Skip to main content

We recently moved our main server from an XServe running AFP to Windows 2008r2 using the SMB protocol. We are experiencing an problem with our users being unable to move and/or rename folders and files on the server when connected via SMB from a Mac.

It seems to be that when a folder is open or in use by another user, the file is locked and asks for Admin credentials to move or change the folder. We haven't been able to figure out a fix for the problem. I was wondering if anyone else has stumbled across this problem or has a solution?

have you looked at the ACL on the server?

We're having exactly the same issues. The ACLs on the SMB server are perfect.

Users are being prompted for local administrator credentials to move or rename their own folders.

This is a drama, as most of our users are not local administrators of the machines.

Anyone out there have any ideas?

Cheers

We noticed that even when we enter the local administrator password it doesn't seem to allow the folder to be unlocked...

Still stumped though, we are going to try ExtremeZ-IP to see if we can fix it with a 3rd party tool. I'll update once we have tested it.

Ok. Just did a little more digging and this seemed to do the trick - haven't tested in a big group but you guys might want to give it a try:

Problem:
Finder creates a .DS_Store file that stores metadata for all files that are opened. What happens with the network share it that the .DS_Store file is recognizing that the file is in use.

Solution:
Prevent Finder from creating .DS_Store files on local machines. Run this command in terminal and reboot.

defaults write com.apple.desktopservices DSDontWriteNetworkStores true

I tested with one file and will keep testing but I figured I'd give you all a heads up, I mad a little progress.

Not an effective solution. Ignore my previous post.

Are your clients running Mavericks?

Mountain Lion here. I see lots of hidden files such as .smbdelete etc when clients are accessing folders.

I'm no expert on this, but if these files are being written to or are open even when no action is occurring then there will be issues moving or renaming, surely.

I have clients running both Mavericks and Mountain Lion. The problem seems to happen with both. Our next step is ExtremeZ-IP

@ndudley are your users working with Adobe products off the network?

@bentoms They are, but it also happens with PDFs and Microsoft documents.

@ndudley, on the Win2k8 server.. Have a look at open files when this happens.

I bet someone has the files or something within the folders open when these issues occur.

The Adobe apps do not support working off of removable media, & some can lock files even if they look to not have anything open.

@bentoms The problem only happens when another user has a file open in a folder. For Example:

Test folder contains a folder called Nested Test Folder and Nested Test Folder has multiple files in it.

When a user opens a file (using smb on OSX) inside Nested Test Folder it locks it on the SMB server.

This means if a user is trying to Create a new folder called Nested Test Folder Archive and tries to move Nested Test folder into the Nested Test Folder Archive, it asks for an admin username and password - the file doesn't unlock when the admin password is entered.

If the user Force quits finder the file then becomes unlock and you can move things around, but this is definitely not a great work around for the users and we are stumped as to how to fix it. We have tried everything we can think of including using 3rd party tools like ExtremeZ-IP.

@ndudley, from what you've explained the behaviour is in line with what we see.

Sometimes is stays locked, unless people quit the app that they opened the file from the server. Dream weaver is really bad with this.

We advise people to work locally & archive to the server.

We are seeing the exact same thing after migrating to a Windows 2012r2 DFS. After some investigation it is folders and files that people are trying to rename, delete, or move while somebody is currently working in that directory. Altering the directory would wreak havoc on the other person using the file share.

I was also going to investigate stopping OS X users from creating .DS_Store on network shares as well.

defaults write com.apple.finder AppleShowAllFiles -bool TRUE
defaults write com.apple.desktopservices DSDontWriteNetworkStores -bool TRUE
reboot

might be a useful combo for testing.

This may or not apply to you, but reading the first post, it sounded similar to something we ran into and I used the below link as a reference.

https://developer.apple.com/library/ios/documentation/FileManagement/Conceptual/FileSystemProgrammingGuide/FileSystemDetails/FileSystemDetails.html

OS X v10.4 and later implements SMB/CIFS-compatible access control lists (ACLs). Although individual users cannot set or alter ACLs, server administrators can do so. (Administrators can use the SMB server command line to manipulate ACLs, but only if both the client and server are bound to the same Active Directory domain.) However, enforcement of permissions is done only on the server, not on the client.

Has anyone figured out a cause/fix for this problem yet? We are having the same thing occur. Win 2012 File Server, Macs (10.8-10.9) files get locked and I sometimes have to go to Open Files on the win server and disconnect them. I was able to reproduce the problem when I would preview a file then close the preview and then try to rename the folder it was in. Curious if anyone has solved this.

This is exactly the same problem we are seeing. Thank you for putting this succinctly. I can duplicate in the exact same fashion, but have not discovered a cause/fix.

I know this is ages after the problem....But I have a answer.

I came across this thread when I was trying to fix my own problem. Mac OS would force admin credentials to touch anything on samba. It also would show locked if samba was mounted anywhere else.

My server uses JBOD for its drive pooling. I found that the files on the drives (not samba but the actual drive) had new file ownership. This was deceiving because Samba reported a different owner making me over look it. For some reason samba shows file ownership of the person that logged in versus who actually owns the files (admittedly this will probably vary system to system).

My fix. unmount samba shares. Set ownership on all drives. remount. Problem solved.

Hope this helps good luck to everyone else.

It's down to the fact that someone has something open right enough!

I checked a list and found 1 file open in a folder, it required admin when transferring etc etc. All other folders ok.

I have the same issue with 10.6, 10.8, and 10.9. I have pin-pointed it to finder not closing the SMB share. I can use openfiles.exe from a windows box to verify. Run in powershell ISE as administrator to copy paste into notepad for csv viewing. Then filter on username column to find the suspect file or folder that still has a session open.

Below the first query finds the open sessions and the 2nd one disconnects. This isn't a great solution, but it stopped me from wanting to pull out my hair or throw the iMacs out the window of a very tall building!

openfiles.exe /query /s <File_Server_Name>/fo csv /v
openfiles.exe /disconnect /id <FILE_FolderID> /s <File_Server_Name>

Openfiles documentation: http://technet.microsoft.com/en-us/library/bb490961.aspx

Not sure if you guys found your answer but to the OP this occurs because Apple and all their wisdom decided to have the Mac OS create preview files for all items contained within that folder. So if a user, even in list mode, is on the server their computer can lock the files, causing the other user to lose their privileges. You can fix this by going to the root of the share on the end user station and doing an apple-J and disabling preview.

Now you might still have an issue. Go back to the server and take ownership of all the files. After that reapply all the permissions. You should be good to go now.

We found that we needed to give Delete access (under "Write" on ACLs) to the group (would work with individual users too) that were supposed to be able to change folder names.

This specifically occurred with us because we have a Deny permission in place to deny anyone not in the group from even seeing the folder.

Presumably, there would be a similar switch on Windows. I imagine it would handle this the same way.

@rkovelman When you say "go back to the server" do you mean navigate back to the network drives in Finder, or do you mean to actually log in to the server and make the permission changes from the server's OS?

Have you had any further file access issues since disabling preview? If not, do you know of a way to only disable preview for network drives?

@J.P. Yes, mount the server and go to the main folder or share. Then disable the preview and set it as the default option. 10.10 seems to be a bit better with this but not 100% sure yet.

Terms & ConditionsCookie settingsAccessibility statement