Sol 10 TX Home Directories LDAP AUTOFS

Similar Messages

• Automount Home Directories from LDAP

  I have a Red Hat Linux LDAP/kerberos Server (IPA Server) that i beside authentication also use as a NFS Server sharing users Home Directories.
  All information for Solaris machine is provided from a custom DUAProfile in LDAP.
  Relevant autofs information in DUAProfile:
  serviceSearchDescriptor: automount:cn=default,cn=automount,dc=example,dc=org
  serviceSearchDescriptor:auto_master:automountMapName=auto.master,cn=default,cn=automount,dc=example,dc=org
  All users on the network have their home directories under /home
  I have a auto.home map on the server with key:
  * -rw,soft ipaserver.example.org:/home/&
  This setup works perfect for our Linux clients but not for Solaris.
  In Solaris, autofs seems to look for local users home directories too in the LDAP tree and thus making them unavailable when logging in.
  Even though +auto_home is after the local usermappings.
  t4 LOOKUP REQUEST: Tue Dec 25 22:08:36 2012
  t4 name=localuser[] map=auto.home opts= path=/home direct=0
  t4 LOOKUP REPLY : status=2
  Removing autofs entries in DUAProfile and specifying every user directly in /etc/auto_home works with a delay in mount.
  This is however a less than satisfactory solution.
  I thought about just removing local user mounts to /home from /export/home but that does not seem to be a good idea.
  How could i make this work the way i want with wildcards?
  Regards,
  Johan.

  I have now tried with a different share and mountpoint (/nethome) on a different test server.
  Verified that i can mount it through krb5 and automount works for Red Hat Linux clients.
  ssh, su and console login works on Solaris 11 except for finding home directory through automount.
  root@solaris2:~# ldapclient list
  NS_LDAP_FILE_VERSION= 2.0
  NS_LDAP_BINDDN= uid=solaris,cn=sysaccounts,cn=etc,dc=example,dc=org
  NS_LDAP_BINDPASSWD= {XXX}XXXXXXXXXXXXXX
  NS_LDAP_SERVERS= server.example.org
  NS_LDAP_SEARCH_BASEDN= dc=example,dc=org
  NS_LDAP_AUTH= tls:simple
  NS_LDAP_SEARCH_REF= TRUE
  NS_LDAP_SEARCH_SCOPE= one
  NS_LDAP_SEARCH_TIME= 10
  NS_LDAP_CACHETTL= 6000
  NS_LDAP_PROFILE= solaris_authssl1
  NS_LDAP_CREDENTIAL_LEVEL= proxy
  NS_LDAP_SERVICE_SEARCH_DESC= passwd:cn=users,cn=accounts,dc=example,dc=org
  NS_LDAP_SERVICE_SEARCH_DESC= group:cn=groups,cn=compat,dc=example,dc=org
  NS_LDAP_SERVICE_SEARCH_DESC= netgroup:cn=ng,cn=compat,dc=example,dc=org
  NS_LDAP_SERVICE_SEARCH_DESC= ethers:cn=computers,cn=accounts,dc=example,dc=org
  NS_LDAP_SERVICE_SEARCH_DESC= automount:cn=default,cn=automount,dc=example,dc=org
  NS_LDAP_SERVICE_SEARCH_DESC= auto_master:automountMapName=auto.master,cn=default,cn=automount,dc=example,dc=org
  NS_LDAP_SERVICE_SEARCH_DESC= aliases:ou=aliases,ou=test,dc=example,dc=org
  NS_LDAP_SERVICE_SEARCH_DESC= printers:ou=printers,ou=test,dc=example,dc=org
  NS_LDAP_BIND_TIME= 5
  NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=posixAccount
  NS_LDAP_OBJECTCLASSMAP= printers:sunPrinter=printerService
  root@solaris2:~# sharectl get autofs
  timeout=600
  automount_verbose=true
  automountd_verbose=true
  nobrowse=false
  trace=2
  environment=
  From /var/svc/log/system-filesystem-autofs\:default.log:
  t4 LOOKUP REQUEST: Wed Dec 26 12:28:43 2012
  t4 name=user02[] map=auto.nethome opts= path=/nethome direct=0
  t4 getmapent_ldap called
  t4 getmapent_ldap: key=[ user02 ]
  t4 ldap_match called
  t4 ldap_match: key =[ user02 ]
  t4 ldap_match: ldapkey =[ user02 ]
  t4 ldap_match: Requesting list for (&(objectClass=automount)(automountKey=user02)) in auto.nethome
  t4 ldap_match: __ns_ldap_list FAILED (2)
  t4 ldap_match: no entries found
  t4 ldap_match called
  t4 ldap_match: key =[ \2a ]
  t4 ldap_match: ldapkey =[ \2a ]
  t4 ldap_match: Requesting list for (&(objectClass=automount)(automountKey=\2a)) in auto.nethome
  t4 ldap_match: __ns_ldap_list FAILED (2)
  t4 ldap_match: no entries found
  t4 getmapent_ldap: exiting ...
  t4 do_lookup1: action=2 wildcard=FALSE error=2
  t4 LOOKUP REPLY : status=2
  The automount map is called auto.nethome
  key is: * -rw,soft server.example.org:/nethome/&
  Is it that Solaris automount dont like asterisk(*) in a automount key?
  At least now the local users home directories work when i am not trying to autofs mount to /home.
  Anyone know what is wrong here?
  Thank you for your help.
  Regards,
  Johan.

