LDAP with local home directory?

Similar Messages

• AD mobile account with local home directory

  I basically have the same question as this post:
  http://discussions.apple.com/message.jspa?messageID=696367
  I have set up Tiger workstations to authenticate to AD, I am forcing a local home dir. Everything works great. I want to do the same thing for Tiger laptop users with mobile accounts. The problem is that OS X creates a second home directory outside of /Users based on attributes from my AD schema. Just like with the non-mobile users, I want to ignore all home dir attributes from AD and just use the user's home dir that is in /Users. So the question is, how can you use a mobile account and force a local home dir with Apple's AD plugin??????

  Yes, I know how to click buttons in the gui, that does not fix the issue. The issue is that the Active Directory schema at my company includes extended attributes from the RFC 2307 schema. Apple's AD plugin does not know how to handle this extended schema especially when using mobile accounts.
  Apple's AD plugin reads these unix attributes from AD and thinks it knows what to do but ends up causing more problems then if there were no unix attributes at all.
  Since this post, I have opened a ticket with Apple. They were able to recreate the problem in their lab with their AD server. The only work around is to create a custom ActiveDirectory.plist file that forces the Mac to ignore what AD is telling it.
  This solution works unless the ActiveDirectory.plist file is deleted or corrupted. This problem will only become worse once Microsoft includes all of the RFC 2307 schema in their next service pack of Win 2003 server.

• How do you setup a user mobile account, with the home directory stored locally and not synced to the server?

  I want to be able to setup a user mobile account, with the home directory stored locally and not synced to the server.  What is the best way to do this? I am running Server 10.6 with 10.6 clients.  Open Directory will be used to authenticate and manage preferences.   Also, this one account will be used simultaneosly in a computer lab setting, so files will be stored locally in the client, hence the need to NOT sync to the server.  Any Ideas? 

  currofelix wrote:
  So what does WGM Look like in the Home Tab? afp://servername.domainname/Users? or afp://Users?
  The attached screen shots should help you:
  You will only have to do this step once. Obviously you want to use the user's shortname here.
  Then, you will see this as an option in WGM:

• Network accounts with local home folders

  First of all sorry for my bad english.
  I want to obtain network accounts with local home folders.
  I have found this post very interesting to solve my problem.
  http://discussions.apple.com/message.jspa?messageID=2140595#2140595
  Following this indications I have obtained it but I dont see the Public folder of any home folder from the network.
  How I can solve this? I must share the Public folders manually? How? I have proven with SharePoints 3.5.4 and I have not obtained it.
  Thanks
  iMac Intel Core Duo   Mac OS X (10.4.6)  

  Hi
  Clients should be bound to Open Directory and be using the OD Master for their DNS. Launch WorkGroup Manager and authenticate to the LDAP node. If you have only a few Users you can do it at that Level if hundreds do it at Group Level. Select Preferences > Mobility. It's fairly obvious thereafter.
  After the home folder has been created you can make that account a local administrator if you wish.
  This assumes the Server has been configured as Advanced. Please don't take this advice if you've used anything else.
  Tony

• How to set up Open Directory Users with local home folders?

  Hi folks,
  i set up a Mac mini Server with the services DNS, DHCP, AFP and OpenDirectory running. Everything is working fine so far but i want my OpenDirectory Users to have their home folders locally on the clients harddisk. My Leopard clients are already bound to the directory but everytime i try to login the login window is shaking even when i use the Directory Administrator account. What am i doing wrong?
  Thanks.

