Accessing home directories...

Similar Messages

• Home directories from GUI work but not from command line

  I'm having trouble accessing home directories through SSH. After significant trouble, I reinstalled OS 10.4.6 Server on each of my 24 XServes. This is a HPC with an XServe RAID providing the storage space. I promoted the first XServe to an Open Directory master and created 2 test users. I created a two sharepoints from the XServe RAID--one for general data and one for home directories. I enabled AFP on both, granted R/W access to the default group "staff" (of which my two test users are members) and set the home directory sharepoint ("HomeDir") to automount using AFP for users' home directories through WGM. If I use Remote Desktop to login to one of the cluster nodes, the home directory seems to mount correctly. However, if I try to access the same user account through the command line--the home directory cannot be found.
  I can cd to /Network/Servers/headnode.domain.com/Volumes/HomeDir; but I cannot see any of the folders listed there. On the head node, I can verify that the user's home directory has been created--it seems to be fully populated. I've checked permissions, and they seem to be correct; but the fact that I cannot access it from the command line seems to suggest that there's a greater permissions issue.
  I've tried doing the identical setup using an NFS automount instead of AFP with no success. I can't find any answers for command line/SSH access to this problem. Any help would be appreciated.
  Thanks,
  CF

  I've discovered something else in the course of troubleshooting this problem. If I login as a test user through remote desktop to, say, node1.domain.com; the home directory mounts correctly; and, as long as I do not reboot either headnode.domain.com or node1.domain.com, I can login via SSH and access my home directory.
  Of course, if I do reboot--access no longer works. I've browsed through dozens of other posts and tried to follow other users' suggestions. I've manually created a hosts file, which I've uploaded to /etc/hosts on each node. I've double and triple checked DNS and DHCP--I have LDAP propagated through autodiscovery on DHCP; I have each node statically assigned; and I have DNS entries for each node. I also have computer entries in WGM; and I've used the FQDN of each node (node#.domain.com) for everything across the board.
  I'm also hitting the "authentication error" when I try to access my other AFP sharepoint. I can't figure this out.

• Multiple simutaneously logged in users accessing AFP home directories?

  Hi,
  Many of our problems are described in this guy's blog:
  http://alblue.blogspot.com/2006/08/rantmac-migrating-from-afp-to-nfs.html
  The basic capability we want is to have multiple simultaneously logged in users to have access to their AFP mounted home directory, which is configured in a sane, out-of-the box setup using WGM and Server Admin.
  Multiple user access could take the form of FUS (fast user switching), or simply allowing a user to SSH into a machine that another user is already logged into and expect to be able to manipulate the contents of her home directory.
  From my extensive searches, I have no reason to believe this is currently possible with 10.4 Server and AFP.
  (here's the official word from apple: http://docs.info.apple.com/article.html?artnum=25581)
  I've read that using NFS home directories will work, though.
  I want to believe that Apple has a solution for this by now (it's been almost a year since we first had difficulty), or at least a sanctioned workaround. If Apple doesn't have one, maybe someone else has come up with something clever. I find it hard to believe that more people haven't wanted this capability! (not being able to easily search the discussion boards doesn't help, though...)
  Thanks for your help!
  Adam