• How to configure Airport Extreme AFP disk sharing to host multiple users' home-directories (Lion, using autofs)

  I have this working, but only by completely bypassing access control, using guest access with read+write permissions.
  Do I need to buy Lion Server, to do this. All my past unix/linux experience says Lion Server should _not_ be necessary.
  This seems like a simple & obvious setup objective, but it is proving to be harder than I would imagine.
  Setup:
  multiple users, sharing two mac mini's running OSX Lion
  connected to an Airport Extreme (4th gen) with a USB disk shared (either via disk password, AEBS password, or using AEBS user's passwords).
  After much experimentation and web research, I finally have managed to get the mini's to auto mount the Airport Extreme's AFP shared USB disk. Well almost... It only works if, on the Airport, I set the guest access permissions to read+write and select the "Secure Shared Disks" method to "With disk password" or "with Airport Extreme password".  In other words, it only works if I essentially bypass/disable access control by using the guest authentication mechanism to the AFP shared disk.
  On the Lion side of this, I am automounting the users directories via "autofs". The config files for this are
  /etc/auto_master:
  # Automounter master map
  +auto_master            # Use directory service
  /net                    -hosts          -nobrowse,hidefromfinder,nosuid
  /home                   auto_home       -nobrowse,hidefromfinder
  /Network/Servers        -fstab
  /-                      -static
  /-                      auto_afp
  /etc/auto_afp:
  # Automounter AFP master map
  # https://discussions.apple.com/thread/3336384?start=0&tstart=0
  /afp/users -fstype=afp afp://;AUTH=No%20User%[email protected]/Users/
  Then, after rebooting and verifying read+write access to the /afp/users directories, I change each user's home directory: In System Preferences > System > Users & Groups, I right-click over the users to access the Advanced Options, changing the Home directory field to point at the AFP-mounted /afp/users/Users/* home directories.
  I experimented with alternate UAM specifications, as well as both OSX and AESB users & passwords. Using guest access is the only thing that has worked.
  Any pointers would be appreciated...

