AFP Network Home Question

Similar Messages

• Stumped on AFP network home directories.

  Heyo,
  Been RTFMs on File Services, User Management and Open Directory. Also looked in www.AFP548.com but didn't find anything helpful.
  We have a mixed environment and windows users aren't having any problem with network domain logins or using smb shares. Mac clients can mount the network shares with afp but network homes are a no go.
  Made the changes needed for the firewall and tried it with the firewall off just to be sure.
  The /Home share is automounted (not using the default /Users).
  Guest access is on in Sharing and AFP.
  Network Mount for /Home is set to Enable network mounting, AFP and User Home Directories.
  SMB Windows Homes are in the same directory and run without problems.
  Directory Access on the Client saw the server and looks ok.
  Only ref. I can find for the login attempt is under Open Directory Password Service Server Log:
  Apr 23 2006 16:42:31 RSAVALIDATE: success.
  Apr 23 2006 16:42:31 USER: {0x00000000000000000000000000000001, netadmin} is the current user.
  Apr 23 2006 16:42:31 AUTH2: {0x00000000000000000000000000000001, netadmin} CRAM-MD5 authentication succeeded.
  Apr 23 2006 16:42:31 QUIT: {0x00000000000000000000000000000001, netadmin} disconnected.
  and OD LDAP log:
  Apr 23 16:42:31 ci slapd[81]: bind: invalid dn (netadmin)\n
  Nothing in the AFP log.
  Any thoughts on what I should try or something obscure I may have missed when setting up MacOS client network home directories with AFP?
  Thanks
  Mitch
  Server: 10.4.6
  Workstations: 10.4.6

  Getting closer.
  Kerberos wasn't running and the ODM wouldn't Kerberize.
  This thread sorted out the issue:
  http://discussions.apple.com/thread.jspa?messageID=2186542&#2186542
  Kerberos is running now but still canna login for mac clients.
  hostname and sso_util info -g both resolve properly.
  but when i run:" slapconfig -kerberize diradmin REALM_NAME "
  all looks good until the command (with the proper substituions)
  "sso_util configure -r REALM_NAME -f /LDAPv3/127.0.0.1 -a diradmin -p diradmin_password -v 1 all"
  automatically runs and I get a list of:
  SendInteractiveCommand: failed to get pattern.
  SendInteractiveCommand: failed to get pattern.
  SendInteractiveCommand: failed to get pattern.
  and "sso_util command fialed with status 2"
  the sso_util command by itself spits out
  Contacting the directory server
  Creating the service list
  Creating the service principals
  kadmin: Incorrect password while initalizing kadmin interface
  SendInteractiveCommand: failed to get pattern.
  kadmin: Incorrect password while initalizing kadmin interface
  SendInteractiveCommand: failed to get pattern.
  kadmin: Incorrect password while initalizing kadmin interface
  SendInteractiveCommand: failed to get pattern.
  etc...
  even though the login/pass are good
  any thoughts on what i should check or where i should go next?
  Thanks
  Mitch
  iMac G5   Mac OS X (10.4.6)  
  iMac G5   Mac OS X (10.4.6)  

• Network home folders: iCloud password question re-appears at every logon

  Hello,
  Is there any way to enable iMessage and Facetime together with Network home folders. Im using Mavericks server (Directory services enabled) and two Mavericks clients. Every time a user that was using machine A logs on to machine B the iClouds password prompt re-appears and subsequently security questions are sent to iOS devices that a new device was added.
  Is there a way to circumvent this? I think I tried once in combination with mobile home folders. However, even if I excluded iMessage/Facetime system files from syncing, questions still re-appeared.
  The more iCloud services are tied into the system, the more you would like to use them; even if you are using network home folders.
  Regards,
  Thomas

  I also have this question.

