AD logins, do they need a Mac Home Folder?

[dom9inic]

HI all,

I will be setting up the magic triangle for a few Mac labs running all OS 10.4 client and server.

Now, presuming I can get the bloomin Win AD home folder to show up, do I need a “Mac” Home Folder (networked or local) to make AD users prefs stick on the Macs. You know, bookmarks, app window prefs etc?

Or, if I specify no local home folder in the AD plugin and my Win AD Home Folder does actually mount, will all of those things get saved there?

Any help would be greatly appreciated.

Cheers

[dom9inic]

Does my question not make sense?

I understand that the default behaviour of the AD plugin is to mount the Win home folder specified on the AD server, but this doesn’t happen for me.

All that happens is even if I don’t have force local home, a home folder is created under the logged in user but that user does not have permissions to it.

I am prepared to go through all the troubleshooting with the Win admins if the Win AD Home folder provides much the same functionality as Mac home folders.
Anyone?

[dom9inic]

Hi there,

a little clarification. All users are AD users, pulled as Groups nested into OS 10.4 Server OD Groups with MCX applied at the Computer List and Group Level.

The AD user names, when viewed through WGM and lookupd show the format firstname.lastname with no spaces. Although my account, which is the one I’m using to test (so I will check another account) has an apostrophe in it. I need to learn my UNIX shortname naming do’s and dont’s.

Having scoured through the Apple docs again, I’ve answered my own question on whether the Win AD home dir will replace a Mac home dir. The answer is no.

[dom9inic]

Hi again,

just attended an Apple London HQ Edu event and that was made clear to me, but thank you. They also confirmed that my setup is correct, so it’s off to the Win admins I go.

Cheers

[Anonymous]

We do currently have a networked Home Folder setup where I work, the path to the home folder specified in the AD Users and Computers under the Profile tab does indeed become the Mac Home folder.
SMB home folder mounting (As defined in the AD Plugin on the local mac) does not always work, and if the home folders are being shared on a windows server through the Microsoft AFP stack that may also not work, the home folder works best if shared from a Mac server through AFP.

make sure you are running 10.4.3 on client and server as the AFP stack is much improved on both and makes home directory setup much smoother and faster.

AD preferences will not work, they have no effect on mac clients, if you want to manage bookmarks and prefs etc, you need to use Workgroup manager on OSX Server. The only thing the clients pull from AD is the permissions and the home directory path.

[Anonymous]

Oh, and as Josh stated any weird characters in usernames under AD will cause no end of problems, believe me.

The local home folders problem can be solved by using the chown command in the terminal, the exact syntax is:

sudo chown -R username directoryname/

replace username and directoryname as appropriate, and make sure you do not put a space between the directory name and the forward slash or you will change the owner of every file on your hard drive. That would be bad.

[dom9inic]

Hi Chris,

thanks for that, trouble is, that would require a login hook, however, I will forge ahead with getting the Win HomeDirs to mount, that ought to sort things out.

I will also have my username changed to ommit the apostrophe.

[Anonymous]

Login Hook? For what purpose?

[dom9inic]

The setup is students logging into to any machine in a lab, so catering for permission issues would require a login script to auto chmod the HomeDir.

[chrisjasper]

Apologies for the name change, hadnt got around to registering before now.

If you are using Network Home directories then you dont need to synch anything, the networked folder is mounted in the local machines directory structure and functions exactly as a local home folder (with allowances for speed of network of course)

As long as the AD plugin is set to use the network home specified in AD, and you dont use force local home you dont need to chown anything on the local machines, they work exactly the same as roaming profiles under windows.

It does actually work very well, do not attempt to use the mobile users feature though, it is really only any good for synching documents, library files and prefs just dont work.

[chrisjasper]

SMB homes are definitely flaky………….

EZIP is very good, if you dont have a mac server, although moneywise a Mac server with an XRaid is cheaper per gigabyte than a windows server with EZIP.
Budegtary considerations are always a good way to get a couple of decent mac servers in, finance departments like cheaper.

[dom9inic]

Hi there,

Well, I will be attempting to have the Win AD specified home (as you said, a home dir mapped to a drive letter that follows win clients around) mount at login. Presumably this is the SMB home you are referring to?

When you say flaky, what issues are you talking about?

I don’t believe it is behind an MS cluster, but must ask more questions.

Cheers

[chrisjasper]

Flaky as in sometimes it just does not work over SMB, you will be unable to login as the system cannot mount your home directory. This does seem to be dependant on setup of your Windows server, win2k seems less prone to not working than win2k3 for some reason, at least that swhat I have seen here.
It does work a lot better under 10.4.3, But OsX networking is still a little touchy and doesnt always work as advertised.

And if you are going to use Entourage and Exchange server, make sure you apply all the patches to the Exchange, as Entourage simply does not like network home folders….

[dom9inic]

Hi Macshome,

when you say,

[QUOTE]When using the mount on desktop setting of the AD plugin, it’s best to click the folder that it places in the Dock to jump right to the user folder.[/QUOTE]

Not sure where in the AD Plugin you are looking. Do you mean Use UNC path to derive network home blah blah?

Perhaps of note, is that when I manually mount the WinHome Share over SMB, you can only mount the root path, not the individual home of a user. YOu therefore, as you say, get everybodies home folder at a really sluggish pace. Permissions are retained, but you can see all the root level home folders.

[dom9inic]

As a small update, way upthread we spoke about permissions on a localhome folder being incorrect due to naming convention. This was true, my account with the damned apostrophe was the problem, ah well, guess I’ll have to have that changed and email aliased to the new account, joy.

[Author]

Posts