  Parallels Issue. Track at http://forum.parallels.com/showthread.php?p=135585

• Home Directories Remote Access

  Hi,
  As a school we are looking to give students access to their home directories from anywhere (preferably with easy access from tablet devices).  We have an on-premise SharePoint Server (2013), and also students have access to Office 365 which could give
  them 25GB areas on OneDrive for Business.
  The three possibilities I can think of so far (without spending anymore money as budgets are tight, and I am a great believer in using the in-built capabilities of Microsoft Products before outsourcing to 3rd Parties).
  Students have user areas on OneDrive for Business in Office 365
  This would be great in a way because the files are stored off site freeing space up on our SAN.  But with no ability to make our own backups (can get around this using versioning), our main issue would be the 500MB-1GB art/music files our students generate,
  opening and saving these across the Internet would be painful, and although chances are they won't need these at home, I don't want to confuse matters by giving them multiple areas to save things.  Although it's great that it also integrates with office
  when they sign in at home or in school, I find it annoying that it creates a SharePoint folder alongside the already existing OneDrive area (very confusing for end users).  When you click this and then on the OneDrive @ Company Name it  gives you
  access to Style Library and other config folders as well as Documents (just looks messy to me).  It also means students would have to use web pages to open anything other than office files, I have mapped network drives to OneDrive 
  before and it works but is glitchy when clicking through folder structures.  I also don't want to have to sync their files to every workstation they log onto to make the OneDrive for Business shortcut appear in file explorer.
  Students have user areas on OneDrive for Business on-premise
  This solves the speed problem with large files to an extent although saving large files into SharePoint inevitably takes longer.  We would still have the messy menu with opening office files (explained above) and the issue with opening other
  files via web pages. 
  Students keep user areas in a directory on our server, using Work Folders to access remotely
  After the issues when looking at OneDrive, Work Folders was a ray of light I was hoping would solve the issues.  Keep the existing folder structure but give access from anywhere (with the promised apps for IOS, android and windows devices).  I
  set it up and looked good, until I realised you HAVE to sync all of your files to every device you use them with.  So if they're at home on an 16GB iPad for example, their user area is 3GB and they only have 1GB left, they can't access their documents
  at all.  Sync would be great as an option, but there is no way for them to simply access their directory at home (even via web page).
  Please someone tell me there is a way! (Without spending more money).
  Thanks,
  Andy

  Hi Andy,
  Thanks for contacting Microsoft.
  From you description, I learnt that the issue you are experiencing is that you want to give students access to their home directories from anywhere without spending more money.
  If I misunderstand anything, please feel free to contact me.
  I have read all the three possibilities. For the first two possibilities, you had better post them to SharePoint forum. For the third possibilities,  you are right, syncing up is really an issue.
  So for this issue, I need to discuss it with our discussion team. I will update you on this as soon as we can.
  Best regards,
  Sophia Sun
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Home directories loosing access rights - Urgent help required

  We have just migrated around 2000 user accounts onto a new xserve server and we have just set up these user accounts so that there home directory is stored on the server as opposed to locally on each machine. To get past a serious performance issue we changed the rights for the group so that only the owner could see there own directory and they had full read right access. Now there is one group and around 2000 user folders in that group, with each folder having the specific owner. Now after we made this change to the rights for the group to be none, and the owner as read/write access to the folder. We pushed this out using Workgroup manager and applied the changes to all child folders and files. Now in theory, when a user logged on they would only be able to see there own home directory and no one else’s on the server - and this is what happened, for the first 5 minutes... and then without making any changes to their server or the client machine, the user then lost access to their own home directory. The only way we have been able to get around this is to allow the group read access to the parent folder, so if a user navigates through to the volume on the server where these home directories are stored then they will be able to see all 2000 folders (but not access any data in them) Now this would not be such a big deal for us to fix ASAP, however it does cause the client machines to go very very very slow when browsing to open files through various programs. E.g. when you click file and then open in Photoshop or whatever the pinwheel will come up and start to spin for at least a min or so before it brings up the finder. I am assuming that this is because the machine is trying to look in all 2000 odd folders. Does anyone have any idea or suggestions on how we can get around this issue or what we are doing wrong?
  We are about to split the users up into groups of around 200, which should have been done from the start (BTW we did test this on a test server before implementing it, however it is murphies law that new bugs had to come up)
  Any help would be greatly appreciated.
  :S

  Thanks for you suggestions; we only used workstation manager to change the preferences. We were trying to change the rights so that the students would not even see the other student’s folders. We ended up setting up the rights similar to how you suggested, but there was still slow performance issues browsing to folders in the finder, because machine would get to the directory /Volume/server.address/mac_students and then search through 2000 folders (And maybe try to index) before going to the next level being the students home directory. So we split the 2000 users into 10 groups (Which really should have been done from the start) This enabled the finder to load a lot faster, but students could still see the top level folder of the other students in the group, but hey at least we were not faced with a "ohhhh boy, it is Monday morning and no students can log in" situation... We will be tweaking the image that is on all the clients to have the default locations in Photoshop and Quark etc to point locally, but that will be a bit of a longer term thing.
  I guess my real initial question was if we made a mistake with the rights on how we set them up, why did it work on the test server the whole time, and even on the live server for a few minutes, I would have thought that if the rights were wrong, then it would not have worked from the start?
  Never mind it is working now, which is the main thing.
  Another question though, for anyone that is reading, is how to you change the preferences of spotlight and where it saves its data.. Basically when a student logs onto a new computer, spotlight indexes and saves results in each folder and we would like to prevent it from indexing and saving to the home directory (Because this is on the server) We can actually see the CPU of the server go up when a student logs onto a machine that they have never logged into before and spotlight starts indexing the new machine. And preferably we would like to not disable spotlight on all the client machines - as students will no doubt like to search. Also should we disable spotlight on the server end? I guess this would improve performance a bit as well.
  Thanks in advance for any suggestions

