Active Directory Home Folder problems with 10.4 and higher

[dcrew]

I’m trying to allow our Mac users to have home folders. However when I enable a home folder in Active Directory it stalls the login process under 10.4-10.4.3. If I boot into single user mode and login I get fed back an error about the home folder

no home directory /Network/Servers/server.domain.com/User

The System Log file reports the following

Can’t mount server.domain.com:/User on /private/Network/Servers/server.domain.com/User: Invalid argument (22)
Build-Mac kernel[0]: nfs server automount -fstab [123]: not responding

Where server.domain.com are my server and domain info and User is the Home Folder directory.

If I disable the home folder in Active Directory or turn off the option Use UNC path from Active Directory to Derive Network Home Location the user can then log in but they no longer have their home folder mount at login.

Any thoughts?

[superrcat]

If you are trying to utilize network home directories, the share point has to allow guest access in order for automount to access it prior to the user’s login. You could alternatively use local home directories with the user’s network home mounted upon login by selecting both “Force local home directory on startup disk” and “Use UNC path from Active Directory to derive network home location”. This alternative method does not attempt to mount the share point until after the user is authenticated. It also mounts the share point with the user’s credentials.

[clifmont]

Hey,

I concure with the other comment, However in 10.4, you might want to issue a command on the client so they are forced to see the network home directoy.

from the terminal, issue the following:

dsconfigad -localhome diable
dsconfigad -protocol afp

then log out and then login as the network users.

Also, is the home share on a Xserve RAID or a Windows Box? Just curious

Email me if you have any questions, or chat me at clifton3000 AOL, email [email protected]

We can work it out.

Later.

[dcrew]

Thanks for the replies – However I’m still having issues. The main reason I want the local managed accounts has less to do with allow network syncing of home directories and more to do with having the users information cached in NetInfo, as it was with 10.3. This allows for non-network login. Something our laptop users need. Unfortunately there doesn’t seem to be a way to do this unless you create a mobile account. Unless the call that used to be available through the UI is now only available through dsconfig to cache last user login.

I did find that the guest user access worked on a previous image. However after getting that to work I restarted the build process and now found that it no longer resolves the issue. I’m looking into what may be causing this. I’m curious why the automount would try to call for a folder prior to authenticating the user especially when it has to authenticate the user to even initiate the login process.

The share points are on a Win2003 cluster being shared via smb.

[dcrew]

I should note the Guest User Access does resolve the issue… though it’s not ideal. And grants me the cached profile I want/need for our Mac users. I found that I had to turn off Authenticate in any domain for this to work and specify specifically our domain.

I’m curious about one aspect left to explore a bit. to have the cached profile you need to enable the Network Sync feature, that syncs the users home dir with network home. Is there a way to hide this feature from the user? I understand I could just turn it off but then it again disables the caching of the profile to allow for local management and off network logins.

[superrcat]

By selecting ‘Create mobile account at login’, ‘Force local home directory on startup disk’, and ‘Use UNC path from Active Directory to derive network home location’ you will provide network users with cached credentials for offline client access, a home directory stored locally on the client and their network file space mounted at login (when connected to the network).

With these options configured, you should be able to accomplish your goal, if I understand it correctly, and wouldn’t need to worry about HomeSync.

[andyinindy]

[QUOTE][u]Quote by: superrcat[/u]
By selecting ‘Create mobile account at login’, ‘Force local home directory on startup disk’, and ‘Use UNC path from Active Directory to derive network home location’ you will provide network users with cached credentials for offline client access, a home directory stored locally on the client and their network file space mounted at login (when connected to the network).[/QUOTE]

In my setup, when I follow this arrangement and choose “Use UNC Path…”, my home directory is placed on the network, and the credentials are not cached in Netinfo. Un-checking it causes the credentials to be cached, but they do not get their network drive mounted.

I am using AD for auth and a Windows server running ExtremeZ-IP for users’ network drives.

FYI… Still trying to get cached credentials working for our laptop users, who we currently set up with local accounts.

[Author]

Posts