  (Did you read my other reply? You need to make it a portable account for the caching of login credentials.)
  With network homes and portable account enabled on a machine you always run from the locally stored homefolder on that machine.
  This homefolder syncs with the server network home folder for that account.
  If either of these folders get corrupt or unintentionally altered files (permission problems) somehow, there is risk of losing files, syncing problems and more (can take long time to sync at login/out, during even without corruption - I prefer gigabit cable to WiFi for this for obvious reasons).
  You at least need to monitor storage space in both places. You don't want either to fill up the disk (worse on server because several users can have their folders corrupted at the same time). Working quota settings / account is probably a good thing.
  And you probably need to decide what is synced : all folders or just some (and when / how often).
  You either do this form the server (you decide) or let the user have some say or a mix of these two.
  You might want to leave out the user's personal files (music, movies and such) and also depending on emaIl client used, maybe not sync email if the client saves it like Entourage does it, in big ever changing database files. Might be better to just backup the mailserver if IMAP based.
  If a user puts other large files in their homefolder (often on the Desktop) they can fill up the server fast. DVD-projects anyone?
  Mixing different versions server/client might not work too good either.
  So having said that, when syncing works it can be really good and you can restore a machine/account fast with pretty recent data. You can if in a hurry even log in from another machine using the account network home folder, getting access to the synced folders/files.
  Using Time Machine it's a one way "sync" (more like "duplicate changed and new files" - which I like) and you have to manually set TM settings on the client for what is going to be backed up and when. I do atleast don't know how to do it from/on the server. This "less intervention by the server" can be a good thing but if your users don't "behave" you might want to be in the drivers seat "saving them from themselves".
  TM backups can grow fast and probably demands more user interaction when storage space is used up.
  As with all "backup" configurations you probably want some rotating media backup of both network homes and/or TM backups so you can do a restore. Of these two, network homes are the more important one to backup "further".

• Network user can't see local home directory

  Hi there,
  I have a Mac Mini running Lion Server with Directory Services turned on. I've been using this to allow network users to log into Lion clients, as well as set up mobile accounts. This has been working fine.
  Now I've just created a new network user for use with a Mountain Lion client and have experienced some strangeness with this new user's home directory. The binding to the directory was fine, and the credentials for the network user were fine. However, when logged in, this new user has his home drive mapped to /Network/Servers/<servername>/Users/<username> rather than the expected /Users/<username>. This has bad side-effects. For instance, Chrome tries to save downloads to the server instead of locally.
  What I can't work out is why the home directory isn't pointing to a local location. The other users (on Lion) have the same home directories defined in their Open  Directory profiles. The only difference is the new user is on Mountain Lion, but I don't think this has any bearing to the problem.
  Can anyone offer some advice?
  Benjamin

  So I took my Mac Mini running OS X 10.8 Server, along with two client laptops: one exhibiting the problem I described, and the other where network logins and home directories worked as intended.
  Long story short, the guys at the Bar couldn't figure it out. The user definitions in Open Directory seemed ok, but they still couldn't work out why no local home directories were being created. Not sure if this helps, but in trouble-shooting, we also discovered that trying to login with a network user on the problematic laptop didn't work when the server wasn't on the network. It's as if the server is required to be present.
  Anyway, the case has been referred to the business team, which is supposed to have more expertise with OS X Server.

• AD user with no home directory does not work correctly

  Hey guys:
  I just tried to login as a standard AD user and was able to login, but the finder is having issues.  The Finder seems to reset itself and the dock would also reset, plus the top menu bar is not present, anyone else with this issue?  Also I login as my account with admin rights and have no problem, I am thinking about trashing the finder prefs and dock prefs and see what happens then, will post back if I find anything.
  John

  We're suddenly getting the same issue here.
  A MacBook Pro (OSX Lion) installed a few months ago has no issue when setting up new users.
  The MacBook Pro (OSX Mountain Lion 10.8.2) which arrived this week is a different matter altogether!
  Once it joined the domain every attempt to log in as a network user has failed. The following ticked options work on our Lion machines:-
  Create mobile account at login
  Require confirmation before creating a mobile account
  Use UNC path from Active Directory to derive network home location
  Default user shell: /bin/bash
  However, the Mountain Lion machine is having none of it. Network users get no finder bar across the top, the Finder icon will bounce every so often as though it's tried, and failed, to load.
  Terminal states "no home directory"
  The only way to get these working is to turn off the "Create mobile account" ones, then manually create an account once the user logs in (with a local administrator on hand to elevate when prompted).

• Problem with user home directory redirection on OS X

  It appears that the Authorware 7.01 runtime gets confused
  when home directory redirection is used on Mac OS X to redirect a
  user's directory to the network.
  I suspect it is a problem with the path to the Application
  Support folder where Authorware stores its .rec files.
  That happens is that JumpFileReturn returns to the start of
  the piece, rather then returning to where the jump was performed.
  As anyone else seen this? Is there any workaround?
  On Windows one can setup and ini file to tell Authorware
  where to store temporary files. Is there any such equivalent on
  Mac?