• Letting users access other users home directories

  Hello,
  I am currently setting up an xserve at a school and I am running into some problems. I want to let the group teachers be able to access all of the students home directories. I added to the permissions the group teachers for the users folders, but the permissions do not carry through all subfolders. What would be the best way to set up these permissions in tiger server?
  Thanks
  Robert

  Hi
  When sharing a desired folder for automounting networked home directores the default POSIX values are:
  Owner: root/admin R/W (can be either)
  Group: admin Read Only
  Everyone Read Only
  Going beyond this folder and you can then view the default attributes for individual folders. These should be:
  Owner: the persons name Read & Write
  Group: admin Read Only
  Everyone: None
  This is as it should be and you should leave these alone. In the situation you describe it makes sense to grant Read/Write access for teachers so as students work can be marked and/or assessed. In which cae you want to preserve the POSIX permissions but use an additional permissions model that allows access withour breaking the default permissions.
  10.4 Server allows for this as Access Control Lists (ACLs) are available once you enable them for the volume that has the shared folder for automounting networked home folders on it. WorkGroup Manager > Sharing > General. Select the volume and tick the box that says 'Enable Access Control Lists on this volume'. When you have done this, restart the Server. Enabling/Disabling ACLs on any volume should always be followed by a restart.
  On successful log in launch WorkGroup Manager, select Sharing, select folder you are interested and and select Access. Below the Standard POSIX model there is a window. This window is where you add desired users or groups (or a mix of both) and define what access they have to the selected folder. At the bottom of this window is a small gear wheel. Selecting this will show a small sub-menu where you can propagate permissions as well as viewing effective permissions. I would suggest you create a year group, add desired teachers to that year group and then add this year group to each desired year folder. Define your permissions and propagate them. You should now have at the end of this the default POSIX permissions for individual student folders still in place and honoured as well as overriding permission for teachers.
  Hope this helps, Tony

• Local access to Network Home directories

  Under Leopard, I want to allow a user to log in to the machine that hosts his network home directory, and access it locally from that machine.
  User joe is set up in Open Directory to use a network home directory that is served from machine joe-ws. In other words, his Home record points to afp://;AUTH=Client%20Krb%20v2@joe-ws/Users/joe. There is also a mount record in OD that causes joe-ws:/Users to auto mount as /Network/Servers/joe-ws/Users
  This is working perfectly -- Joe can log in anywhere on the network and see his files. He can also create portable home directories, sync them, and the like.
  Except that he can't log in on joe-ws: if he does so, joe-ws tries to mount its own sharepoint via afp in order to find joe's home directory and that isn't a happy situation.
  Is there any obvious way to do what I want?

  I have found the source of my problem and resolved it -- it relates to case-sensitivity of host names.
  What is supposed to happen is that automount and autofs are smart enough not to try to mount shares that are hosted locally. If, for example, if there is mount record in the directory asking for afp://joe-ws/Users to be mounted in /Network/Servers/joe-ws/Users, then on every machine but joe-ws, it'll happen. On joe-ws, on the other hand, automount just creates /Network/Servers/joe-ws as a link to /
  In my case, there was a typo in the local DNS zone records, causing joe-ws to think it's name was joe-ws.DOMAIN.com, whereas the mount records referred to joe-ws.domain.com (difference being case).
  Therefore, automount, running on joe-ws.DOMAIN.com tried to mount a sharepoint hosted on joe-ws.domain.com. DNS sees these as the same host; automount doesn't, so fails to apply the special magic that normally applies when you ask it to mount a sharepoint that is hosted locally.

