[sheridanp]

[QUOTE][u]Quote by: arekdreyer[/u][p]I don’t know about Photostory, but do you have the same problem if you host the home folder via SMB rather than AFP (you’ll need to change the AD Plug-in settings with Directory Utility).
[/p][/QUOTE]

Thanks for the reply arekdreyer, but the application photostory is a windows only application and thus only runs under windows xp not the Macintosh platform.

I hope I didn’t make that ambiguous in my previous post and thus causing readers to get their wires crossed.

[sheridanp]

dagothere thanks for the most excellent reply,

I was lucky enough to find the a utility called passenger (which is used a lot in Apple networks), its a for payment utility i.e. you can only import like 20 users at a time when its in unregistered mode BUT there is a feature that called Batch Permissions MOD which is basically a front end for a script that your creating here. You should really look at it (not that you need to), it allowed me to assign base permissions to a home dir and propagate them from that point onwards. Then I was able to assign permissions to specific directories in the user home dire i.e.

/studdata/year1//Documents
/studdata/year1//Desktop
/studdata/year1//public
/studdata/year1//public/dropbox
etc. etc.

As long as the base directory name () matched a user name in AD it assigned what ever POSIX permissions I wanted to. What was even better i was able to assign AD group permissions to the files as well in the following format

‘CURRIC\domain users’

the commas around the string are important, that way I was able to assign user and group permissions in any configuration I wanted. What really great its all done in a GUI interface that is easy to use and logs everything so you can go back and see what went wrong i.e. a user dir is spelt incorrectly or doesn’t exist in AD.

Oh when I mentioned before its a pay for utility, the batch mod part isn’t, you can use to build the script and then run it on a directory hierarchy of 10 users, 1000 users or even 10,000 users, its all scalable.

The only thing I had to do before hand was run chmod -RN * (when in the base dir where the users where stored) to make sure there weren’t any acl blocking access to any files or folders.

Again thank you for the reply and I hope my reply augments your excellent suggestion.

Regards

sheridanp

[sheridanp]

Great Stuff,

You learn something new everyday, thanks for the heads up honestpuck on ntpdate, will make changes accordingly

[sheridanp]

I have not tried this yet, but will tomorrow,

I am going to run a unix command called ntpdate -b during a system startup script. this will force the system initiate a time sync during startup.

Once the time is then synced directory services should be able to connect to directory authenticator (OD or AD), no worries.

If you want to look at specifying commands during system startup I would recommend looking at the lingon utility (www.versiontracker.com/dyn/moreinfo/macosx/28365) or lingon.sourceforge.net/ it will provide you with some baby steps resolving your problems.

But I am no Macintosh expert, so good luck with it. 😉

[sheridanp]

Thanks for the reply, macshome

With this (symlink), rsync and passenger batch file permission setter I feel there is is nothing I can’t do in regards to mac home directories, even if the permissions are are stuffed on the homedirs I was able to rebuild.. well lets say reassign them correctly (thanks passenger) and using rysnc I merged the old work that was unable to be restored into the new user home dirs where users where already creating new documents. This allowed them to be able to keep their new stuff they just created in their new home dirs plus their old stuff which was assigned permissions of the old OD setup (barring any files that had the same name of course).

I feel my confidence increasing the more time I spend with the os, and coming from a windows background, that’s saying something.

PS And those Guides, AD-OD sandbox, bombichs leverage AD guide and the leopard quickstart guide (found on afp548) where the crux of it all.

I know I have a long way to go…

And once again .. thanks

[sheridanp]

I know how you feel, its really a crash course ..

But its one of those things you have to go through … to become a better person, … i suggest searching for Ad-OD Sandbox guide here on AFP548 for a great guide on getting it all to work in a test environment and how the base tech all works. Once you have a understanding on how it all works have a look at the following posts, made recently by me, but I am still waiting for feed back from the experts here on the site if I have it all working aokay,

https://www.afp548.com/forum/viewtopic.php?showtopic=24917
https://www.afp548.com/forum/viewtopic.php?showtopic=24946

Again, I am no expert, and I have probably missed something fundamental and simple but my own network is slowly coming back online.

[sheridanp]

So guys…

Is the method I am using … at all approved, has anybody got it working any differently?

[sheridanp]

Just a quick couple of things, I am no expert… but

Make sure you don’t list the “user names” for the osx login window, but the traditional user name and password dialogue box used by windows and other operating environments, this can be changed in WGM, machine group login preference. Secondly, if you’re using SMB shares a fix that worked for a magic triangle environment that I work at is to disable automount on the workstation, since automout doesn’t work with SMB shares anyway.

To switch off automounting edit the hostconfig file located at /etc/hostconfig and set the AUTOMOUNT value to OFF and then restart.

But hey I am no expert, and for you post your problem online you must be already be pulling your hair out over it… I know I have. 😉

PS Make sure your dns resolution is good, especially if you have multiple dns servers on your network, make sure they are all working as intended.

[sheridanp]

After much pain and suffering,

I fluked it (after being inspired by mike bombich and his comment about specifying the full path for home dirs), I made a symbolic link on the Macintosh HD volume pointing to the second volume carrying the data. Something along the lines of

ln -s /Volumes/ODDATA/studdata studdata

When a user logins in the AD plugin reads the path from AD ie. \\odmaster\studdata\%username%, then goes to read the path \studdata\%username%, goes to check the files on the system, finds the studdata symbolic link on / follows, the redirect to /Volumes/ODDATA/studdata then uses that folder as the base directory….

Is that how its meant to work, am I doing it the write way, I have tried it several times on my prototype lab, and I have even started rolling out users in the production environment, I’ve done about 120, so far so good..

Am I doing it right, any feedback, anything to watch out for.

[sheridanp]

So….

Nobodies tried to restore user home folders from a OD based network to a network that has been converted to a golden triangle. I’m sure for a AD-Integration forum, things like this must of have occurred.

I understand it would be a complex process, but a point in the right direction would be great. I am looking at things like ditto, cpmac….

I am open to any ideas at even if you guys recommend a fundamental change to the setup we have undertaken…. we are still open for some sort of feedback.

Anything .. anything at all

[sheridanp]

I found the offending text in my post

“But*this*method*is*slow*and*cumbersome”

triggers the spam filter go figure, board admin’s what do you think about it? are the filters working as expected.

It took me 20 minutes of constant copy and pasting to find the offending line in my 250 word post.

please note i had to mod the offending text .. or the spam filter would have kicked in again

[sheridanp]

I too am getting this “error”

spam detected. post deleted.

Are the spam settings set that aggressively that legitimate users cant even post …. 🙂

or is it just me ..

[Author]

Posts