Different home folders for mac/pc users

[rmniemela]

Our envirornment:

6500+ students, some of which are PC users, some of which are Mac users, some of which are both. Active Directory 2003, roaming profiles for all students using PCs; Windows home folders stored on a Windows 2000 cluster. One Macintosh XServe running 10.3.8 Server, OD master currently holding 450 + mac accounts (created by hand every semester), one Macintosh XServe stand-alone server housing Mac home folders.

We want to integrate with AD and I’ve been able to set up a “triangle” model as per the info on this site (with all users in AD, and group/computer control i.e. mcx on the OD master).

So far, everything works great!

Minor problem: the AD plug-in assigns the home folder to one location, no matter whether the user logs in from a PC or from a MAC.

We would like to have users logging into a PC directed to a Windows home folder on the Windows 2000 cluster, and when the same user logs into a Mac client, their home folder would be on the Mac Server. So that means two fields.

Is there any way of modifying the AD plug-in (via its plist for example?) so we can force the mac users to use another field for their home folder definitions?

It would also be good if we could do redirect the soft and hard quotas fields as well. I don’t need a full Apple schema change, just adjustments for these two remaining issues.

We are in test mode with a test AD domain, so I can do things like modify the schema (need some directions), add Services for Unix, or other creative things.

Any suggestions would be great!

BTW, while ADMac is a great product, we’re an educational education and the powers-that-be have indicated we have no money to purchase the product for the number of computers that we have. So, unfortunately, I’m relegated to manually fumbling my way through.

[sketch]

This is definitely more of a question for AD gurus, but I think you can make a different home folder attribute for your PC users and get all of your PCs to use that.
For your Macs you have to stick with ADs default home folder attribute.

I only know that you can use different attributes with PCs because I helped troubleshoot another school’s setup and saw them using almost everything BUT the default for their homes, which was why the Macs weren’t working for them.

[rmniemela]

If your accounts are in Active Directory, there is only one attribute (“field”) in the schema that is used to tell AD where the AD home folder is (actually it’s called a profile folder in AD).
Because the Mac AD plug-in uses that same attribute, that means that a user gets the same home folder location for both their AD and Mac home folders.

Our problem is we have users who log into both environments. We have to somehow find a way to direct their Windows profile folder to our Windows cluster server (an “smb” share) when they are logging into a PC; and if the same user logs into a Mac, we have to direct their Mac home folder to our Mac file server (an “afp” share). Otherwise, we’ll have to create separate accounts for each environment.

BTW, I’m the IT person responsible for AD in our environment. Because we are moving to AD 2003 (which allows us to reverse schema changes), I’m more than willing to experiment with adding the Apple-specific schema changes that are suggested on Gordon Shukwit’s site. I’ve actually added those schema changes to our test AD environment, but the AD plugin (at least in 10.3.8) doesn’t automatically use the additional attributes (apparently, it’s supposed to detect them and use them instead of the AD native attributes). That would solve all of our problems, but it doesn’t seem to be working for me.

[rmniemela]

Good suggestion, except that when I alter the activedirectory.plist file, the system overwrites the file on a reboot. Even worse, it deletes the whole line that I’ve adjusted.

For example, I’ve tried to adjust the following lines in the users section:

2.5.4.17
dsAttrTypeStandard:SMBHomeDirectory

where 2.5.4.17 is the AD field for postal_code.

This field is unused in our environment.

When I reboot the client, both lines have disappeared, even if I change the protection so that system has read only access.

[Anonymous]

[QUOTE BY= rmniemela]For example, I’ve tried to adjust the following lines in the users section:

2.5.4.17
dsAttrTypeStandard:SMBHomeDirectory

[/QUOTE]

I have found that you can modify what the AD Plug-in reads for some attributes, but you need to modify a different section of the plist. The section you were modifying is the “AD Attribute Mapping Table”. Instead, you want to modify the “LDAP AttribMapping” section. For example, you could have it read the PO box attribute from AD to be the homedirectory quota by adding the following to the Users sub-section:

postOfficeBox
dsAttrTypeStandard:HomeDirectoryQuota

I will note that I believe I was only able to add attributes that were not already used in the file. I was not successful in getting it to look at a different location for the home directory attribute. However, that might be because it is hard-coded into the plug-in binary where other attributes do not appear to be. You can see this with:

strings /System/Library/Frameworks/DirectoryService.framework/Versions/A/Resources/Plugins/Active\ Directory.dsplug/Contents/MacOS/Active\ Directory | grep home

I didn’t spend too much time trying to find a way around that, though.

[Author]

Posts