• How to configure Airport Extreme AFP disk sharing to host multiple users' home-directories (Lion, using autofs)

  I have this working, but only by completely bypassing access control, using guest access with read+write permissions.
  Do I need to buy Lion Server, to do this. All my past unix/linux experience says Lion Server should _not_ be necessary.
  This seems like a simple & obvious setup objective, but it is proving to be harder than I would imagine.
  Setup:
  multiple users, sharing two mac mini's running OSX Lion
  connected to an Airport Extreme (4th gen) with a USB disk shared (either via disk password, AEBS password, or using AEBS user's passwords).
  After much experimentation and web research, I finally have managed to get the mini's to auto mount the Airport Extreme's AFP shared USB disk. Well almost... It only works if, on the Airport, I set the guest access permissions to read+write and select the "Secure Shared Disks" method to "With disk password" or "with Airport Extreme password".  In other words, it only works if I essentially bypass/disable access control by using the guest authentication mechanism to the AFP shared disk.
  On the Lion side of this, I am automounting the users directories via "autofs". The config files for this are
  /etc/auto_master:
  # Automounter master map
  +auto_master            # Use directory service
  /net                    -hosts          -nobrowse,hidefromfinder,nosuid
  /home                   auto_home       -nobrowse,hidefromfinder
  /Network/Servers        -fstab
  /-                      -static
  /-                      auto_afp
  /etc/auto_afp:
  # Automounter AFP master map
  # https://discussions.apple.com/thread/3336384?start=0&tstart=0
  /afp/users -fstype=afp afp://;AUTH=No%20User%[email protected]/Users/
  Then, after rebooting and verifying read+write access to the /afp/users directories, I change each user's home directory: In System Preferences > System > Users & Groups, I right-click over the users to access the Advanced Options, changing the Home directory field to point at the AFP-mounted /afp/users/Users/* home directories.
  I experimented with alternate UAM specifications, as well as both OSX and AESB users & passwords. Using guest access is the only thing that has worked.
  Any pointers would be appreciated...

  Based on lots more experimentation which confirms the information in a parallel discussion (cf. Automount share as non ROOT or SYSTEM user! https://discussions.apple.com/thread/3221944), I have concluded that the Lion 10.7.2 implementation of AutoFS mechanism is broken. I submitted a bug report via apple.com/feedback.
  Work arounds..?
  Earlier I wondered if installing Lion OSX Server was necessary.  The more I contemplate this, the more I am convinced it _should_not_ be necessary. The client-server architecture is clear: my mac's are the file-server client's and the Airport Extreme is supposed to act as the file server. The only thing instaling Lion Server would do (besides enriching Apple.com) is enable me to configure one of the mac's as the file server. This would require it to be "always on" (thus enriching my electric utility as wel).  Okay, an additional benefit would be configuring software RAID disks attached to the Lion server, but Time Machine has worked fine for me in the past, backing up to disks mounted on the Airport Extreme.
  One solution is to create a disk partition for each user and instruct each user to connect / authenticate to the Airport Extreme AFP share at login.  The multiplicity of partitions is necessary since the first user to mount the AFP share, takes ownership of it, blocking other users from accessing that disk partition.  A user can "steal" ownership by reconnecting, but this will leave the other user's applications & open files dangling.
  This disfunctional situation really *****.  Before instaling Lion, I put a 64 GB SSD (solid state disk) in each of our mac's. I did this expecting to easily configure the /Users/* data on external networked storage. I'm having a dejavu "Bill Gates"-ware moment; problems like this were why I abandoned Windoz.
  I will make a few more experiments using the depreciated /etc/fstab mechanism.  Maybe that will bypass the broken-ness of AutoFS...? Alternately, I guess I could also try to run Kerberos authentication to bypass whatever is broken in AutoFS, but that would require a running a Kerberos daemon somewhere.  Possibly I could configure a Kerberos service to run on both my mac's (without installing Apple's Lion Server)...?
  Stay tuned...

• Home Directories not mounting

  I'm setting up an OS X network for the first time.
  I've got Open Directory based network logins working, but I can't get the home directories to mount over the network. When logging in, a dialog box says that an error occurred and that the home direcotry is mounted via SMB or AFP.
  So I log in as a local user on the client machine to poke around. I don't see the server listed in /Network/Servers, but I can manually do a Connect To Server and put in afp://server.dom.ain/Users/usename and it's fine. This afp:// URL is the same as is specified as the user's home directory.
  I have verified that /Users is exported on the server.
  Do I need to go in to every client and create an automount map for this or is there something else I've forgotten?
  Thanks...
  various   Mac OS X (10.4.9)   10.4.9 server and clients

