Crearting Home Directories for AD clients

Similar Messages

• Home directories for Linux clients?

  Hello,
  I want to setup OS X Server to serve as an authentication server for Mac-, Windows- and Linux-clients. I have the services DHCP, DNS, OpenDirectory (as Open Directory Master) and Windows (as PDC) running.
  So far there is no problem to login on the three different platforms via LDAP. In WGM I set the home directory for Mac-clients and activated the virtual homes feature for windows. On both clients I get the network home functional but on the linux client the home does not appear.
  How do I configure the server to realize that? I thought that the linux clients would use the samba share that the windows clients use.
  iMac G5 (iSight) 20"   Mac OS X (10.4.6)  

  When you log in to the linux machine, do you get an error that states that the home directory for the user cannot be found? That error message should give you the path that is set in the LDAP directory as the home directory for that user. This directory needs to be added to the Linux filesystem, and then the Users folder on the OS X Server needs to be NFS mounted (rw) on the Linux machine.
  For ease of transition, I softlink /home to this directory on the Linux machines.

• Home directories on NIS clients show "NOBODY" for group and owner

  Hi,
  I recently changed 10 clients from an old NIS server (running Solaris 7!) to a new one (running Solaris 10).
  All my clients log on through NIS and mount their home directories OK, but when you do a ls -l it shows all files as having the owner and group as "nobody".
  I am guessing this has to do with the NIS maps, or auto_home or something, but I keep going around in circles.
  FROM CLIENT:
  $ ls -l
  total 14
  drwxr-xr-x 2 nobody nobody 4 Sep 11 14:46 Desktop/
  drwxr-xr-x 2 nobody nobody 2 Sep 11 14:46 Documents/
  -rw-r--r-- 1 nobody nobody 136 Sep 11 13:07 local.cshrc
  -rw-r--r-- 1 nobody nobody 157 Sep 11 13:07 local.login
  -rw-r--r-- 1 nobody nobody 174 Sep 11 13:07 local.profile
  -rw-r--r-- 1 nobody nobody 33 Sep 11 14:51 test
  FROM SERVER
  nisserver # ypcat auto.home
  nisserver # ypcat auto.master
  auto.home -nobrowse
  -hosts -nosuid,nobrowse
  nisserver # ypcat -x
  Use "passwd" for map "passwd.byname"
  Use "group" for map "group.byname"
  Use "project" for map "project.byname"
  Use "networks" for map "networks.byaddr"
  Use "hosts" for map "hosts.byname"
  Use "ipnodes" for map "ipnodes.byname"
  Use "protocols" for map "protocols.bynumber"
  Use "services" for map "services.byname"
  Use "aliases" for map "mail.aliases"
  Use "ethers" for map "ethers.byname"

  Darren,
  Yes. The clients are Solaris 10 as well. And the domain is the same on both server and clients.
  The files should be owned by real users.
  If a user ssh's into the server directly, the permissions display properly. But on the clients it is nobody. Other than the permission displaying wrong, I haven't noticed any permission-related restrictions on the clients.
  -Jim
  Edited by: cr8rface on Sep 22, 2008 10:30 AM

• Seperate Home Directories for Windows and Mac OS Mac Clients

  Hi,
  I have a Mac Mini Server with Snow Leopard 10.6.2, with open directory master set up and then joined to Active Directory and that works fine. The only thing is that I would like the macbooks to log in, and display a home directory that resides on the mac server so they can save their video editting work. So the user has 2 home directories one on windows server one on mac but same user account.
  Can this be done at all???

  Hi
  +"Can this be done at all???"+
  There are a number of approaches you could use? Modifying the AD Schema is one way. This method is generally not considered as a viable one because of the risk of SP updates breaking the modified schema. A popular way is to use the methods outlined by Mike Bombich:
  http://www.bombich.com/mactips/activedir.html
  This involves the use of Augmented Records stored in an even lighter LDAP database that 'straddles' (sort of) both directories (AD and OD). Yet another method would be to add redirects via AD GPOs for a home folder that resides in a suitably prepared share on the OD Master. There are still other ways depending on how hard you want to work.
  AFAIK you don't want the OD Master in all these scenarios to be the KDC.
  There is a wealth of information regarding this which you could google for yourself? AD-OD Integration has been going on for at least 4 years now in form or another all with varying success. How successful the integration is depends (as ever) largely on how well the AD environment has been configured. The most successful integrated sites in my experience involved the AD environment being configured from the outset to accommodate the mac platform.
  There's a lot of useful stuff over on edugeek.net:
  http://www.edugeek.net/forums/mac/
  Read some of the stickies at the top of the Forum. One of them refers to Corey Carson's AD-OD Sandbox. Another site you should visit is:
  http://www.afp548.com/search.php?query=AD-OD+Integration&type=all&mode=search
  Tony

