[ivaldiz]

I just tested importing AD group, i created a fresh new one and put two test users as members of that group.. and I’m having the same issue, it will import the group but not the users within that group, so its definitely something up with lion server not with the AD setup.

Another thing, have you tested the HomeDirectoryQuota and HomeDirectorySoftQuota attributes?, i added them to the augment user but i couldn’t get them to work.. i put the value as 1000000000 bytes = 1GB and that didn’t work.. maybe am putting the wrong value format..

[ivaldiz]

Hi,

Im running the same thing, the idea is to setup PHD’s for AD users using cylinder of destiny.. i got this working but not sure if thats how it should work!.. i will share my experience and maybe it will help somebody out there.

I’m running 10.7.2 Server and Clients are mix of 10.6 and 10.7 as well.. I setup OD Master in the server and have it bound to AD which is not .local
everything seems to be fine.. imported users from AD using Server App; the user is “adtest” and then I opened Directory Utility, /LDAPv3/127.0.0.1/Augments
I see the users there.. now i added the following attributes:
– HomeDirectory as the following template:
afp://server.mydomain.com/Homesadtest

– NFSHomeDirectory as the following template:
/Network/Servers/server.mydomain.com/Volumes/Homes/adtest

-HomeDirectorySoftQuota; value is set to 10000000000 which is equals to 10GB (this feature didn’t work for me – i don’t know why)

now after i did all that on the server side, I created a Computer Group and added the client mac address as a member of that group so i can assign MCX settings.. i enabled Mobility settings as follows:
– Account Creation: Always : kept everything else the same
– Rules: Homesync: Always: kept everything else the same
– Rules: Options: Always: Sync in the background (Every 20 min’s)

Apply the settings and then click on Preferences button on the top menubar and then select Details, from there click on the + button and navigate to the path :
Server HD:System:Library:CoreServices:ManagedClient” and click add button and that should add other features.
scroll down to Mobile Account and Other Options, and you will notice a little mouse icon next to it, go ahead and double click it, the window will pop up and expand “always” item, then hit the new Key Button and add “Synchronization URL” and add this value template: “afp://server.mydomain.com/Homes/%@”

Now go to the Terminal and run this commands:
– sudo createhomedir -c -u adtest
“this will create the home folder for the user under /Users”
– sudo mv /Users/adtest /Volumes/Homes
“this will move the home folder from the Users folder to Homes share folder.

now that we have everything ready.. go to the client machine and login to the local admin account and bound the machine to AD and OD “doesn’t really matter in which order you bound first”
open the terminal and type in: id adtest
you should get a feedback that tells u that this user is part of ad and he is a member of some ad groups.
Log out of the admin account and u should see Others.. login with your AD account “adtest” and it should ask u to create a mobile account for this user.
Continue and then it will ask you for the username and password to access the share point, type in the adtest and its password and it will start synching just fine.

My senario is kinda different since u are not synching here but i thought i would share my experience, and maybe it will give u an idea.

Good luck!
M

[Author]

Posts