broken automount?

[uurf]

Thanks for a very useful article (“Troubleshooting Automount”).

However, automount still resists my attempts to get it working, and I suspect something is broken.

This all started because users were complaining that Fonts in their network home directories were not accessible. After some trouble shooting, I discovered that user’s fonts were only accessible fpr the first login after a reboot; subsequent users logging in will not be to use the Fonts in their user space. (They will be able to see ~/Library/Fonts, and rw there, but Fontbook won’t recognize them and neither will anything else.)

At that point I decided perhaps an Automount /Library/Fonts directory could achieve the same results. I created the automount as described here. It is visible upon the first reboot and login, but subsequent logins show only a broken alias in /Network/, even though all of the troubleshooting steps above check out fine. (except the automount terminal method – it returns “-mnt: no such file or directory”)

The interesting thing that upon subsequent reboots, it also shows the broken alias, unless I delete /private/automount/Network/Library by hand. Then /Network/Library works (but only for the first login session).

This is really driving me nuts. Any thoughts?

Both client and server are running 10.3.6, and are connected via a gigabit switch.

[uurf]

So two issues here.

Got Shared Applications and Shared Library to work, finally. The key seems to be having Guest access enabled in the AFP settings.

What are the security implications of that, beyond open access to users’ Public directories? It seems that only bound machines would be able to access /Network/Applications and /Network/Library, but I’m not sure, and don’t really want to share a bunch of fonts and apps with our whole network.

Accessing Fonts in individual users’ network home directories (~/Library/Fonts) appears to still not work. Well, that is, it works for the first login after reboot, but not for any subsequent logins. Has anyone else experienced this and could perhaps suggest a workaround?

[uurf]

So here’s the immediate implications:

All users (including local users) of all machines bound to our Directory Service have /Network/Library and /Network/Applications. (not optimal)

All users of any machine in our domain can connect as AFP User: Guest and access volumes “Applications” and “Library”, and therefore any of our fonts or apps that might live there. This is a BIG Problem, since both Fonts and Applications require licenses.

If I turn of Access Everyone:Read in the Workgroup Manager Sharepoints:General, the /Network/Library and /Network/Applications/ mounts don’t work (back to white doc icon with alias badge for which “Original cannot be found”).

SURELY there is a way to share these resources to a constrained group of users. Does anyone have a suggestions/workarounds to achieve this?

Thanks – Chris

[uurf]

MT,

Our server has both Open directory and Kerberos working (however, only some of the clients are ever challenged for Kerberos authentication). Would love any tips you might have.

Thanks,

Chris

[uurf]

there’s two places that url==afp: is listed – VFSOpts, and dsAttrTypeNative:mountOption. In which entry should the edits occur (or both?

so just remove NO%20USER%20AUTHENT

from

url==afp://;AUTH=NO%20USER%20AUTHENT@machineName/Library

or replace it with KERBEROS or similar?

[uurf]

[QUOTE]yes just remove and see what happens.[/QUOTE]

there’s two places that url==afp: is listed – VFSOpts, and dsAttrTypeNative:mountOption.

In which entry should the edits occur (or both)?

[uurf]

so having tried changing:
url==afp://;AUTH=NO%20USER%20AUTHENT@machineName/Library

and trying:
url==afp://;@machineName/Library
and
url==afp://machineName/Library

…but neither worked (/Network/Library turned back into alias with missing target). ANy thoughts?

[Author]

Posts