  Based on lots more experimentation which confirms the information in a parallel discussion (cf. Automount share as non ROOT or SYSTEM user! https://discussions.apple.com/thread/3221944), I have concluded that the Lion 10.7.2 implementation of AutoFS mechanism is broken. I submitted a bug report via apple.com/feedback.
  Work arounds..?
  Earlier I wondered if installing Lion OSX Server was necessary.  The more I contemplate this, the more I am convinced it _should_not_ be necessary. The client-server architecture is clear: my mac's are the file-server client's and the Airport Extreme is supposed to act as the file server. The only thing instaling Lion Server would do (besides enriching Apple.com) is enable me to configure one of the mac's as the file server. This would require it to be "always on" (thus enriching my electric utility as wel).  Okay, an additional benefit would be configuring software RAID disks attached to the Lion server, but Time Machine has worked fine for me in the past, backing up to disks mounted on the Airport Extreme.
  One solution is to create a disk partition for each user and instruct each user to connect / authenticate to the Airport Extreme AFP share at login.  The multiplicity of partitions is necessary since the first user to mount the AFP share, takes ownership of it, blocking other users from accessing that disk partition.  A user can "steal" ownership by reconnecting, but this will leave the other user's applications & open files dangling.
  This disfunctional situation really *****.  Before instaling Lion, I put a 64 GB SSD (solid state disk) in each of our mac's. I did this expecting to easily configure the /Users/* data on external networked storage. I'm having a dejavu "Bill Gates"-ware moment; problems like this were why I abandoned Windoz.
  I will make a few more experiments using the depreciated /etc/fstab mechanism.  Maybe that will bypass the broken-ness of AutoFS...? Alternately, I guess I could also try to run Kerberos authentication to bypass whatever is broken in AutoFS, but that would require a running a Kerberos daemon somewhere.  Possibly I could configure a Kerberos service to run on both my mac's (without installing Apple's Lion Server)...?
  Stay tuned...

• LDAP Users & Home Directories

  Hello, any help would be much appreciated on this one!
  I have a Dual 2.3Ghz Xserve G5 running OSX Server 10.4.9 with a 700Gb Xserve RAID. All users home directories are stored on the RAID. I had 1361 users on the LDAP Open Directory system and all was running perfectly. I tried to add another 10 users, all added fine into Workgroup Manager, but I was then getting "User already Logged In" messages, when the users were not logged in. If I turn on "multiple logins" the user can login but the home directory is not created!! Is this a limitation of LDAP OD? A problem with the OS and the Finder not handling more than 1361 directories??? Any help would be excellent!!!!!!
  Dual 2.3Ghz G5 Xserve & Xserve RAID   Mac OS X (10.4.9)   Latest updates installed!

  Hi
  Wow! I wonder what the load on the CPU would be?
  I’ve read somewhere that OSX Server as an Open Directory Master can host up to 10,000 users and by implication – you would assume – the same amount of home folders.
  What you’ve got ask yourself is whether the network can cope with that amount of users? If you have the budget you should really be looking to balance the load with more than one server, probably 3 at the least. One to run DNS and DHCP Services, another to run Open Directory and another to run simple file services such as AFP, Windows, Print etc. It would be a good idea in the environment you describe to think about a fallover (replica) server also.

• NFS and  LDAP on different servers: Problems with location of home director

  Dear Apple Experts.
  We are using LDAP server for user authentification
  and NFS server for home directories.
  Both are decictaed servers on differnt machines.
  on the NFS server there are directories
  /home/urpi
  for staff's home directories
  and
  /home/students
  for student's home directories
  both are mounted to the Mac minis in
  /Users directory
  so
  /Users/urpi
  contains home directories for staff
  /Users/students
  contains home directories for students
  Authentification works well andpermission are set as needed
  but OS X shows missing home directories for LDAP authentificated users
  and terminal shows missing home directory
  for me it is
  /home/urpi/fodrek
  I was tried to mount NFS to /home, but it is not allowed
  Would I ask if there is any setting to add directories, where home directories are placed,please?
  I look forward hearing form you.
  Yours faithfully
  Peter Fodrek

  So none of these machines are Snow Leopard servers?
  What exactly do you mean when you say you tried to mount the NFS share to home? Can you copy and paste the command and error?
  It sounds as though you don't actually have the NFS shares mounted. Assuming this is so, you might want to investigate how the automount command works so that your MacMinis mount the NFS shares on boot.
  If your NFS/LDAP server is an OS X 10.6 server, set the shares to be automounted as user/group directories. Make sure your LDAP server is providing correct information on the home directory location. If it is local, I think the home directories need to be in /Users. If your mounts are indeed working but you cannot login, you might consider making links from /Users to /home/urpi or /home/students on an account-by-account basis (could be done with a quick shell script).

