Contribute  :  Advanced Search  :  Directory  :  Forum  :  FAQ's  :  My Downloads  :  Links  :  Polls  
AFP548 Changing the world one server at a time.

advanced search 

Sections

Home
AFP548 Site News (104/2)
Articles (266/27)
Apple (45/2)
Extended KB (3/1)
Ask AFP548 (16/37)
Reviews (5/1)
Security (16/2)
Tips (130/8)
Third Party Applications (51/5)
Odds and Ends (27/1)
Podcasts (2/0)

User Functions

:

:

Don't have an account yet? Sign up as a New User
Lost your password?

Poll

Do you have an offsite disaster recovery site?
Yes, a full backup data center!
Yes, a remote server!
Yes, um, I take the tapes home.
No! My company won't pay for it!
No! DR is for saps!
Results
336 votes | 1 comments
Welcome to AFP548
Monday, February 08 2010 @ 05:04 pm CST
   

Leopard's Built-in Network Home Folder Redirector

Friday, November 30 2007 @ 06:41 pm CST
Contributed by: macshome
Views: 24,367
ArticlesNetwork based homes are cool, and we have written about them in the past. They can have scaleability issues though when you are trying to have even a seemingly small amount of users perform an activity that causes a lot of file IO. Typically these are cache operations that take place in ~/Library/Caches, and often this is dealt with by redirecting those ephemeral files and directories to the local drive. This works well as they are just caches and they are recreated as needed.

In the distant past this has required custom login scripts, more recently sysadmins have been able to employ Network Home Redirector to set things up.

But with Leopard here the future is now and everything just got a lot easier. Not only does 10.5 have a built in network folder redirector, but it even has a nice GUI to set it up with.

Read on for more...

The first thing you need to know is that this is a feature of 10.5 and your client must be 10.5 for it to work. You shouldn't need a 10.5 server as it's all MCX, but I've not had the opportunity to test that yet.

The second thing to know is that this cool tool is typical of many Apple things. It's not documented, it's simple, and it's hidden in plain sight.

Your first task is to fire up Workgroup Manager and go to the preferences manager. Click on the Details tab, now click the plus button. Navigate to /System/Library/CoreServices and add in the ManagedClient.app bundle. Holy smokes! Look at all the preference manifests that just got imported! There are many cool things in here, and all of them are documented in the User Management Admin Guide. All of them but one, the Folder Redirection manifest for com.apple.MCXRedirector.

With the accounts, group, or computer group you want to manage selected open the Folder Redirection manifest. Open the Always key and then click the New Key button.

Your choices for the root of this key are the three different types of redirection you can perform: Login, Logout, or Other. Now the first two are easy to understand, but Other is a bit trickier. Other Redirections will take place whenever there is a policy refresh. This means network transitions, reboots, login and logout.

For a simple example select Login Redirections. Select and open the Login Redirections key and then click New Key again. Now you have your first redirect action to work with.

There are four different redirect actions to choose from:

  • deleteAndCreateSymLink: This action deletes the folder in the home and redirects to a local symlink
  • renameAndCreateSymLink: This action renames the folder in the home and redirects to a local symlink
  • deletePath: This action just whacks a folder in the home
  • deleteSymLinkAndRestore: This action removes the symlink and then restores a folder that was renamed by the renameAndCreateSymLink action.

The default action will be the deleteAndCreateSymLink one. The default Folder Path key will point to "~/Library/Caches", and this is probably the most common folder to redirect. The default Destination Folder Path key is "/tmp/%@/Library/Caches" and it requires a bit of explanation.

In the Folder Redirection manifest you simply use "%@" to fill in the current user's name. If we look at the default action we can see that on login the ~/Library/Caches folder in the user's netowrk home will be deleted and a symlink will be created in its place that points to /tmp/<user>/Library/Caches.

Pretty cool eh?

So what if you don't want to delete the caches? What if the user sometimes needs them in there? This is when you would use the renameAndCreateSymLink as a login action and the deleteSymLinkAndRestore as a logout one. So for use on any particular computer the local redirect behavior could be enforced, while preserving the contents of the redirected network folders. With the logout action the preserved folders are even restored to their original state when the user logs out. How much scripting time did that just save you?

