Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1110
  • Last Modified:

OSX OpenDirectory Map Home Folders to SMB Share

We have an OSX OpenDirectory server bound to a Windows Active Directory.  AD provides the logins, OD is supposed to supply the rest.

On the OSX server:
DNS is functioning perfectly with AD as the dns servers.
RDNS also checks out for the domain, servers, etc.
Logins work

The OSX server and clients can talk to the Windows SMB share using their AD credentials and can write new files to the share via Finder

However, when I go to "Create Home" in the workgroup manager I get the following error:
Unable to create home directory

Open in new window


Looking at the syslog I get a kNetworkError.

I tried enabling NFS on the windows server and using either mixed or anonymous authentication methods.  Both times I get "No principal configured for this user" errors in the syslog and the same "Unable to create home directory" error in the workgroup manager after a timeout.

Any suggestions on how to setup home directories using either smb:/ or nfs:/ would be greatly appreciated.  We require this functionality due to storage server and software limitations/restrictions.  Thank you!

Regards,
Robert
0
Robert Davis
Asked:
Robert Davis
  • 12
  • 6
1 Solution
 
GovvyCommented:
0
 
Robert DavisAuthor Commented:
Govvy,
Yes, this setting is selected/set by default when binding to AD.  The users get a shortcut in the dock to the UNC share but their actual home folders/paths are not being mapped to the network share...they are begin stored locally under /Users on the machine and are not synced to the network share defined in AD, despite the settings defined in the article you linked to being set correctly (Use UNC...smb).

I cannot find any information on how to extend the Active Directory schema to include OD properties, this is the only option mentioned in the article that I was unable to double check.

Thanks,
Robert
0
 
gmbaxterCommented:
Check your AD plugin settings under directory utility, services, active directory. Ensure protocol is set to smb, remove force local home, but enable create mobile account on login. Enable derive home folder from AD.

Ensure the user in AD has a home folder path set in their profile tab, you dont need OD to set the home with AD user accounts, but you could create an OD group and nest your AD mac user group into it to apply managed preferences.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Robert DavisAuthor Commented:
>Check your AD plugin settings under directory utility, services, active directory. Ensure protocol is set to smb,
cyberdog478:"despite the settings defined in the article you linked to being set correctly (Use UNC...smb)."

> remove force local home, Enable derive home folder from AD.
Also set.  These are default when you bind to an AD.

> but enable create mobile account on login.
Not currently set but wont this enable account mobility?  This is a pita of a system if this is apple mobility.

Thanks!
0
 
gmbaxterCommented:
Yes that will enable account mobility. Do you want mobile accounts where users sync like offline files, or true network homes where if the network/server malfunctions the clients crash?
0
 
Robert DavisAuthor Commented:
#2 please, I do not want Apple Mobility.  The horrors it brings in it not worth it just to cover the off chance the server or network malfunctions (never happens to us statistically, and if it did we would have other concerns to deal with in the redundancy department).  Any suggestions would be greatly appreciated to make this happen.

Regards,
Robert
0
 
gmbaxterCommented:
Ok, for true network homes, you need:

Create mobile account at login - no
Force local home directory on startup disk - no
Use UNC path from Active Directory to derive network home location - yes
Network protocol to be used - smb in your case i think

Ensure that the user has a valid home folder path set in their profile tab in AD.

Remove the locally created users from the /Users folder

comment out /Network/Servers from the /etc/automaster file

ensure that the directory service search order is set for AD to be above OD.

That should sort you out.
0
 
Robert DavisAuthor Commented:
>Remove the locally created users from the /Users folder
>comment out /Network/Servers from the /etc/automaster file


I'll try these on Monday, thank you.  The rest have already been set as described in the original post.  Should I be making the comment to the automaster file on all the clients?

Regards,
Robert
0
 
Robert DavisAuthor Commented:
Actually I did already remove the /Users folder since DeepFreeze wipes these upon user logout...  So that leaves the automaster file.
0
 
gmbaxterCommented:
Yes i'd make the change to the automaster file it should be:

 
#
# Automounter master map
#
+auto_master		# Use directory service
/net			-hosts		-nobrowse,hidefromfinder,nosuid
/home			auto_home	-nobrowse,hidefromfinder
#/Network/Servers	-fstab
/-			-static

Open in new window


Note the /Network/Servers entry commented out. Without this, you'll get "You are unable to login at this time" on the clients.
0
 
Robert DavisAuthor Commented:
Okay, I tried your suggestion, although before commenting this out we had no "You are unable to login at this time" errors ever.

For other's reference I deployed this bash script:
cd /etc
mv auto_master auto_master.bak
sed '/Network/s%^%#%g' auto_master.bak > auto_master

Open in new window


Result is identical to your output above.  Rebooting workstations at lunch.  By the way, this still doesn't allow OD to create the home on the server, but we'll see if this gets around that at the client level...
0
 
Robert DavisAuthor Commented:
No dice.  Still the same behavior, no network folder was created.

Regards,
Robert
0
 
gmbaxterCommented:
The network home should be created when you add the user in active directory. No need to use workgroup manager's "create home now" - that is for pure os x deployments without AD.

When i import the users into AD i import their home as "\\changeme" I then mass select all users and set the home folder location in the profile tab to \\server\\share\%username% this creates the home with appropriate ACLs. can you try updating one users home folder path to see if the home is created.

0
 
Robert DavisAuthor Commented:
They are already setup that exact way with proper NTFS permissions.  I even took out the $ in the share name to make the OSX friendly.
0
 
Robert DavisAuthor Commented:
As you can see, everything except for the /Network suggestion has been tried or is already in place by default...which is why this is so puzzling :-P.
0
 
gmbaxterCommented:
What permissions are on the home folder shares?
0
 
Robert DavisAuthor Commented:
Everyone read/write for testing, everyone for smb perm, and everyone again for nfs.
0
 
Robert DavisAuthor Commented:
Ended up getting a $5,000 Apple support contract.  They were able to solve it in minutes.

The trick was to create the dirs via Active Directory, and then in OD it should pull in the AD's home path information correctly.  Then on the workstation in Directory Utility under the AD settings you need to uncheck the "store home path locally" setting.  You do not need to click the "Create Home" in OD.
0
 
Robert DavisAuthor Commented:
Apple Support gave the solution.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 12
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now