• Automount Home Directories Failed

  Hi There,
  i have solaris 10 server that is running zfs filesystem.
  after patching this server, the clients running sol 10 are not mounting the home directories anymore.
  i see that /etc/dfs/dfstab file has the word "Error: Syntax" infront of the line where home directories are getting shared.
  also the autofs svcs is up, while the nfs/server svc is offline*.
  any thoughts, what should i check.
  any help will be greatly appreciated.
  thanks
  wasim.

  Thanks alot for the reply, here is what you need.
  svcs -xv nfs/server
  svc:/network/nfs/server:default (NFS server)
  State: offline since Tue Feb 22 09:56:10 2011
  Reason: Start method is running.
  See: http://sun.com/msg/SMF-8000-C4
  See: man -M /usr/share/man -s 1M nfsd
  See: /var/svc/log/network-nfs-server:default.log
  Impact: This service is not running.
  bash-3.00# dfshares
  nfs dfshares:edison: RPC: Program not registered
  bash-3.00# vi dfs/dfstab
  "dfs/dfstab" 16 lines, 629 characters
  # Do not modify this file directly.
  # Use the sharemgr(1m) command for all share management
  # This file is reconstructed and only maintained for backward
  # compatibility. Configuration lines could be lost.
  # Place share(1M) commands here for automatic execution
  # on entering init state 3.
  # Issue the command 'svcadm enable network/nfs/server' to
  # run the NFS daemon processes and the share commands, after adding
  # the very first entry to this file.
  # share [-F fstype] [ -o options] [-d "<text>"] <pathname> [resource]
  # .e.g,
  # Error: Syntax share -F nfs -o rw -d "home directory" /tank/home
  # Error: Syntax share -F nfs -o ro -d "local" /tank/local
  bash-3.00# zfs get sharenfs tank/home
  NAME PROPERTY VALUE SOURCE
  tank/home sharenfs rw=soemgr,rw=soelab113 local
  well i did try to correct the dfstab file but did not work. i dont know what was being used to share the home directories, but i do recall that dfstab file was not like the one above.
  any thoughts,
  wasim
  a

• Automounting home directories from Redhat Linux OpenLDAP server

  We have an existing, functioning autofs environment here. At least the linux boxes have no problem automounting user home directories.
  I am looking for a more comprehensive solution to getting our macs integrated into this environment.
  What should the ldap entries contain?
  What should the attribute mappings be set to.
  I have ldap authentication working - the only thing left is automounting.
  Also - is there a way to get the nfs client to work over secure ports by default? Or is this a BSD thing?
  Thanks

  http://rajeev.name/blog/2007/12/09/integrating-leopard-autofs-with-ldap/
  There's some additional LDAP schema stuff that has to be done; Apple seems to have gone with the most absolutely bleeding edge RFC for automounts - and then removed all legacy support.
  This covers most of the issues, however, there is one that I'm still unable to resolve:
  typically, a linux box does autofs using an entry like
  "* -fstype=nfs foo:/home/&"
  LDAP uses a slighty different entry, but it works.
  I haven't for the life of me been able to get auto.home mounting from LDAP as easily as if it is defined in the file.
  The frustrating part is that the post gives a really good example LDIF; but it still doesn't seem to work.
  So while I have other automounts working wonderfully, the wildcarded home directories are still a bust.
  So if you're willing to forgo using LDAP for autofs mounting home, then hard-coding /etc/auto_home will fit the bill.
  But since the link seems to imply that it works, I'm wondering what's gong on...
  Message was edited by: pariah0
  Trying to get the asterisk...

• Home directories from GUI work but not from command line

  I'm having trouble accessing home directories through SSH. After significant trouble, I reinstalled OS 10.4.6 Server on each of my 24 XServes. This is a HPC with an XServe RAID providing the storage space. I promoted the first XServe to an Open Directory master and created 2 test users. I created a two sharepoints from the XServe RAID--one for general data and one for home directories. I enabled AFP on both, granted R/W access to the default group "staff" (of which my two test users are members) and set the home directory sharepoint ("HomeDir") to automount using AFP for users' home directories through WGM. If I use Remote Desktop to login to one of the cluster nodes, the home directory seems to mount correctly. However, if I try to access the same user account through the command line--the home directory cannot be found.
  I can cd to /Network/Servers/headnode.domain.com/Volumes/HomeDir; but I cannot see any of the folders listed there. On the head node, I can verify that the user's home directory has been created--it seems to be fully populated. I've checked permissions, and they seem to be correct; but the fact that I cannot access it from the command line seems to suggest that there's a greater permissions issue.
  I've tried doing the identical setup using an NFS automount instead of AFP with no success. I can't find any answers for command line/SSH access to this problem. Any help would be appreciated.
  Thanks,
  CF