While the MCXRedirector may not be a glamorous feature of Leopard it is very cool and is one that will save sysadmins lots of work and heartache.

As always, have fun and read the man pages!
 

What's Related

Story Options

Advertising

Leopard's Built-in Network Home Folder Redirector | 24 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
Leopard's Built-in Network Home Folder Redirector
Authored by: Anonymous on Friday, November 30 2007 @ 11:22 pm CST
which man pages?
Leopard's Built-in Network Home Folder Redirector
Authored by: agerson on Saturday, December 01 2007 @ 03:12 pm CST
Awesome!
Leopard's Built-in Network Home Folder Redirector
Authored by: Tomnibus on Monday, December 03 2007 @ 07:54 pm CST
We had a Mac Mini in our Active Directory (Windows) environment. It would login to the system and use the user's network home directory as home. Microsoft Entourage, as you know, puts it's data into the user's "Documents" directory. So, this user's e-mail was continually being pulled from the network. When her mailbox got to be over 500MB, entourage was completely unusable. she switched to entourage webmail from then on until her mailbox was 900MB large. Entourage would take 30 minutes to start up before it was able to be used to create a calendar event or e-mail.

Needless to say, I redirected her back to her local drive for her home directory.
Leopard's Built-in Network Home Folder Redirector
Authored by: Anonymous on Tuesday, December 04 2007 @ 11:26 am CST
This is a very cool feature ..... Iain, Andrina, Dave were showing this at the Bird's of a Feather group in Toronto..... earlier in the month. We have a small lab of 15 xserves we are running Leopard on before we push to pre production .... keep up the good work all.
Not just folder redirection...
Authored by: brett_x on Thursday, December 06 2007 @ 07:38 am CST
I had it on my list of things to do from WWDC, but I hadn't explored the manifests yet. I just found a few things on my wish list:
1) iTunes 7: I can now restrict "music sharing" and the radio.
2) Mobile account & other options: change the "Mobile Home location"
3) Screen saver (as required by PCI): mandate that it starts after 15 minutes and requires a password.

Now if I could just disable "create network"....

Just a note: if you're playing with these to see what options are available, note that the built-in options are sometimes different for "once" "often" and "always".
Leopard's Built-in Network Home Folder Redirector
Authored by: andras on Monday, March 10 2008 @ 09:20 pm CDT
I work in a school district where we are hoping to have individual logins for students by next school year. Right now we are on a 10/100 network and I am not sure gigabit will be here by then. Would this be a solution for decreased network bandwidth, and how reliable will using logoff data transfers be?
Leopard's Built-in Network Home Folder Redirector
Authored by: Anonymous on Thursday, September 11 2008 @ 01:33 pm CDT
Is there a back-out plan? I implemented the redirects (the delete and create sim-link at login option) and then was forced to turn it off. My users soon started encountering seemingly random cache issues with Office, Firefox, and a handful of other apps. If I restore the redirect in WGM it works again but now my management is rather wary of using this for the time being. I am trying to figure out a way to grab the sym-link that was created and kill it (as that seems to be the culprit).

any clues would be welcome.
Leopard's Built-in Network Home Folder Redirector
Authored by: Anonymous on Monday, October 13 2008 @ 07:59 am CDT
This works great for my OD users but I have a ton of AD users that I have created Augmented home directories for and this does not seem to work for them. Any thoughts or advice would be greatly appreciated it.
Leopard's Built-in Network Home Folder Redirector
Authored by: q3media on Thursday, November 06 2008 @ 01:39 am CST
Generally this is a really cool feature which helps speed up accounts with network home directories a lot. But there is a downside to it:

From my experience there are applications, such as for example Microsoft Office 2004, that cannot cope with this.

Word 2004 seems to behave strangely when trying to save documents.
It may even overwrite the wrong document...

So be careful.
Leopard's Built-in Network Home Folder Redirector
Authored by: Anonymous on Friday, September 18 2009 @ 12:18 pm CDT
Is it possible to redirect ~/Desktop to another network mounted share at time of login? Just curious...
 Copyright © 2010 AFP548
 All trademarks and copyrights on this page are owned by their respective owners.		 Powered By Geeklog 
Created this page in 1.44 seconds