• More than one network home directory? (newbie question)

  I have a brand new shiny XServer for a small school. They wanted their Macs managed and secured so I eagerly started moving ahead with it. Now, because of the specific file sharing requirements of the school (teachers want access to student accounts and files for homework and such) I created a standard, by-the-book Network Home folder. Then I thought about it, and I shared another directory as a Network User Home folder. And now none of my networked user accounts can log in. They all give me "can't log in, there is an error".
  Is what I did possible? Allowed? Recommended? Discouraged? Can you actually define two separate Network User Home folders on the same server, and then assign different users to different home folders? My server crapped out and now I may have to wipe/reinstall the whole thing to fix it.
  Does anybody have any experience with home folders like that?
  Any information would be dearly appreciated,
  Thanks.

  Each user can have one and only one home directory, network or local. (Yes, even if you use Mobile Accounts or Portable Homes each account still has one home directory. You just have multiple copies of the user account and each copy has one home.)
  You can have multiple share points that serve as home directory share points. In other words, not all of your users' homes need to be stored in the same place. By "network home directory share point," we mean a shared folder (share point) that has a corresponding dynamic automount record in the directory domain. The share point mounts at /Network/Servers/servername/path/to/sharepoint, and users defined in the directory domain can have their network homes defined there.
  If you want to grant a group of teachers (let's call it teachers for simplicity) read/write access to student home directories, I'd suggest the following strategy:
  1. Create two network home directory share points - one to house the students' homes and one to house the teachers' homes. For this example, let's say that the student home directory share point is located at /Volumes/Disk1/StudentHomes.
  2. Create home directories for each student as you normally would.
  3. Then add an ACL that allows members of the teachers group to read/write within the student home directory share point. For our example:
  sudo chmod -R +ai "group:teachers allow readattr,readextattr,readsecurity,list,search,\
  read,execute,writeattr,writeextattr,delete,deletechild,add_file,addsubdirectory,\
  write,append,fileinherit,directoryinherit" /Volumes/Disk1/StudentHomes.
  4. Now teachers simply navigate to /Network/Servers/yourservername/path.../StudentHomes/student's name and dig around to find what they want. (The teachers have read/write control of all student home directories now.)
  5. When your teachers find it a little inconvenient to dig around in each student's home, suggest the following alternative: Simply create a share point to which students have read-only access and teachers can read/write. Within that share point, create "turn-in" folders for each teacher or class, and give students write-only (drop box) permission to the sub-folder. You could get more granular than this simple example where all students can turn anything into any teacher's "turn-in" folder, though.
  --Gerrit

• Newbee question on network home folders

  I have 3 or 4 networked Macs in my home and I want everyone to have access to their own home folder from any Mac. Therefore the necessity for networked home folders. But I know nothing about how to set them up or even if it is possible in this situation. I have a copy of Mac OS X 10.5 server but have not set it up yet. Some Macs are a mix of 10.4 and 10.5.
  How do I go about learning how to set this up? What are PHD (portable home directories)? How does mail work in a network home directory environment? All family members are on .mac mail.
  Thank you for your help in getting this set up in my home.

  A Network Home folder is simply where your Home Directory is stored on the Server rather than locally on you Mac.
  The experience of using the Mac does not change so Mail and all other applications behave as they do with a normal local home. As you say this allows you to log in from any Mac. but before you set this up it is advisable to make all of your Macs identical, e.g make sure they all have the same Application, fonts, plugins etc because it is only the files that are normally in HD > Users > yourhomefolder
  that are stored on the server, everything else stays local.
  As for setting it up http://www.afp548.com/ has some good guides for Tiger server that can be adapted for Leopard
  Portable home directories are similar in that the Home Directory is stored on the server, but a PHD syncs the directory to your local mac as well, so in theory this is the best of both worlds in that you work on a local home folder and everytime you log in and out your changes are sync'd back to the server.
  This still allows you to log in from another Mac, and also means you can work on a laptop away from your network.
  But like I said "in Theory" this is best of both worlds, and for the majority of the time it works well, but you can run into complications, such as errors syncing and the potential to loose work if you log into the account on two macs at the same time.