  I've discovered something else in the course of troubleshooting this problem. If I login as a test user through remote desktop to, say, node1.domain.com; the home directory mounts correctly; and, as long as I do not reboot either headnode.domain.com or node1.domain.com, I can login via SSH and access my home directory.
  Of course, if I do reboot--access no longer works. I've browsed through dozens of other posts and tried to follow other users' suggestions. I've manually created a hosts file, which I've uploaded to /etc/hosts on each node. I've double and triple checked DNS and DHCP--I have LDAP propagated through autodiscovery on DHCP; I have each node statically assigned; and I have DNS entries for each node. I also have computer entries in WGM; and I've used the FQDN of each node (node#.domain.com) for everything across the board.
  I'm also hitting the "authentication error" when I try to access my other AFP sharepoint. I can't figure this out.

• Firefox 3.6 not compatible with home directories stored on AFP file server

  I just wanted to let everyone know that I have discovered, at least in my situation, that Firefox 3.6 does not work with user home directories stored on AFP file servers.
  My network consists of PPC 10.411 clients and a Mac OS X 10.62 server. User home directories are stored on the server, the user is logged into a "Golden Triangle" LDAP domain, where the Mac clients bind to a OSX Server and the OSX Server is a member of the Active Directory domain.
  Worked perfectly fine on Firefox 3.57, now in 3.6 it will either not launch, will freeze with the beachball or will only show the Firefox window and not the main web browser.
  This has happened before with a 3.0x update from a few months ago. I have posted a bug in the Bugzilla database and have outlined the bug on my personal MacPCSMB blog.
  http://www.macpcsmb.com
  https://bugzilla.mozilla.org/show_bug.cgi?id=542306
  Thanks
  Michael Yockey
  IT Administrator
  Yockey, Yockey and Schliem PC

  There is an update on the FireFox hosted AFP issue that I have uncovered:
  When users are rolled back with Firefox 3.57 (by installing FF 3.57 over 43.6) the following issue occurs:
  You launch Firefox and you get an error that states "XML scripting is not working; Firefox cannot open the window".
  This basically means that the plug-ins for Firefox 3.6 are still in the user's Firefox profile directory. These new plug-ins are not compatible with Firefox 3.57. You will have to manually go into the user's home directory and remove their profile folder and extract a specific file. The issue is that the user will have to be able to have access to their bookmarks. If you delete the profile folder their bookmarks are gone, though that is simpler to do.
  It looks like Mozilla significantly changed the profile folder setup in FF 3.6, so a profile rollback or deletion is necessary.
  If you DO NOT have a good backup:
  To solve this issue do the following. This guide assumes you have the users home directory stored on an AFP server and you have open directory logins:
  1. The Firefox profile is located here according to Mozilla: http://support.mozilla.com/en-US/kb/Profiles . The Mac OS X Directory is located at /~username/library/application support/Firefox.
  2. Find and COPY the places.sqlite file. This is the Firefox bookmarks and history database. This file is very important to back up.
  3. Now take the user's Firefox profile and TRASH it.
  4. Now either have the user launch Firefox with their Open Directory login, or change their password and login yourself. Open Firefox and then after it full loads quit the program. Copy the places.sqlite file back into the Firefox profile folder. You will have to do this manually for every user unless if you make an AppleScript to take care of this.
  5. The program will now work again.
  The second option is to go into Retrospect or Time Machine (or whatever backup solution you use) and restore the user's profile direct to a point in time before Firefox was updated to 3.6 and then subsequently reverted back to 3.57. How to use backup software is way beyond the scope of this blog posting.
  Thanks
  Mike Yockey
  www.MacPCSMB.com

• Stumped on AFP network home directories.

