Environment: Active Directory fores and domain at the 2008 functional level. No open directory or golden triangle. Casper joins macs to the domain no problems. Users have AD accounts. Some have home directories set, some don't.
If an AD user without a home directory set logs into any mac also joined to the domain, everything works great. No issues.
If an AD users with a home directory logs onto a 10.8.x mac also joined to the AD, everything works great. Home directories mount, everything is golden. I have tried with several different users who are members of several different groups having home directories on different Windows servers (both 2003 and 2008).
It all breaks when the exact same user (with the home directory settingss) logs onto a 10.7.5 mac (also joined to AD). One of two things happens:
What gives? We have hundreds of 10.7.x machines. I can't have users only be able to log on to the new ones and not the old ones.
I'll assume the following:
With AFP/SMB shares for home directories, you need to make sure that it's "readable" throughout the entire path. This is easily done in POSIX for "Everyone" marked as "Read". Not sure of the Windows Server equivalent.
Where would I run those commands? Like I said, I can't get the user to log onto a 10.7.5 machine if there are any type of restrictive permissions at the home directory share. Or should I run those commands on the 10.8.6 machine?