• Network Home Directories for all users

  Hi,
  I hope someone can shed some light on a possible issue.
  I work for a primary school in the UK.
  I have Tiger server 10.4.10 running as an Open Directory Master. I have a 1TB XRAID attached to this server where the Home Directories are hosted. I have been told that they are now slow at logging in (I am currently unwell at home so have not confirmed this yet).
  It used to be a magic triangle setup but found there were problems with the managed prefs for the clients not being obtained on startup and network logins not working.
  The DNS and DHCP comes from the AD still.
  The OD has been set up to have the same kerberos realm as that of the AD (is this wrong) as the users are in both AD and OD with same username and password.
  The users Home dirs for the OD are hosted as i say on the XRAID which has a striped array of 1TB so the HDD speed shouldn't be a problem.
  The server is now connected to a 1Gb switch as are the clients.
  I have added more ram to the Xserve (now running on 5GB RAM). I have read that an afp server needs a lot of ram to work effectively. Is this enough?
  I have not set up link aggregation yet.
  The total amount of users logging in at one time will be no more than 40 users at once as there are only 40 mac machines in the school.
  I hope you can help as i would like to have something to go back to school with to tackle this if it does turn out to be true.
  Any more info needed just ask.
  TIA

  Hi. Let me restate so I understand it right. You are using an XServe to host network home folders and also using Active Directory for authentication? I work at a primary school also and we have an XServe that has the users home folder on it, but we also connect to an AD server for authentication. We had some speed issue with logging in but as soon as we set up a time server to ensure that both the XServe and AD server had the same time the trouble was fixed. Hope this helps.

• Workgroup Manager doesn't create home directories for OD accounts

  I'm having an issue where home directories aren't created for OD accounts. My setup is as follows, the home directories are stored on the OD Master (the only Apple/OD/AD server on the network), and the home directory paths are filled as afp://192.168.1.254/Customers, fakeuser, /Users/Customers/fakeuser
  This same pathing scheme works fine for local accounts, however for OD, clicking Create Home Directory and saving the account does nothing (no errors, nor folders created). If I ftp into said account, I wind up being directed to /Users (definitely not the expected behaviour)
  I am deploying a web based upload system that I want to authenticate against OD users so as to share home folders and permissions with the ftp server, once I have this figured out I will be migrating a bunch of accounts to OD from local.

  In addition to potential DNS issues, it sounds like you may be using the wrong procedure to define the users' home directories. You should never have to specify the paths manually; instead, define the share point ("Customers" in your case) to be automounted, and then it should automatically show up in the list of available home folder locations, with all the necessary paths predefined. Here's the full procedure:
  1. Run Server Admin, and select: the server name in the sidebar -> File Sharing in the toolbar -> Volumes & Browse under that -> navigate to the /Customers folder in the column view.
  2. Make sure the folder is being shared (with it selected, you should see an "Unshare" button near the top right of the window); if not share it with the Share Button (then Save the change).
  3. Select the Share Point tab under the file browser (NOT the one above it), and select the Enable Automount checkbox. A dialog will open asking for the automount details; make sure the Directory is set to /LADPv3/127.0.0.1, Protocol to AFP, and Use for is User home folders and group folders. OK the dialog, and be sure to click Save to make the change take effect.
  4. Run Workgroup Manager, and select Accounts in the toolbar -> Users (single person icon) tab under that -> some user account(s) you want to configure under that -> Home tab on the right.
  5. Select (None) from the location list and click Save (this wipes out any current setting, so we can rebuild it correctly).
  6. The Customers share point should be in the list of available locations (due to being configured for automount); select it, then click Create Home Now, and finally Save.

• Airport Disk as home directories for server

  Is it possible to use an airport disk / time capsule as NAS host for home directories?
  I've seen no mention of being able to bind the disk to OD/Kerberos (network accounts).  Seems that would be necessary for hosting home directories.
  Or, would it simply be a matter of creating airport disk users (and passwords) which match those in OD?
  Anybody doing this?
  Thanks!

  When you log in to the linux machine, do you get an error that states that the home directory for the user cannot be found? That error message should give you the path that is set in the LDAP directory as the home directory for that user. This directory needs to be added to the Linux filesystem, and then the Users folder on the OS X Server needs to be NFS mounted (rw) on the Linux machine.
  For ease of transition, I softlink /home to this directory on the Linux machines.