  I'm not sure of the process on macs that match the use of the
  ini file, but
  the goal was always identical operation on both platforms so
  it's very
  likely that the ini file is read and interpreted in the same
  manner.
  It seems that the 'initial' location of the current records
  folder is the
  one that's messed up. The .rec file is created on the local
  machine rather
  than the redirected one. I can only guess that either the
  home folder isn't
  redirected until after the first AW piece starts or the
  initial setting is
  being set to a 'default' location for the user rather than
  asking the system
  what the current location is. A solution might be to create a
  "launcher"
  application with Authorware designed to start up and jump to
  what is
  currently your startup piece. This way the RecordsLocation
  should be changed
  to the network location and you can ignore the original rec
  file since
  you'll never return to that first location.
  HTH
  ====================
  Mike Baker
  Adobe Community Expert
  [email protected]
  "peterevensen" <[email protected]> wrote in
  message
  news:[email protected]...
  > On Mac OS X, you can set a workstation up to have the
  user's directory
  > (including the preferences folder, etc.) on a file
  server. If one sets up
  a
  > Mac workstation to do this, Authorware quits working
  properly when you
  jump
  > between pieces.
  >
  > The piece is set up correctly. I don't touch the User
  Record location.
  The
  > pieces are set to resume and work fine if the user's
  directory is not
  > redirected.
  >
  > When Authorware jumps to another piece/file, it dumps
  out a *.rec file
  > containing the current state. These are stored on the
  Mac in <user
  > directory>/Library/Application
  Support/Macromedia/AW7Data folder. When
  the
  > user directory is redirect to the network and the user
  exits the file that
  was
  > jumped to, the original piece starts over from the
  beginning. This is
  the
  > same behavior you see if Authorware cannot write out the
  *.rec file (e.g.,
  if
  > you write protected the above folder, or the equivalent
  folder on Windows,
  > hence the change in AW 6.5
  >
  http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_16607&sliceId=1
  >
  > This problem has been reported in the field several
  times. I haven't set
  up a
  > server yet to reproduce it, but my assumption is that
  Authorware is not
  getting
  > the path or not handling the path to the user's
  Application Support
  properly
  > when it is redirected to a network server.
  >
  > On Windows, there is an .ini file which can be used to
  change where
  Authorware
  > stores temporary file (.rec). I don't believe there is
  an equivalent for
  the
  > Mac runtime, is there? I see that I could change that
  path using the path
  > parameters in JumpFileReturn, but does that change where
  the current piece
  your
  > jumping from writes out the .rec file? It would be
  preferable if I could
  > change it globally once, rather than going into the 100s
  of pieces I am
  > maintaining.
  >
  > I'm not sure an aw7.ini would fix the problem in any
  case, since I am not
  sure
  > where one could safely map the user record location,
  since this is a
  multi-user
  > environment. You couldn't map everyone to the same
  location.
  >
  > Your reply, while not answering my question directly,
  has pointed me to
  some
  > more things to look at (like the path parameter on
  JumpFileReturn),
  although
  > I'm not sure why Authorware isn't working without
  changing that. If you
  have
  > any additional suggestion, I would greatly appreciate
  it!
  >
  >
  quote:
  Originally posted by:
  Newsgroup User
  > I'm not sure what you're asking. Can you provide more
  detail? Are you
  > using JumpFileReturn to launch another file, which also
  sets a different
  > UserRecord location? And that doesn't work...how?
  > Do you have 'resume' set in the File Preferences instead
  of 'restart'?
  > Erik
  >
  >
  >
  >

• Aperture 2 Thinks Referenced Images are Offline with Network Home Directory

  Aperture thinks my Home directory is offline, but it's not. My Home directory is on a Mac OS X Server on the LAN (i.e., not on the machine in front of me that I run Aperture 2 on). I'm able to import images from my Nikon D200 in RAW/NEF format using Aperture 2, and write them to my Network Home directory (again, on the Mac OS X Server across the LAN) with no problem. Images are added to Aperture Library as REFERENCED images. Actual image files and Aperture Library are within the Pictures folder in my Network Home directory (on the OS X Server across the LAN). Previews and images show up fine initially. However, after importing and quitting, the next launch of Aperture 2 shows those same imported/referenced images as being offline (i.e., alias badge with red strike-thru). No way to get Aperture 2 to recognize that these image files are really ONLINE, not off.
  Tried to re-establish the link from Aperture to each image file using File->Manage Referenced Images..., but that corrupted something. Image becomes red slate with "Unsupported Image Format" message, and image preview goes blank/gray on next Aperture 2 launch.
  Previous version of Aperture (v1.5.?) did not have this problem.