  Heyo,
  Been RTFMs on File Services, User Management and Open Directory. Also looked in www.AFP548.com but didn't find anything helpful.
  We have a mixed environment and windows users aren't having any problem with network domain logins or using smb shares. Mac clients can mount the network shares with afp but network homes are a no go.
  Made the changes needed for the firewall and tried it with the firewall off just to be sure.
  The /Home share is automounted (not using the default /Users).
  Guest access is on in Sharing and AFP.
  Network Mount for /Home is set to Enable network mounting, AFP and User Home Directories.
  SMB Windows Homes are in the same directory and run without problems.
  Directory Access on the Client saw the server and looks ok.
  Only ref. I can find for the login attempt is under Open Directory Password Service Server Log:
  Apr 23 2006 16:42:31 RSAVALIDATE: success.
  Apr 23 2006 16:42:31 USER: {0x00000000000000000000000000000001, netadmin} is the current user.
  Apr 23 2006 16:42:31 AUTH2: {0x00000000000000000000000000000001, netadmin} CRAM-MD5 authentication succeeded.
  Apr 23 2006 16:42:31 QUIT: {0x00000000000000000000000000000001, netadmin} disconnected.
  and OD LDAP log:
  Apr 23 16:42:31 ci slapd[81]: bind: invalid dn (netadmin)\n
  Nothing in the AFP log.
  Any thoughts on what I should try or something obscure I may have missed when setting up MacOS client network home directories with AFP?
  Thanks
  Mitch
  Server: 10.4.6
  Workstations: 10.4.6

  Getting closer.
  Kerberos wasn't running and the ODM wouldn't Kerberize.
  This thread sorted out the issue:
  http://discussions.apple.com/thread.jspa?messageID=2186542&#2186542
  Kerberos is running now but still canna login for mac clients.
  hostname and sso_util info -g both resolve properly.
  but when i run:" slapconfig -kerberize diradmin REALM_NAME "
  all looks good until the command (with the proper substituions)
  "sso_util configure -r REALM_NAME -f /LDAPv3/127.0.0.1 -a diradmin -p diradmin_password -v 1 all"
  automatically runs and I get a list of:
  SendInteractiveCommand: failed to get pattern.
  SendInteractiveCommand: failed to get pattern.
  SendInteractiveCommand: failed to get pattern.
  and "sso_util command fialed with status 2"
  the sso_util command by itself spits out
  Contacting the directory server
  Creating the service list
  Creating the service principals
  kadmin: Incorrect password while initalizing kadmin interface
  SendInteractiveCommand: failed to get pattern.
  kadmin: Incorrect password while initalizing kadmin interface
  SendInteractiveCommand: failed to get pattern.
  kadmin: Incorrect password while initalizing kadmin interface
  SendInteractiveCommand: failed to get pattern.
  etc...
  even though the login/pass are good
  any thoughts on what i should check or where i should go next?
  Thanks
  Mitch
  iMac G5   Mac OS X (10.4.6)  
  iMac G5   Mac OS X (10.4.6)  

• Word 2008 for Mac and NFS mounted home directories "Save File" issues

  Greetings everyone,
  (Long time lurker, first time poster here)
  I admin a small network (under 20 workstaitons) with a centralized NFS server, with user home directories mounted via NFS upon login.  Users are authenticated via LDAP.  This is all working fine, there is no problem here.  The problem lies when my users use Microsoft Word 2008 for Mac.  When they attempt to save a file to thier Desktop (or Documents or any folder under thier home dir) they are met with the following message:
  (dialog box popup)
  "Word cannot save or create this file.  The disk maybe be full or write-protected.  Try one or more of the following: * Free more memory. * Make sure the disk you want to save the file on is not full, write-protected or damaged. (document-name.ext)"
  This happens regardless of file format (Doc, Docx, Txt) and regardless of saved location under the network mounted dir.  I've noticed that when saving Word creates a .tmp file in the target directory, which only further confuses me to the underlying cause of the issue.
  When users logon to a local machine account and attempt the save, there is no issue.
  I have found many posts in other commuity forums, including this one, indicating that the issue is a .TempoaryItems folder in the root of the mounted directory.  This folder already exists and is populated with entries such as "folder.2112" (where 2112 is the uid of the LDAP user).  I find other posts indicating that this is an issue with Word:2008 and OSX10.8, with finger pointing in either direction, but no real solution.
  I have installed all Office for Mac updates from Microsoft (latest version 12.3.6).
  I have verified permissions of the user's home dir.
  I have also ensured that this issue effects ONLY Microsoft Office 2008 for Mac apps, LibreOffice and other applications have no issue.
  Does *ANYONE* have a solution or workaround for this issue?  While we're trying to phase Microsoft products out, getting users to ditch Word and Excel is difficult without removing them from systems completely.  So any pointers or help would be greatly appreciated.
  Thanks.
  ~k