• Home directories not being created

  Hi,
  I am having trouble creating home directories for users on my OSX Server Tiger 10.4.4 running on a mac mini.
  Home directoried do not seem to be created for users on my Open Directory.
  I have configured my server to be an Open Directory master. I have no other Open Directory replicas/Servers running.
  I have set up and configured DNS. It appearts to be working correctly and can resolve my server name to the local IP (10.1.1.X) and give me a fully qualified domain name.
  When accessing users on my OpenDirectory via the work group manager the directory name comease up as "LDAPv3/127.0.0.1" (local host possibly the problem).
  When I click on the "Create Home Now" button and hit save, the home dirs are not created.
  I have checked to make sure that the home directory is shared (owner root) and it seems okay.
  I have read some other threads on topics similar to this, but have had no luck. I would appreciate any help in trying to fix this problem.
  Please let me know if any further information s required.
  Cheers

  I had the same issues you've described in this thread. It turned out that I had named my server "morris", and when the client machines went to mount a user's home folder, they attempted to mount /Network/Servers/morris/Users/whoever. When I went to the Finder, I clicked on the Network icon, then the Servers icon, and listed under there was "morris.domain.com" (where domain.com is your own local domain), but not "morris". So it appeared that there was a name mismatch.
  The fix was easy. I started up Server Admin, clicked the machine I wanted to fix, clicked the Settings tab in the right pane, the Network tab up top, and changed the "Computer Name:" field from "morris" to "morris.domain.com". From that point on, my login problems went away.
  It seems that the Server Admin-set "Computer Name" has to match the machine's FQDN in DNS.

• Portable Home Directories

  I have a Tiger Server that hosts portable home directories for my Leopard Clients.
  I cannot get a portable home directory to sync with my Snow Leopard client.
  Is this possible?

  I have a snow leopard server. My < 10.6 clients can still mount their remote home directories using smb, but my snow leopard clients cannot. Has anyone shed any light on this issue?
  my client log says:
  Nov 13 09:43:40 bach07 authorizationhost[165]: cifs home directory mount failed in creating directory path: status = Authentication error
  Nov 13 09:44:41 bach07 edu.mit.Kerberos.CCacheServer[178]: launchctl start error: No such process
  My server log says:
  [2009/11/13 09:44:47, 3] /SourceCache/samba/samba-235/samba/source/smbd/oplock.c:init_oplocks(863)
  init_oplocks: initializing messages.
  [2009/11/13 09:44:47, 3] /SourceCache/samba/samba-235/samba/source/smbd/process.c:process_smb(1077)
  Transaction 0 of length 51
  [2009/11/13 09:44:47, 3] /SourceCache/samba/samba-235/samba/source/smbd/process.c:switch_message(927)
  switch message SMBnegprot (pid 2508) conn 0x0
  [2009/11/13 09:44:47, 3] /SourceCache/samba/samba-235/samba/source/smbd/secctx.c:set_secctx(278)
  setting sec ctx (0, 0) - secctx_stackndx = 0
  [2009/11/13 09:44:47, 3] /SourceCache/samba/samba-235/samba/source/smbd/negprot.c:reply_negprot(526)
  Requested protocol [NT LM 0.12]
  [2009/11/13 09:44:47, 3] /SourceCache/samba/samba-235/samba/source/smbd/negprot.c:reply_nt1(385)
  using SPNEGO
  [2009/11/13 09:44:47, 3] /SourceCache/samba/samba-235/samba/source/smbd/negprot.c:reply_negprot(627)
  Selected protocol NT LM 0.12
  [2009/11/13 09:44:47, 3] /SourceCache/samba/samba-235/samba/source/smbd/process.c:timeout_processing(133 7)
  timeout_processing: End of file from client (client has disconnected).

• Active Directory plugin not correctly creating users home directories

  Is there a trick to getting the Active Directory plugin in 10.4.7 to correctly create home directories for AD users? It is creating them with the root owning everything in it, and this is unacceptable.
  Our setup: We have a Active Directory network (Windows Server 2003 SP1 as DCs), and are trying to integrate some of our Mac clients to user AD single-sign logins. We are not using OS X Server at all.
  We do not user any sort of network home directories, as our users always use the same computers.
  We just want a user to have a local home directory created when they log on for the first time. Unfortunately, the directories are being created with the wrong permissions.
  One thing that may be the problem: the UID that are assigned to the AD users on the Mac clients are very high (> 60000000000). There is an error in the log that a UID that high cannot be added to the lastlog db, so that may be another symptom of the problem.
  Is there a way to fix this wihout changing anything on the domain?