  Thanks for the replies (in triplicate! from grommet). More information:
  REFERENCED images that were imported earlier (using Aperture v1.5.x) show up ON-LINE in Aperture 2 (i.e., all is OK with the earlier images; referenced image badge has no red strike-thru).
  The images that were imported more recently--all with Aperture 2--continue to show the referenced image badge with the red strike-thru, indicating Aperture thinks they're OFF-LINE (even though they're not). This makes it impossible to edit or use any of the more recent images that were imported with Aperture 2.
  Here's the kicker: the more recent images imported with Aperture 2 and indicated as being OFF-LINE are stored in the SAME general file location as the earlier images that were imported with Aperture v1.5.x and are indicated as being ON-LINE!
  My Home Directory is on a Mac OS X Server across the LAN.
  Aperture Library is at: ~/Pictures/
  Earlier images are at: ~/Pictures/Digital Photos/Roll-000001/1999-05-26-0001.NEF
  Recent images are at: ~/Pictures/Digital Photos/Roll-000107/2008-04-17-0001.NEF
  Clearly a bug with Aperture 2. I've filed feedback with Apple. Hope to heck this bug is not overlooked in next incremental release. I'm stuck/dead in the water without a fix.

• Script to remove local home directory after sync

  Does anyone have a good script to clear (periodically) the local home folders created by mobile accounts for sync ?
  There is one mentioned in John DeTroye's overview of Tiger server v12.1, by Steve Hayman, but I'm having trouble running it via ARD.
  Thanks

  I'm doing this for 2 reasons:
  - as a scripting exercise
  - because the local repo is a shared wordpress mess and people forget to make commits so I'd like a local backup that includes all changes that may not be in github (sadly).
  Anyhow, thanks for the input about trap, I'm definitely confused by it's use at this point but have reworked the script without it.
  #!/bin/sh
  set -e #Exit on any error.
  TIME=`date +"%m.%d.%Y@%H:%M:%S"` # Define the TIME variable as today's date and time.
  MONTH=`date +"%b"` # Define MONTH as today's month.
  FILENAME="backup-$TIME.tar.gz" # Define the filename structure.
  SRCDIR="/stuff" # Define folder to backup.
  DESDIR="/Backup/$MONTH/" # Define the backup folder location.
  LOGFILE="$DESDIR/backup-$TIME.log" # Store the output in a log.
  REMOTE=$(git ls-remote -h origin master | awk '{print $1}') # Get commit hash from head of remote master repo (github)
  LOCAL=$(git rev-parse HEAD) # Get commit hash from head of server repo (dev/test)
  if [[ $LOCAL == $REMOTE ]]; then # If the hashes match
  echo "No update required." >> $LOGFILE # Then no pull is needed
  else # If the hashes don't match then prepare to run our backup
  mkdir -p $DESDIR # Create our directory if it doesn't exist.
  echo "Backup started for "$TIME >> $LOGFILE # Make it log what it's doing.
  tar -cpzf $DESDIR/$FILENAME $SRCDIR >> $LOGFILE 2>&1 # Perform the backup.
  echo "Backup Finished for "$TIME >> $LOGFILE # Log that it's finished.
  echo "Preparing for git pull " >> $LOGFILE #Log what we're doing.
  cd /stuff >> $LOGFILE 2>&1 # Make sure we're in our repo directory
  git pull >> $LOGFILE 2>&1
  echo "Git pull completed successfully. " >> $LOGFILE
  mail -s "Backup log `date`" [email protected] < $LOGFILE # Email the output to me.
  fi

• Can standard users install applications to their local home directory?