  I can't tell you how to fix bugs in an obsolete version of Office, but a possible workaround is to use mobile home directories under OS X Server. The home directories are hosted locally and synced with the server.

• No longer able to create home directories

  I'm having a slight problem here. Recently after adding some new users, with PHD activated I have been having problems creating home directories on the server.
  If i am in local node I can create home directories, but once i switch over to LDAP/myserver home directories are no longer created ---> this leads to me no longer being able to sync homes or do anything.
  Does anyone have any advice for me? I've deleted the users directory, created new ones, turned the ldap service off, restarted, turned it back on, restarted, added new users tested tested tested to no avail.
  Any help would be appreciated.

  My Woes continue :
  So far I have reinstalled OSX server, re-set everything up for an OD master, dns ,afp ect. And I am still having issues with WGM to create home directories for my users. SO, i decided to create all my users and than type in terminal : createhomedir -s --> the end result no changes.
  Next I tried
  Createhomedir -b and voila I get all my home directories built. Fantastic. Or so I think. so i start to log all my PHD users in, everything seems good. Than i start a test, simply downloading a file to my desktop. I hit sync now. The sync window comes up, few conflicts but other than that everything looks great. I goto the users home directory on the server and no changes.
  So where are my PHD's syncing to?
  This is getting very frustrating because I am pretty sure nothing is being backed up anymore.
  any advice would be great.

• Portable Home Directories usage

  Hi, I think I see where portable home directory is good for laptop users that might be away from server at times. Would one sugget this for a remote home user that has an iMac who wants to connect to their server, hve it secure (VPN?), have access files on the server from home, yet be able to run the home iMac as a stand alone, not-connected to the server at all times. There's a high speed cable connection at each end. Thanks - Lewis

  I came across this information a while back. Not exactly what you are looking for but contains good information on how you might achieve what you want to do. WARNING: this is not for the faint of heart. It take deep technical knowledge of the inner workings of OS X and LDAP.
  http://managingosx.wordpress.com/2006/03/15/portable-home-directories-without-op en-directory/