  Is there a trick to getting the Active Directory plugin in 10.4.7 to correctly create home directories for AD users? It is creating them with the root owning everything in it, and this is unacceptable.
  Our setup: We have a Active Directory network (Windows Server 2003 SP1 as DCs), and are trying to integrate some of our Mac clients to user AD single-sign logins. We are not using OS X Server at all.
  We do not user any sort of network home directories, as our users always use the same computers.
  We just want a user to have a local home directory created when they log on for the first time. Unfortunately, the directories are being created with the wrong permissions.
  One thing that may be the problem: the UID that are assigned to the AD users on the Mac clients are very high (> 60000000000). There is an error in the log that a UID that high cannot be added to the lastlog db, so that may be another symptom of the problem.
  Is there a way to fix this wihout changing anything on the domain?

• Creating Home Directories

  Hi,
  I'm still fairly new to Mac Servers (come across from a Windows background), and am having trouble creating the home directories for the users I've created.
  Initially I created the user (just bog standard users - no mail, no calendars etc), bound the client machine to the server in Directory Utility (all working ok so far), even added the client machine to workgroup manager.
  However, the user was unable to logon - just a shaking screen after each logon attempt. Confirmed the password etc, all ok.
  Deduced (after looking on here) that it may be because the client has no home folder (a prerequisite for 10.5, even though it doesn't tell you that). However, coming from a Windows background, am unfamiliar with the syntax of network paths for Mac/Linux.
  The home folder location I've created is on the server: Server HD/Users/Shared/ and it is shared in Server manager as a Share Point. Actual folder permissions include Users: Read and Write, and share permissions are the same. AFP is on.
  In Workgroup manager, the syntax for the three fields I currently have is:
  Share point URL: afp://servername.domain.co.uk/Users/Shared
  Path to Home folder: username
  Full Path: /Network/Servers/servername.domain.co.uk/Users/Shared/username
  I click OK, then click on Create Home now, then Save and it returns the error: Unable to create Home Directory. The home directory could not be created because an error occurred.

  Hi
  +". . . The home folder location I've created is on the server: Server HD/Users/Shared . . ."+
  This is possibly where the problem lies? By default OSX Server, after installation, creates Users, Groups and Public as default share points. You only have to enable AFP and those shares are instantly available once users have been created to access them.
  Don't be tempted to delete the default Users and Groups folders as the Server will complain. There is already a default Shared folder that the Public folder resides in. Don't be tempted to delete these either.
  There is no need to create another shared directory within the top level User Directory as that is already being shared. Once you promote to OD Master and populate the node with users all you have to do is set the default Users folder to be auto-mounting for users Home folders. There is no further need to share it or define permissions. These are correctly set when the folder was initially created.
  In Workgroup Manager you should see the path as afp://fqdnofyourserver/Users. That's all you need. Simply select it and click Create Now and Save. Navigate to the Users folder and you should see the home directory has been created. There is no need either to tinker with permissions for individual users' home folders as these are correctly set at the time of creation. The default permissions model used for users' home folders is standard POSIX.
  For clients to access networked home folders correctly it's a good idea if the server's IP address is used to resolve DNS queries. Assuming the service is placed with the server?
  Unlike Microsoft, Apple don't tinker with Open Source OpenLDAP as much. They still modify it to suit their purposes but it's more standards based. If you don't want to use the default Users directory on the boot volume then simply un-share and un-automount and define a similar directory on another volume (a RAID for example) instead. Define it as a Share in Server Admin and set it for auto-mounting home directories. It will show in WGM with the correct path. Avoid long names and spaces if you can. You could stick with Users as it works.
  There is no need to resort to the command line in any of this as all the tools you need are there in the interface. Provided DNS is correctly configured on both pointers and you have not used .local as the basis for DNS it does work as it's supposed to and it works well.
  Tony

• NFS Home Directories Yosemite

  Has anyone successfully used NFS home directories for network logins?
  This used to work in 10.6.8 Server but I am having a hard time setting it up in Yosemite.  I need to enable fast user switching with multiple logins to our server which appears to be impossible using AFP.
  I'd appreciate any tips on how to accomplish this.  All clients and server are running clean Yosemite installs.

