Setting up Network Home Folders on Mac OS X Server 10.2

—by Joel Rennich, mactroll@afp548.com

12 November 2002

Under Mac OS X Server 10.1 it was a little touch and go to set up network home folders for users. If you followed the directions exactly and kept your fingers crossed you were able to do this, but it wasn’t for the casual administrator. However, having just set this up on Mac OS X Server 10.2, I can tell you that things have gotten much better.

A few things can still be a little weird, but those you can easily overcome.

  1. Make sure that you have DNS records, both forward and reverse for your server. It is not as important to have these for your clients, but your server really wants them. This holds true for a number of services on Mac OS X Server, but it is very important for network home folders since NetInfo uses the server’s fully qualified domain name to automount the home folder.
  2. Next you will want to make sure that you have a two level NetInfo hierarchy on your server. This is done with the Open Directory assistant that ran when you first installed Mac OS X 10.2. If you selected that you wanted to share your users and groups with other machines you are good to go. If not, you need to run the Open Directory Assistant and select that option and reboot. If you are not sure, drop down to the command line and run “nidomain -l” If you get an error saying that nibindd is not running then you do not have a two-level hierarchy and you will need to re-run the Assistant.
  3. Open up Server Settings and make sure that guest accesses is globally enabled in the AppleShare server settings. Don’t think about this, just know that you need it on to allow users to automount their home folders. In the next step you’ll also want to make sure that guest access is specifically enabled for your home folder sharepoint. Guest access is only necessary for AFP since that is the protocol we will be using for the automounting.
  4. Open up Workgroup Manger. Resist the temptation to create users right away. Instead, click on the Sharing icon in the toolbar. This will give you a list of sharepoints already setup on the machine. Your “Users” folder should be one of them. If it isn’t you’ll need to redefine the Users folder, or wherever your home folders are stored, as a share point. Select this folder. Click on the automount tab. Now click on the lock next to the NetInfo domain and authenticate yourself. If you haven’t made any changes this will be the first username and password that you set up on the machine. Make sure to select the domain with “network” in it. This is your shared domain, the other domain, which should have the name of your machine in, it is your local domain that is not shared with other machines. Now the automount checkbox should be editable, so click on in. You have two major questions to ask yourself about automounting here. First off is whether to use AFP (AppleShare) or NFS (Network File System). In 10.1 you sometimes had better luck with NFS home directories since NFS easily allows you to mount the remote filesystem in the middle of the local file system. For example, you could specify the remote User sharepoint to mount at /Users on the local system. This had the potential of alleviating some of the squirreliness of home folders in Mac OS X 10.1. Now, however, you shouldn’t have much of a reason to go out of your way to do this. Your second question is whether to mount the directory dynamically or statically. The difference here is that a static mount is all ready to go but never mounted until the user actually navigates into the remote filesystem or uses an application that needs something on that file system. While this isn’t really relevant to home folders, since you need to have them mounted the entire time a user is logged in, it puts the home folder where the system expects it to be when you set up network home folders. In other words, unless you really know what you are doing leave the home folders mounting dynamically. Static mounts are best used for creating network fonts and applications folders. In these cases you would specify the folder to be mounted in /Network/Fonts or /Network/Applications. Every user will be logged on when they login, but these resources will now be in the correct place for the system to automatically make use of them.
  5. Now you can create a new user. Click on the accounts button in the toolbar, make sure that the bottom left pull-down menu of the Workgroup Manager screen has the network NetInfo domain selected and add a new user. Specify a name and password. Click the save button at the bottom left. Now click on the home tab at the top. Select Network and you should see the Users sharepoint in a list at the bottom. If not, Workgroup Manager just hasn’t refreshed itself; select none and save. Then go back to the Sharing icon in the toolbar and double check to make sure that it is set for automounting. Now go back to the user. If it still doesn’t show up, quit out of Workgroup Manager and then log back in. You don’t need to reboot, and once you have the automounts set up you won’t have this problem again. Once that is working select Network for the users home folder and select your Users sharepoint from the server.
  6. Now that you have a network home folder you are free to click on the preferences icon in the toolbar and manager this user’s preferences. The only options to keep in mind here are the never, once, and always radio boxes at the top of the screens. If it is set to never, you can’t change anything because the user isn’t being managed. Once will manage the user the first time they log in, but never after that. Always enforces these options all of the time. Each set of managed items can be different from the others.
  7. You’re done with the configuration on the server, so move on to the client machines. They will need to be running 10.2 for the permissions management, but earlier versions of Mac OS X should be able to get network home folders—although you might have to futz with them a bit to get things rolling. On Mac OS X 10.2 machines, you will open up Directory Access and authenticate yourself. Then double-click on the NetInfo item. You can now specify the IP address of the server. If you have just a basic setup use “network” for the domain name.
  8. Log out of the client. You should now be able to log back in as that user without having to restart the machine. If your username and password work, but you get an error message saying that your home folder is unavailable you need to check your DNS and make sure everything is working like it should be.
  9. If things still aren’t working the way you think they should be, reboot both the server and the client machine and then try again.