• Unable to use network home directories on a 2nd volume

  Hi,
  I am having a problem hosting network home directories on 10.4.4 server. Through the help of AFP 548's instructions I have had them working fine when the users folder is at /users however I would like the data stored on another hard drive for easy backups, etc. But when I set this up I just get the unable to connect due to an error message on the client machines.
  I have tried setting up another folder on the boot volume and that works fine so I think the settings I am inputting are correct but as soon as I select a folder off the boot drive I run into problems again.
  Any ideas?

  Any ideas?
  Yes, but it might also be helpful to know specifically what error message your users are getting when they try to log in.
  If you've correctly set up your share point and network mount record as criss describes but you're still having problems, it may be due to the length of the path to the user's home folder. For more information on that point, see KnowledgeBase article number 107695.
  One question: can your users find their home directories when they log in to the server using Go > Connect to Server in the Finder?
  David Walton

• Mavericks network homes

  All running well in upgrade apart from one little issue.
  When a network user logs into any computer on the network all goes well until he logs off. To the user he has logged of but the server still keeps him logged on.
  This is an issue if he then tries to log onto another computer, where he finds that mail etc does not work because the last computer has his network home.
  If he restarts the computer this releases the Network home or if I log in as admin perform the command
    /sbin/umount -f  /Network/Servers/mx.anyserver.co.uk/Volumes/Server/HomesUsers
  So Help tried a logout script but that does not work.
  Set up several test servers and each time this issue occurs.
  the client (10.9) does not logout properly
  Please help very important. 
  Last question to Apple do you test your software this was an obvious fault.

  All,
  Try this:
  Move your Network User Home folders from the standard "Users" folder to something new - such as "NetUsers".  Leave local user folders as is (in the Users folder - which on the server should only be admin?  Depends...)
  Ensure network user home folder is availible for share via AFP.  The problem still exists using SMB. 
  Correct your users home folder path with workgroup manager (or otherwise).
  This solved the issue for me.  Yes it seems like a bug - but, whatever, it's working now.  This was a solution from another thread, I'll give proper credit when I have a minute to find it.

• Removing First Network Home Server

  In Workgroup Manager, when you click on the "Home" tab for a user, you are presented with a list of home directory shares under the "Where" column. My problem is that I can't seem to remove the first one (after "(None)"). When I setup the server containing my first network home directories, I used the IP address. Now I've added it again using the DNS name, as that gives me more flexibility. But I can't remove the first one. When I select it, the "Remove" and "Edit" buttons are grayed out. I can change any of my other shares, but not that one.
  Anyone know why not answer? I can't believe I'm stuck with it forever. Do I have to do it using the ldap command line tools?
  It isn't because users have home directories on that server, as I have changed them all (and the second one has user directories but I can still delete it). But that leads to an interesting question: if I edit a home directory server record, for example the third in the list, and change where it is pointing, say to a completely different server, will the home directories for all of the users pointing to that third record change as well? If I delete the record, will the users get errors or will they default to "(None)" or what happens?
  Thanks much,
  Nathan

  Hmm, here's some more info. The other reason I wanted to get rid of the first one is because I changed the home directory server's name. The IP is still the same, but the name had a typo. I was able to stop sharing the directory again and stop AFP and when I turned it back on, the afp:// link had changed from the IP to the DNS name. But the /Network path was using the old host name. It seemed to work, but I wanted it displayed correctly. What I ended up doing was going through and changing the computer's name in all of the config files in /etc (hostconfig is the main one, but all of them should be changed) and that corrected the typo in the /Network path.
  I'd still like to know why I can't delete it, but I can stop it and make it disappear.
  But it looks like I got the results I wanted.
  Thanks,
  Nathan

• Step-by-step instructions for NetBoot & Network Home folders?