  The first thing to do when you're having any kind of login problem is to ssh in to the client machine and tail -f /var/log/system.log, then log in to the client machine and watch for clues.
  Step by step:
  1. make sure Remote Login is enabled in the Sharing preferences on the client machine (you can turn it off when you're done if you're paranoid)
  2. on any other mac (or ssh equipped PC) run Terminal (in /Applications/Utilities) and type "ssh username@IP-of-client-machine" obviously replacing "username" and "IP-of-client" with your values, and no quotes of course. Note that "username" needs to be an administrative user. If you haven't logged in with Terminal before, keep in mind that it does not echo back characters when you type in the password. Just type it and press enter. You may have to type "yes" after that to set up the initial trust relationship between the two computers.
  3. Once you're logged in to the client machine, type "tail -f /var/log/system.log" (again, no quotes) and leave it like that. You now have one computer watching another computer's logs in "real time" -- VERY handy when you're troubleshooting a reproducible error.
  4. Go back to the client computer and log in with the problematic account. The other computer will show you everything being logged in system.log. Watch for clues that something is wrong. (something couldn't be found, access denied, anything that doesn't sound too friendly)
  5. Figure out what they mean or copy/paste 'em here! The part that counts is anything that came up on the watching computer's screen from the moment you clicked "Log In" on the client computer to the moment you are at your regular (deficient) desktop, confident it's not gonna do anything else.

• Home directories not being created

  Hi,
  I am having trouble creating home directories for users on my OSX Server Tiger 10.4.4 running on a mac mini.
  Home directoried do not seem to be created for users on my Open Directory.
  I have configured my server to be an Open Directory master. I have no other Open Directory replicas/Servers running.
  I have set up and configured DNS. It appearts to be working correctly and can resolve my server name to the local IP (10.1.1.X) and give me a fully qualified domain name.
  When accessing users on my OpenDirectory via the work group manager the directory name comease up as "LDAPv3/127.0.0.1" (local host possibly the problem).
  When I click on the "Create Home Now" button and hit save, the home dirs are not created.
  I have checked to make sure that the home directory is shared (owner root) and it seems okay.
  I have read some other threads on topics similar to this, but have had no luck. I would appreciate any help in trying to fix this problem.
  Please let me know if any further information s required.
  Cheers

  I had the same issues you've described in this thread. It turned out that I had named my server "morris", and when the client machines went to mount a user's home folder, they attempted to mount /Network/Servers/morris/Users/whoever. When I went to the Finder, I clicked on the Network icon, then the Servers icon, and listed under there was "morris.domain.com" (where domain.com is your own local domain), but not "morris". So it appeared that there was a name mismatch.
  The fix was easy. I started up Server Admin, clicked the machine I wanted to fix, clicked the Settings tab in the right pane, the Network tab up top, and changed the "Computer Name:" field from "morris" to "morris.domain.com". From that point on, my login problems went away.
  It seems that the Server Admin-set "Computer Name" has to match the machine's FQDN in DNS.

• Key-based SSH Authentication and AFP Home Directories

  I'm setting up some users with AFP home directories (hosted on an Xserve, with a couple of G5 towers as Open Directory clients). When logging in on the console on a G5 tower, the home directories work fine. The users can SSH into the Xserve using SSH key authentication. However, the users can not SSH into the G5 towers using SSH key authentication, and are instead asked for passwords - presumably because the AFP home directory is mounted with guest access (and thus the keys are unreadable) before the password is entered.
  Is there a known workaround for this? A different way of setting up the home directory mounting? I don't particularly want to go the mobile home directory route, because (among other things), as far as I know, mobile home directories only sync when a user logs into the GUI. If that's not the case (that is, if they will sync when a user logs into the machine with SSH), then I guess that would be a reasonable solution.
  Thanks in advance for any suggestions!

  That was just speculation on my part; I'm not sure exactly what's happening. I do know that until the user authenticates, the entire automount is mounted with guest access... and that the user can't authenticate until the key file can be read. It may be the case that I was just encountering some transient failure or the like, however.

• Firefox 3.6 not compatible with home directories stored on AFP file server

  I just wanted to let everyone know that I have discovered, at least in my situation, that Firefox 3.6 does not work with user home directories stored on AFP file servers.
  My network consists of PPC 10.411 clients and a Mac OS X 10.62 server. User home directories are stored on the server, the user is logged into a "Golden Triangle" LDAP domain, where the Mac clients bind to a OSX Server and the OSX Server is a member of the Active Directory domain.
  Worked perfectly fine on Firefox 3.57, now in 3.6 it will either not launch, will freeze with the beachball or will only show the Firefox window and not the main web browser.
  This has happened before with a 3.0x update from a few months ago. I have posted a bug in the Bugzilla database and have outlined the bug on my personal MacPCSMB blog.
  http://www.macpcsmb.com
  https://bugzilla.mozilla.org/show_bug.cgi?id=542306
  Thanks
  Michael Yockey
  IT Administrator
  Yockey, Yockey and Schliem PC