• Portable Home Directories over CIFS

  I'm trying to configure PHD over CIFS with samba/linux as file server.
  It works. But there is a issue. When it synchronizes directory with server, for every newly created folder it complains about problem with sync.But regardless of complain directory is created. I traced down. Error happens when FileSync trying to chflags on directory created on samba share.
  Typical error is
  0:: 09/12/16 06:49:55.282 EXCEPTION: Invalid argument <-SStoreFileOperator_FS applyPermissionsFromObject: (StoreFileOperator-FS.m:508): chflags('/Network/Servers/cmsdata.tnw.utwente.nl/cifstest/Library/Assistants', flags=0)--> Error Domain=NSPOSIXErrorDomain Code=22 UserInfo=0x10058c170 "Invalid argument">
  0:: 09/12/16 06:50:02.221 EXCEPTION: Invalid argument <-SStoreFileOperator_FS applyPermissionsFromObject: (StoreFileOperator-FS.m:508): chflags('/Network/Servers/cmsdata.tnw.utwente.nl/cifstest/Library/Autosave Information', flags=0)--> Error Domain=NSPOSIXErrorDomain Code=22 UserInfo=0x10057cb50 "Invalid argument">
  Also it complains in similar way for chflags for couple of files
  <PHD> 0:: 09/12/16 06:48:50.852 EXCEPTION: Operation not permitted <-SStoreFileOperator_FS applyPermissionsFromObject: (StoreFileOperator-FS.m:508): chflags('/Users/cifstest/Library/Preferences/com.apple.CoreGraphics.plist', flags=0x10000)--> Error Domain=NSPOSIXErrorDomain Code=1 UserInfo=0x1005839b0 "Operation not permitted">
  But files isn't a big issue it is just couple of files from ~/Library which aren't going to be changed often, but complains about every directory - it is definitely too much. And, in fact, it even doesn't really want to set some flags for directories. Most of time it is "flags=0".
  Is it possible to switch off this behavior? And not by "unix extensions = no", cause I need support for symlinks.
  In fact, if you have mixed mac os x/other unix environment situation with PHD is terrible.
  OSX doesn't support kerberized NFS4 in full way, especially through open directory (obviously, autofs doesn't accept vers=4, but even if it would, mount_nfs needs "4.0alpha", while autofs clearly expects number there). Although it is possible to patch sources for both of them, it isn't really solution.
  In mixed unix environment AFP to Netatalk is useless, cause it doesn't handle symlinks in proper way (like native OSX server does, translate "slink" fdType into underlying FS symlink.
  And with samba it is problem of chflags now. (ACL's also broken with samba BTW).

  antst wrote:
  Actually, there is a chance that I will add XServe into our setup. But it isn't $500 solution
  I was referring to the price of the software only. If you want to add hardware as well, that is a different story.
  But, still, Xserve doesn't support nfs4 for linux hosts.
  Is that a requirement?
  So far, from what I see, best option for file-server in multi-platform environment is solaris.
  I think the best option for a server in a multi-platform environment is "each to his or her own". Get MacOS X Server for Macs, Solaris for NFS, and Windows for Windows. They can all access each other, but for system critical tasks like booting and home directories, let them handle what they know best.
  It has full support of NFS4 ACLs on ZFS, which means you will also map correctly SAMBA ACLs and Netatalk also supports ACL when underlying system supports NFS4 ACLs (but probably only on solaris).
  And in addition you get all nice features of ZFS and probably the best NFS server implementation.
  I think you need to review what your requirements really are. You are still going to have 2 out 3 OSes running from foreign servers. You may find yourself back at square one with NFS4 instead of CIFS.
  The last time I used Solaris full time was 2006, I think. I was in an organization big enough to have all our Solaris and NFS work done by Sun people on site. NFS went down on a regular basis. We are starting to go back to Solaris at my current big organization because Linux can't handle Multipath and QFS.
  Don't get any ideas about me vis-a-vis all those buzzwords. I'm still just a programmer. It is perfectly normal to have multiple servers with different OSes. You can get things working the way they are supposed to work and then see if you can migrate things over to NFS4. I still think you would have more success running MacOS X as the server and getting rid of Netatalk.

• Workgroup Manager won't create home directories; no error message

  This is quite frustrating. For the past 3 years or so I have used the same procedure to add new users to my LDAP directory:
  1) In Workgroup Manager, click the New User button
  2) Assign name and password under the basic tab
  3) Assign group memberships under the Groups tab
  4) Under the Home tab, select the right place (nfs://my.server.org/Volumes/Users), click Create Home Now
  5) Click Save
  Suddenly, when I try to do this yesterday, workgroup manager won't create home directories anymore. I could probably do it manually, but I'm not sure how to get all the right skeleton setup in there. But my main question is, why doesn't this work anymore? Why can't I at least get an error message instead of being silently ignored?
  I share admin duties with other people, so it's possible someone installed an update recently; all I can really say is that I'm running Leopard Server 10.5.8 right now, and can find out whatever else is relevant.
  Any ideas?
  Thanks!
  ~Ben

  Thanks for the pointer to createhomedir - that did indeed do the trick. (How on earth do people find these little nuggets).
  I hesitate to mark this as solved however - it's a functioning workaround, but does nothing to explain why on earth the GUI suddenly stopped functioning.
  But in the (likely) event that that question never gets answered, thanks again for letting me get on with working!