  I want to setup multiple user accounts on my machine. I've been doing some tests and it looks like when you try to install an application from the App Store it requires an admin user name and password, and then the App Store installs the application to the '/Application' directory.
  Is it possible?
  (1) To set up the system in a why that all users install their applications to '~/Applications' (their home directory) without the need for admin passwords.
  (2) If an admin user wants to give access to a application to everyone on the system it is installed to '/Applications'
  Thanks in advance.

  The default installation is in the main Apps folder. This can't be changed. If you want an app in the user account Apps folder, the user should drag it to that folder when installation is complete.

• Mounting a local home directory

  Here is a scenario:
  A distributed environment with offices in cities worldwide.
  Requirement: When a user logs into a local workstation, say in Chicago, the user mounts a homedirectory on a Chicago server. When a user logs into a local workstation, say in London, the user mounts a homedirectory on a London server. etc etc
  Can this be done with DS 5.2 on Solaris9 ?
  I have not tried anything but these are my ideas:
  My first solution is to implement local ldap servers, then configure the client to use the local server as the default server. The local server then has an auto_home entry to refer to the local file server. The problem is that then one cannot set up a replicated environment because the master LDAP server at HQ would overwrite the local LDAP server with a different auto_home entry (unless one excluded the automountinformation attribute from replication ?)
  Any other ideas?

  [This is drifting too much from DS, but see my note at the end]
  For automount see the man page automount(1M) and look for "Replicated File Systems". It has hard-coded selection rules which favor local networks, and you can include client-side variables (predefined + automountd(1M) options) in your values.juser    $MYSRVR:/export/home
  *    chi-srvr,lon-srvr:/export/home/&amd (am-utils) is much more flexible, see http://www.am-utils.org/docs/am-utils/am-utils_8.html#SEC58.
  home/*  -type:=nfs;sublink=${key};rfs:=/export/home netgrp(eur-hosts);rhost:=lon-srvr \
      network(192.168.1.0);rhost=lon-srvr network(17.16.0.0);rhost=chi-srvr rhost=chi-srvrThe relevance to Directory Server and LDAP is that older techniques (often used with NIS) may still be valid and might just need a couple of simple, global LDAP entries. Targeting the tool which uses your data might avoid twisting your DIT into knots trying to control what data gets seen by those tools.
  That being said, I am personally very curious to see the DS and LDAP based solutions.

• Secure External LDAP with local user provisioning in a org.

  To all:
  I'm working with 05Q1 or as some say v3. I was able to successfully set up user authentication with external ldap and dynamic creation of users with in local org and ldap and map over attributes for storage into local ldap. Now I need to try and make it a secure external ldap authentication. Without disturbing any of the other orgs with in the local system.
  Is it possible without turning on security for all? Where would the certs be stored for the secure external LDAP that I am authenticating against?
  Help would be appreciated.
  If anyone is trying to do the same thing let me know if your having trouble. I sure did, just getting to the point that I am right now.
  Thanks,
  - Milo

  Hi,
  Check following forum thread.
  Re: custome role maper example
  Regards,
  Kal

• Mountain lion server network accounts are not mounting network home directory, rather its creating a blank local directory

  I have set up a scratch mountain lion server with open directory.  copied over old user account directories and added my users that match the directory ids.  Currently if a networked user logs into a networked computer, instead of mounting the network home directory, its creating a local home directory.  suggestions?
  thanks,
  Dave

  Additional info: it appears that certificates are not working either: setting up ical: "the certificate for this server was signed by an unknown certifying authority."...

• Local homes, dual directory, logins

  Hello all,
  I'm having a bit of a problem. Running 10.8.2 server with local home dirs connected to Windows 2008r2 server. The question is our users login with their student numbers. For example John Smith is 901001001. He can login with 901001001 it makes his account and everything is great. Except that he can also now login with John Smith OR 901001001. We just want him to login as 901001001 and NOT John Smith. Is there a way to make OS X not grab the Display Name from AD and instead just use logon name?
  Thanks,
  Jonathan

  Not that I am aware.  Unless you modify the Record Name attribute in AD.  For example, a record may contain:
  RecordName:
  jdoe
  john doe
  [email protected]
  DOMAIN\jdoe
  DOMAIN\john doe
  John Doe
  [email protected]
  All of these can be used as the login name.  If you removed everything but the one you wanted, then only that one would permit login.