  I've only done this once and that was about three years ago and I was operating mostly on trial and error, so I need some help.
  Let's say I have twenty Power Mac G5s on a network, each with a legal OS X license (of course). I have an Xserve G5 running 10.4 Server and a couple hundred gigabytes of free space. I also have a bootable FireWire hard drive that contains a complete system build (including the OS and applications) that will run on any of those G5s. The build is set up with a single "Administrator" user account.
  Normally when I do machine deployment I would use a tool like SuperDuper to image the FireWire drive onto the hard drives of the G5s, then set up a user account for that user on that computer. But what I REALLY want to do is turn my FireWire drive into a disk image that I can host on my Xserve and have all those computers booting from it. Additionally, I want to set up a network home folder system so that a user can, if he/she wishes, use a different computer on the network but still retain all of his/her 'local' files and preferences and settings.
  I've Googled quite a bit and came up with a number of pages that presume to explain how this is done but 100% of them are geared towards people who are already super-savvy with things like Unix command lines and such. I am not. Therefore, I need a very specific, very detailed set of walk-through instructions that spells out exactly how to do this. Does such a document exist anywhere? HELP!

  For starters, all the info you need is contained within the OS X Server PDF manuals, which should have came with your Xserve. You can download them all here: http://www.apple.com/support/manuals/macosxserver/
  Second, you should really post your questions in the OS X Server discussions, as they're obviously more geared toward the tasks you wish to accomplish:
  http://discussions.apple.com/category.jspa?categoryID=96

• Folder Redirection not working on SMB Network Home Directories

  I've setup network home directories on a 10.7.3 server. NHDs are available via SMB currently. I'm trying to setup folder redirection via MCXRedirector for both the ~/Library/Cache folder and ~/Downloads and redirect them to the local client. Client is 10.7.3 joined to OD. I'm using Login Redirection and the option to delete the existing folder and create a symlink. I used these instructions to create the redirectors: http://www.afp548.com/article.php?story=MCXRedirector
  When NHDs are available via SMB, the folders are created on the local client, but the symlinks aren't created in the NHD. I can switch the NHDs to be available via AFP, and then it works fine. I can switch back to SMB and the symlink stays in place and appears to work with no issue.
  Am I missing something here? I can't find any documentation that says I can't use MCXRedirector with SMB shares, and I see a number of posts where it appears that people are using it successfully... so I'm not sure what is wrong? Any help or suggestions is appreciated.

  Hi James,
  For folder redirection issues, we can go to Windows Logs\Application in Event Viewer to check if some related error events were logged.  Besides, we can also run cmd command
  gpresult/v or gpresult/z to collect group policy result to check if something goes wrong.
  Regarding how to configure folder redirection, in my opinion, the following article provides a good guide.
  Configuring Folder Redirection
  http://technet.microsoft.com/library/cc786749.aspx
  Best regards,
  Frank Shen

• Automount afp volume home stipulated in Directory mapping

  Hi I have a strange setup here which I'm puzzling over to get working.
  I have a number of computers configured to search an LDAP server on our network for their user account. Within the mappings of that LDAP in Directory services I have set the users home directory to #/Network/Servers/afpserver/homes/$cn$.
  All network homes are kept on an AFP share which I want each computer to automount at startup *not login*
  I've created and fstab file and inserted the following line
  server:/homes /Network/Servers/afpserver/homes url auto,url==afp://ID:PASS@afpserver/homes 0 0
  I've also altered the auto_master and added the line
  /Network/Servers -fstab
  I sudo automount -vc and it all updates creates the mount point but doesn't mount the server, and I get nothing in the console telling me why.
  I've searched for automount afp tutorials but unless I'm reading them very wrong I'm lost to how to get this share to mount on it's own.
  Any ideas?
  The AFP share is on a PPC tiger server, the clients are all 10.5.8 intel.