  Apple stopped officially supporting NFS based home directories when Lion and Server.app was released. I have not done extensive testing but I certainly find two sessions using fast user switching and AFP works with Mavericks clients.
  As far as I can see if a Snow Leopard server was connected to a Mavericks or Yosemite OD server it would still be possible for the Snow Leopard server to register an NFS home directory share in to Open Directory. This suggests that it might be possible to do the same even with a Mavericks or Yosemite server but that one would have to do all the work by hand in the command line. The logic for this conclusion is that Mavericks and Yosemite still include NFS even if they do not provide a GUI means to configure it and OD itself would appear to still be able to store records relating to NFS locations.
  I have used NFS home directories in the past and found it solved a number of issues including -
  Completely getting round Adobe's long time issues with network home directories
  The same for some other third-party applications
  Allowed 20+ users all on the same server to be logged in to their individual home directories in a Mac Terminal Server setup
  This was all back in the days of using Snow Leopard Server.
  I get the impression Apple secretly added the ability to use Fast User Switching for network logins with Lion or later to compensate for removing NFS support. This may have been at the behest of the developers of the two Mac Terminal Server products.

• Network Home Directories Problem

  I am running home directories for my users off our server, and every time someone tries to log in, this message comes up
  You are unable to log in to the user account "whatever the account is" at this time
  Logging in to the account failed because an error occurred
  any ideas?

  It sounds like your configuration maybe as follows.
  Main Server mounts VTRACK directly and shares it over the network
  Multiple Client Servers mount the VTRACK via the Main Server
  It has been well known for years that a single Mac logging in to a network home directory will not allow a second simultaneous login when using AFP (or SMB). With NFS it is possible.
  What you should be doing is as follows, either option 1 or option 2
  Option 1
  Build a SAN using a Fibre Channel switch, Fibre Channel connections between each server and the switch, and the VTRACK
  Run XSan on one of the servers to manage shared access to the VTRACK
  Have each server directly access the VTRACK
  Have each Client Server share their connection to the VTRACK via AFP
  Have a subset of the user accounts allocated to each Client Server
  Then say 25% of the users will login via a particular Client server, and 25% via another, and so on.
  Option 2
  Have seperate RAID systems (possibly VTRACK) one per server
  These would not be in a SAN, they would instead be used as DAS (Direct Attached Storage)
  Each server would have its own and share it via AFP
  Like Option 1 each client server would handle a subset of the users
  Then say 25% of the users would use Client Server 1, 25% Client Server 2, and so on.
  All the users would be defined in a single Open Directory system on the Main Server but on the tab which says where their Home Directory is, some would be defined as being on Client Server 1, some on 2 and so on.

• Multiple Home Directories

  I have a OD server running 10.5.2 and and 10.5.2 file server that is a member of the OD. I am curious if this is possible:
  I'd like local home directories for all of the computers (which i currently have set up in WGM by setting the home dirs to /Users. But what i'd also like is for them to have a network home directory that they can save files to for personal use. Right now i have the share set up so that there is a folder called /Users on the file server and i'd like any folder in there to be able to be mounted by doing afp://server/username
  are having both of these at the same time possible?

  This was my point. I wanted total separation.  In order to create that separation (when trying to use a network user) I had to temporarily move the existing Snow Leopard Users folder (on Partition 1) so that the Partition 2 OS (either Snow leopard or LION) will create it's own User directory structure.  This is only needed for network users (i.e. ones that authenticate via OSX server).
  Once the process of temporarily moving the Users folder, letting the new instance create it's own directories, and renaming back, everything works.  i.e. when I startup Snowleopard all operations are within Partition 1 then if I start LION all operations are within Partition 2. 
  When installing new versions of an O/S I like to have control and manage the change so that I know I have a totally working system.  Been doing the same with Linux for years, but Mac OS/X tries to be a bit too clever!

• No longer able to create home directories

  I'm having a slight problem here. Recently after adding some new users, with PHD activated I have been having problems creating home directories on the server.
  If i am in local node I can create home directories, but once i switch over to LDAP/myserver home directories are no longer created ---> this leads to me no longer being able to sync homes or do anything.
  Does anyone have any advice for me? I've deleted the users directory, created new ones, turned the ldap service off, restarted, turned it back on, restarted, added new users tested tested tested to no avail.
  Any help would be appreciated.

  My Woes continue :
  So far I have reinstalled OSX server, re-set everything up for an OD master, dns ,afp ect. And I am still having issues with WGM to create home directories for my users. SO, i decided to create all my users and than type in terminal : createhomedir -s --> the end result no changes.
  Next I tried
  Createhomedir -b and voila I get all my home directories built. Fantastic. Or so I think. so i start to log all my PHD users in, everything seems good. Than i start a test, simply downloading a file to my desktop. I hit sync now. The sync window comes up, few conflicts but other than that everything looks great. I goto the users home directory on the server and no changes.
  So where are my PHD's syncing to?
  This is getting very frustrating because I am pretty sure nothing is being backed up anymore.
  any advice would be great.