  There is an update on the FireFox hosted AFP issue that I have uncovered:
  When users are rolled back with Firefox 3.57 (by installing FF 3.57 over 43.6) the following issue occurs:
  You launch Firefox and you get an error that states "XML scripting is not working; Firefox cannot open the window".
  This basically means that the plug-ins for Firefox 3.6 are still in the user's Firefox profile directory. These new plug-ins are not compatible with Firefox 3.57. You will have to manually go into the user's home directory and remove their profile folder and extract a specific file. The issue is that the user will have to be able to have access to their bookmarks. If you delete the profile folder their bookmarks are gone, though that is simpler to do.
  It looks like Mozilla significantly changed the profile folder setup in FF 3.6, so a profile rollback or deletion is necessary.
  If you DO NOT have a good backup:
  To solve this issue do the following. This guide assumes you have the users home directory stored on an AFP server and you have open directory logins:
  1. The Firefox profile is located here according to Mozilla: http://support.mozilla.com/en-US/kb/Profiles . The Mac OS X Directory is located at /~username/library/application support/Firefox.
  2. Find and COPY the places.sqlite file. This is the Firefox bookmarks and history database. This file is very important to back up.
  3. Now take the user's Firefox profile and TRASH it.
  4. Now either have the user launch Firefox with their Open Directory login, or change their password and login yourself. Open Firefox and then after it full loads quit the program. Copy the places.sqlite file back into the Firefox profile folder. You will have to do this manually for every user unless if you make an AppleScript to take care of this.
  5. The program will now work again.
  The second option is to go into Retrospect or Time Machine (or whatever backup solution you use) and restore the user's profile direct to a point in time before Firefox was updated to 3.6 and then subsequently reverted back to 3.57. How to use backup software is way beyond the scope of this blog posting.
  Thanks
  Mike Yockey
  www.MacPCSMB.com

• You are unable to log in...; Network Home directories; 10.4 & 10.5 Servers

  I have a solution!
  Note: this is a new post because all previous posts dealing with this topic have been archived, MANY without an answer.
  Problem:
  Users with Network Home directories can't log in. After entering their correct username and password, the following error message appears:
  "You are unable to login to the user account 'username' at this time. Logging in to the account failed because an error occurred."
  Problem occurs with v10.5 Leopard client attempting to login to a Network Home directory hosted on a v10.4 Tiger server.
  _Significant Troubleshooting Symptom:_
  Client mac Console log (all Messages) contains the following entry at the time the user attempted to login to their Network Home directory:
  authorizationhost[509] ERROR | -[HomeDirMounter
  mountNetworkHomeWithURL:attributes:dir:Path:username:] |
  PremountHomeDirectoryWith Authentication( url=afp://server.example.com/Homes, homedir=
  /Network/Servers/server.example.com/Volumes/ServerHardDisk/Homes/username,
  name=username )
  returned 2
  _Computing/Network Environment:_
  v10.5 Leopard server doing: DNS; Open Directory with Kerberos for Single Sign-On; AFP for half of all users' Network Home directories.
  v10.4 Tiger server doing: AFP for the other half of the Network Home directories. Also, note that Open Directory is not running on this server, BUT IT IS CONFIGURED (using Server Admin) as "Connected to a Directory System" and has joined the Kerberos realm on the v10.5 Leopard server.
  v10.5 Leopard clients.
  Solution:
  v10.5 User Management manual
  http://manuals.info.apple.com/enUS/User_Managementv10.5.pdf
  says share points for Network Home directories have to have Guest Access ENABLED. See step 5 on page 117 and step 12 on page 118. Note that these are two different settings, but seem consistent with each other.
  I had followed/complied/set Guest Access according to steps 5 (page 117) and 12 (page 118) on BOTH the v10.5 Leopard AND the v10.4 Tiger servers. The solution that allows users to log on normally is:
  Uncheck/disable Guest Access (as set in step 12 page 118) for the v10.4 Leopard server only. Leave "Share this item using AFP" checked. Uncheck "Allow AFP guest access."
  The above worked for me. Your milage may vary. If anyone knows how to report this to Apple for fixing in the server software and/or clarification in User Management manual, please do. If anyone knows that this solution "breaks" other stuff, please post back.