  Hi,
  I have encountered some of the same problems and I solved them as follows:
  1. make sure your DNS is working properly (probably is if kerberos is running) as it is a could be a source of long logintimes (I had to make both the internal and external interface resolve to the same hostname)
  2. Reboot the server from CD and repair the permissions and repair volume on the system disk.
  3. Restart the server and repair the permission again.
  4. Verify sharesettings in the WGM

• Final Cut Pro with Network Home Directories

  Hi,
  I have been tasked with setting up a Mac network primarily for use with FCP. The main requirement is that the user profiles are roaming as users will move from desk to desk, it is a college.
  I have an Xserve with OS X server and Open Directory configured. I have configured the network home directories and have successfully logged in with different users.
  My questions is regarding Final Cut. What is the best way to configure Final Cut to reduce the amount of network traffic?
  I have redirected the users cache folder to the local Mac and configured the scratch disc to a local hard drive. Are there any of tips that someone with a similar setup can recommend?
  Thanks

  Most schools end up using ext HDs. Each student has their own firewire HD with All the fcp capture, scratch etc docs on it.
  Thats the only way to meet the demands of video production and retain portability

• Users on network home directories hang after sleep

  Hi,
  I have the following problem: I have a 10.5 server with network home directories. I can login from Snow Leopard (10.6.1) however whenever the machine goes to sleep and comes back from sleep, the user hangs then if you wait a bit then it will come with the message that the share has been disconnected and it asks you to manually unmount. It will stay there forever. When you click disconnect, the system will unmount and remount the home directory but in the mean time, Mail will have reported disk i/o errors in the logs and throw errors (ranging from type in your password to 'rebuild index').
  Going through the log files (and verbosity high) it seems that when going to sleep, the system doesn't unmount the network home directory. After it wakes up from sleep it attempts to unmount the home directory share which off course fails because it's in use and then it locks up, after you click disconnect, it says "spins reported" in the logs and goes on with remounting the shares.
  The issue doesn't happen if the user is local. If anybody has an idea as to how this works or if they have it working, please let me know. I have tried just about anything. AFP shares, NFS shares, I have tried with or without the intr, nolocks, locallocks mount options - they all have the same issue. I have even tried another Mac Mini with a fresh install of Snow Leopard.

  I found a possible cause and solution.
  This has been on 10.6.1 with Mac Mini's. Then we got a new Mac Pro with 10.6 out of the (Apple) factory which I updated to 10.6.1, same issue. What I didn't think about is that by default I install a heap of software (including XCode, Adobe CS4 and Office 2008) with customized packages and workgroup manager preferences.
  So I was mucking around with Cocktail (the tool to clean up caches etc.) and I noticed Snow Leopard hung every time after cleaning & recreating some caches. Now that I had a reliable way to hang Snow Leopard I investigated what could cause it.
  I noticed during a PackageMaker session that Adobe CS4 installs a Version Cue startup script in /etc/machinit_peruser.d. I deleted it, rebooted, used Cocktail again and it went all the way through without hanging. Rebooted again, according to the logs it pre-linked & cached the kernel and several kernel extensions and that was it, no more hangs, no more issues logging in after sleep or screensaver.
  So possible causes:
  - VersionCue installs itself as a kernel module or something (the location says "mach" which is the kernel after all) which is not compatible with Snow Leopard.
  - The caches and kernel extensions were 'dirty' out of the box but VersionCue (or something else that interacts with it) blocked my or Snow Leopard's automated attempts to clean them.
  - VersionCue reinitializes (it sits on the network after all) after a sleep or screen saver timeout in a way that gives issues with Snow Leopard

