AFP and Permissions - Acronis Files Connect 11.1

Hello Marc,

macOS users who are connecting to a Windows server via AFP powered by Acronis Files Connect are getting prompted to input administrator credentials whenever they try to move files.

You are absolutely correct in your guesses, this is a direct sign of misconfigured permissions. It is not related to a version of Acronis Files Connect used. However, that was an excellent step to upgrade the application to the latest version.

Saying that, you have to verify that your server and your macOS users do completely meet the requirements listed in this knowledge base article. Be sure to not miss the pdf attached to that article for more details, this is a document with our complete best practices that will give you more underlying context.

We also noticed that when you do a Get Info on the mounted AFP share, you no longer receive the folders permissions info like you once did. A lot of unknowns in there.

No, this is not relevant here. You see what you do see due to the fact that UNIX permissions are disabled in Acronis Files Connect Administrator at Settings –> Security. This is the default and the most recommended configuration. UNIX adds lots of complexity and should be avoided. When it is enabled, you are forcing translation between UNIX and NTFS, so you will need to keep in mind that they are completely different and require a lot of additional items to wrap your head around: KB39539 and KB39390. We want to reassure you that regardless of these settings, the on-disk NTFS permissions will always be enforced.

If any additional technical assistance is required, do not hesitate to contact our support department.

Regards,

Mikhail

WOW! Thank you for your response Mikhail, this is great!  Give me a sec while we ingest all this. I also wanted to mention that we do not join our Macs to Active Directory any more. They are local accounts now. Non-admins. Company policy. Hoping this has nothing to do with it too.

You are welcome! I'm glad to know the information provided was somewhat helpful.

I also wanted to mention that we do not join our Macs to Active Directory any more. They are local accounts now. Non-admins.

If your macOS machines are not bound to the domain and that your macOS users are not part of your Active Directory system, then that's ok. This is not a strict requirement for Acronis Files Connect to operate properly. Please refer to our official documentation for additional details.

Let me quote the most essential part here: If the machine is not a member of a domain, the account must be a member of the local accounts that appear in Windows User Manager. If the machine is a member of a domain, then the user name you give the macOS user must be either a member of the primary domain, the local accounts, or a trusted domain.