

Reasonable logic....but one never knows.

I have not seen what you describe specifically: logging in and out. I have seen some similar just between AFP and SMB.

Back to permissions: Are all the users in a group, and is that group setup correctly (RW, ACLs, recursive, with inheritance, etc)? Any thing else to try or review?

How about making a new test folder, making a new test group, adding users to the group, setting permissions, add some test files, and see how it behaves?

Permissions have been fragile/wonky on Server too many times over the years...sounds like you are aware. If it is not a permissions issue, it may not be solvable; it could be a bug. It's happened before with Server permissions before, more than once. I recall a particularly nasty one back about 10.5. Had to wait through several patches until 10.6 for it to be resolved.

I still have one Server box (10.12), but changed our primary file server over to a Synology about a year ago, and once I got comfortable with their permissions management...been perfect. No more silly permissions games.

 

[DEMinSoCAL]

Thanks for the info and ideas. Which Synology are you using and I assume you're connecting to the shares over SMB?

 

[hobowankenobi]

Have used several, no issues. The two I am supporting currently:

Rack Mount: RS818RP+ (dual power supplies, 4 NICs, with four 8TB Seagate NAS drives)
Desk top: DS718+ (Easy swap drives, great cost factor compared to CPU + storage option)

Both have up-gradable RAM. I upgraded RAM on the 818RP+, even though it probably did not need it. Was never constrained or starved with the stock 2GB, but it was so cheap I figured it was good insurance, and spare RAM is used as cache. Also running VM on it, and was able to load JAMF SUS server...pretty slick....so 4 GB is allocated (again, too fat).

Here is a quick overview of the SUS setup, and here is one for setting up a Mac-like drop box (write only) folder.

Primary use is file server for Macs, as well a Time Machine destination for a few workstations. Using both AFP and SMB. SMB seems a bit better for file sharing overall (10.12 and newer clients connecting), while so far Time Machine over AFP has been good and solid.

 

[DEMinSoCAL]

Have used several, no issues. The two I am supporting currently:

Rack Mount: RS818RP+ (dual power supplies, 4 NICs, with four 8TB Seagate NAS drives)
Desk top: DS718+ (Easy swap drives, great cost factor compared to CPU + storage option)

Both have up-gradable RAM. I upgraded RAM on the 818RP+, even though it probably did not need it. Was never constrained or starved with the stock 2GB, but it was so cheap I figured it was good insurance, and spare RAM is used as cache. Also running VM on it, and was able to load JAMF SUS server...pretty slick....so 4 GB is allocated (again, too fat).

Here is a quick overview of the SUS setup, and here is one for setting up a Mac-like drop box (write only) folder.

Primary use is file server for Macs, as well a Time Machine destination for a few workstations. Using both AFP and SMB. SMB seems a bit better for file sharing overall (10.12 and newer clients connecting), while so far Time Machine over AFP has been good and solid.

This is all great info! We were thinking of going Windows server for this department of Mac Pro's but I like the idea of something simpler like this. I appreciate the details here. Thanks.

 

[hobowankenobi]

This is all great info! We were thinking of going Windows server for this department of Mac Pro's but I like the idea of something simpler like this. I appreciate the details here. Thanks.

FWIW, I find the Synology OS (linux with an easy GUI) and feature set to be superior to both Mac and Win file sharing boxes. I bit of a learning curve...but not hard, just different.

To be fair there are other NAS platforms out there that are well liked. Synology is the best I have used for Mac clients. Been happy with it, so I have stopped looking for alternatives. As they say: if it ain't broke, don't fix it.

QNAP is also well liked, but I have not used one in years, so I can't really speak to their strengths or weaknesses.

Oh, and both platforms have a live demo of their GUI, so go beat 'em up a good long while to see if either feels like a good fit.