I’m feeling not too bright, but I’ve read every automount article/post on the site and the Bartosh book and I’m still not understanding how AFP automounts are intended to work. Right now I’m just testing on a test installation, but my eventual intent is a small office server.

My goal is simple, I’d like all my Open Directory users to mount “dynamic” /Users/ and a /Projects/ shares at /Network/Servers/servername/Users and /Network/Servers/servername/Projects. I’d like to have Guest access off for these shares (especially for the “Projects” share).

The problems with each mountpoint are different, but seem to be related. The Users share can be mounted automatically by network users with appropriate permissions (even if AFP guest access is off). I assume this is a side effect of how the network home is mounted at login, because it doesn’t seem to translate to any other cases. However managed mobile accounts on laptops can only mount the Users directory if Guest access is on, and the mount is always made with Guest permissions.

The Projects share has similar problems with the additional problem that since the user’s home directory isn’t on the Projects share it is always mounted as Guest regardless of network or mobile user. Disabling Guest just leaves the automounter complaining several times a minute in the logs.

I’ve tried removing the “;AUTH=…” sections from the automount record URLs as suggested here and in the Panther Server book, but that just changes the error codes from automount. It does not appear to force Kerberos authenticated connections.

I’ve read the steps in the (helpful, thanks!) Troubleshooting automount article. I’ve verified all of the following:
– The AFP URLs work correctly, DNS is fine.
– Kerberos is working, clients have the ticket and can mount the shares in the Finder without a password.
– Clients see the proper automount records in lookupd

Killing automount and running it from the user session results in the automounts working exactly as I would want. Running automount in debug mode from a separate SSH session and then logging into the console doesn’t produce more helpful errors, the error codes are the same. All I can tell is that the MountURL call in automount is failing and sadly, that call is not a part of Darwin so I can’t trace it.

Do I have a fundamental misunderstanding of what AFP automounts are intended for? It seems like at minimum the Users automount for mobile users should work, otherwise how would Apple’s home directory sync work?

Any pointers appreciated, thanks,

Alex