• You are unable to log in...; Network Home directories; 10.4 & 10.5 Servers

  I have a solution!
  Note: this is a new post because all previous posts dealing with this topic have been archived, MANY without an answer.
  Problem:
  Users with Network Home directories can't log in. After entering their correct username and password, the following error message appears:
  "You are unable to login to the user account 'username' at this time. Logging in to the account failed because an error occurred."
  Problem occurs with v10.5 Leopard client attempting to login to a Network Home directory hosted on a v10.4 Tiger server.
  _Significant Troubleshooting Symptom:_
  Client mac Console log (all Messages) contains the following entry at the time the user attempted to login to their Network Home directory:
  authorizationhost[509] ERROR | -[HomeDirMounter
  mountNetworkHomeWithURL:attributes:dir:Path:username:] |
  PremountHomeDirectoryWith Authentication( url=afp://server.example.com/Homes, homedir=
  /Network/Servers/server.example.com/Volumes/ServerHardDisk/Homes/username,
  name=username )
  returned 2
  _Computing/Network Environment:_
  v10.5 Leopard server doing: DNS; Open Directory with Kerberos for Single Sign-On; AFP for half of all users' Network Home directories.
  v10.4 Tiger server doing: AFP for the other half of the Network Home directories. Also, note that Open Directory is not running on this server, BUT IT IS CONFIGURED (using Server Admin) as "Connected to a Directory System" and has joined the Kerberos realm on the v10.5 Leopard server.
  v10.5 Leopard clients.
  Solution:
  v10.5 User Management manual
  http://manuals.info.apple.com/enUS/User_Managementv10.5.pdf
  says share points for Network Home directories have to have Guest Access ENABLED. See step 5 on page 117 and step 12 on page 118. Note that these are two different settings, but seem consistent with each other.
  I had followed/complied/set Guest Access according to steps 5 (page 117) and 12 (page 118) on BOTH the v10.5 Leopard AND the v10.4 Tiger servers. The solution that allows users to log on normally is:
  Uncheck/disable Guest Access (as set in step 12 page 118) for the v10.4 Leopard server only. Leave "Share this item using AFP" checked. Uncheck "Allow AFP guest access."
  The above worked for me. Your milage may vary. If anyone knows how to report this to Apple for fixing in the server software and/or clarification in User Management manual, please do. If anyone knows that this solution "breaks" other stuff, please post back.

  Other posts that dealt with this same issue and other potential solutions:
  http://discussions.apple.com/thread.jspa?messageID=5700241&#5700241
  http://discussions.apple.com/thread.jspa?messageID=5784186&#5784186
  http://discussions.apple.com/thread.jspa?threadID=1215039&start=0&tstart=0
  http://discussions.apple.com/thread.jspa?messageID=9204496&#9204496
  http://discussions.apple.com/thread.jspa?threadID=1522353&start=0&tstart=0
  http://discussions.apple.com/thread.jspa?messageID=10226660&#10226660

• Network Home Directories for all users

  Hi,
  I hope someone can shed some light on a possible issue.
  I work for a primary school in the UK.
  I have Tiger server 10.4.10 running as an Open Directory Master. I have a 1TB XRAID attached to this server where the Home Directories are hosted. I have been told that they are now slow at logging in (I am currently unwell at home so have not confirmed this yet).
  It used to be a magic triangle setup but found there were problems with the managed prefs for the clients not being obtained on startup and network logins not working.
  The DNS and DHCP comes from the AD still.
  The OD has been set up to have the same kerberos realm as that of the AD (is this wrong) as the users are in both AD and OD with same username and password.
  The users Home dirs for the OD are hosted as i say on the XRAID which has a striped array of 1TB so the HDD speed shouldn't be a problem.
  The server is now connected to a 1Gb switch as are the clients.
  I have added more ram to the Xserve (now running on 5GB RAM). I have read that an afp server needs a lot of ram to work effectively. Is this enough?
  I have not set up link aggregation yet.
  The total amount of users logging in at one time will be no more than 40 users at once as there are only 40 mac machines in the school.
  I hope you can help as i would like to have something to go back to school with to tackle this if it does turn out to be true.
  Any more info needed just ask.
  TIA

  Hi. Let me restate so I understand it right. You are using an XServe to host network home folders and also using Active Directory for authentication? I work at a primary school also and we have an XServe that has the users home folder on it, but we also connect to an AD server for authentication. We had some speed issue with logging in but as soon as we set up a time server to ensure that both the XServe and AD server had the same time the trouble was fixed. Hope this helps.