  Other posts that dealt with this same issue and other potential solutions:
  http://discussions.apple.com/thread.jspa?messageID=5700241&#5700241
  http://discussions.apple.com/thread.jspa?messageID=5784186&#5784186
  http://discussions.apple.com/thread.jspa?threadID=1215039&start=0&tstart=0
  http://discussions.apple.com/thread.jspa?messageID=9204496&#9204496
  http://discussions.apple.com/thread.jspa?threadID=1522353&start=0&tstart=0
  http://discussions.apple.com/thread.jspa?messageID=10226660&#10226660

• Stumped on AFP network home directories.

  Heyo,
  Been RTFMs on File Services, User Management and Open Directory. Also looked in www.AFP548.com but didn't find anything helpful.
  We have a mixed environment and windows users aren't having any problem with network domain logins or using smb shares. Mac clients can mount the network shares with afp but network homes are a no go.
  Made the changes needed for the firewall and tried it with the firewall off just to be sure.
  The /Home share is automounted (not using the default /Users).
  Guest access is on in Sharing and AFP.
  Network Mount for /Home is set to Enable network mounting, AFP and User Home Directories.
  SMB Windows Homes are in the same directory and run without problems.
  Directory Access on the Client saw the server and looks ok.
  Only ref. I can find for the login attempt is under Open Directory Password Service Server Log:
  Apr 23 2006 16:42:31 RSAVALIDATE: success.
  Apr 23 2006 16:42:31 USER: {0x00000000000000000000000000000001, netadmin} is the current user.
  Apr 23 2006 16:42:31 AUTH2: {0x00000000000000000000000000000001, netadmin} CRAM-MD5 authentication succeeded.
  Apr 23 2006 16:42:31 QUIT: {0x00000000000000000000000000000001, netadmin} disconnected.
  and OD LDAP log:
  Apr 23 16:42:31 ci slapd[81]: bind: invalid dn (netadmin)\n
  Nothing in the AFP log.
  Any thoughts on what I should try or something obscure I may have missed when setting up MacOS client network home directories with AFP?
  Thanks
  Mitch
  Server: 10.4.6
  Workstations: 10.4.6

  Getting closer.
  Kerberos wasn't running and the ODM wouldn't Kerberize.
  This thread sorted out the issue:
  http://discussions.apple.com/thread.jspa?messageID=2186542&#2186542
  Kerberos is running now but still canna login for mac clients.
  hostname and sso_util info -g both resolve properly.
  but when i run:" slapconfig -kerberize diradmin REALM_NAME "
  all looks good until the command (with the proper substituions)
  "sso_util configure -r REALM_NAME -f /LDAPv3/127.0.0.1 -a diradmin -p diradmin_password -v 1 all"
  automatically runs and I get a list of:
  SendInteractiveCommand: failed to get pattern.
  SendInteractiveCommand: failed to get pattern.
  SendInteractiveCommand: failed to get pattern.
  and "sso_util command fialed with status 2"
  the sso_util command by itself spits out
  Contacting the directory server
  Creating the service list
  Creating the service principals
  kadmin: Incorrect password while initalizing kadmin interface
  SendInteractiveCommand: failed to get pattern.
  kadmin: Incorrect password while initalizing kadmin interface
  SendInteractiveCommand: failed to get pattern.
  kadmin: Incorrect password while initalizing kadmin interface
  SendInteractiveCommand: failed to get pattern.
  etc...
  even though the login/pass are good
  any thoughts on what i should check or where i should go next?
  Thanks
  Mitch
  iMac G5   Mac OS X (10.4.6)  
  iMac G5   Mac OS X (10.4.6)  

• Removing default folders in users home directories

  My users have their home directories at /Users/<username>. I also created some directories there for users' websites and other things.
  All users have only access by ftp (mail, webmail, web service, etc.), but it is never intended to use AFP or other things.
  So my question is... can I safely delete the pre-set directories like Desktop, Documents, Library, Public, etc. ?
  I was told that this is possible, but now have doubts as I closer looked at, for example, the Library folder. There are some .plist files and other stuff.
  Before deleting them I want to get the statements of some experts

  You can safely delete all of that stuff, and if they ever log in to the GUI again, Library, Desktop, and the necessary Library items will be recreated. Library and Desktop are the only ones the OS really cares about, and only then when a user is logged in to the GUI.