Issue or symptom
If you plan to use access control lists (ACLs) with Xsan 1.4, and your Open Directory system that was created with Mac OS X Server 10.4.5 or earlier, you may need to update your SAN's Open Directory domain.
Only Open Directory domains created using Mac OS X Server 10.4.6 or later contain the record types needed to support ACLs. If your SAN directory domain was created using Mac OS X Server 10.4.5 or earlier, you need to run a script to add the records to the directory.
Note: This article does not apply if you use Active Directory.
Solution
Update your Open Directory domain for Xsan ACL support:
- On the server that hosts your Open Directory domain, download the script. You can get the script from here. If your directory server is not connected to the Internet, download the file via a computer that is connected to the Internet, then copy the file to the directory server.
- On the directory server, double-click the OpenDirectoryACLUpdate.dmg file to mount the disk image volume.
- Open Terminal (/Applications/Utilities).
- Execute this command to run the script as the root user:
sudo /Volumes/OpenDirectoryACLUpdate/CreateDomainSID
- Enter the directory domain's administrator user name and password when prompted.