Network home dirs

From Mac OS X Server FAQ

Jump to: navigation, search

PRESUMPTIONS

Server is an active Open Directory Master at LDAPv3/127.0.0.1. KDC is running.

FINDER Create share point folder (preferred to sharing whole partition)

WORKGROUP MANAGER->SHARING: ALL Locate share point General: activate 'Share This Item'. Protocols: Switch off guest access etc as required but LEAVE permissions as 'Use Standard Unix Behaviour'.


Note

Some user reports say that guest access must be anabled on the share point and AFP services but I have succeeded without guest access being enabled.


Network Mount: click padlock to authenticate (as LDAP admin) Activate: Create A Mount Record For This Share Point Where: LDAPv3/127.0.0.1 Use For: User Home Directories

WORKGROUPMANAGER->ACCOUNTS Set up users as required, either use a preset (unconfirmed usage) or multi select if existing. HOME PANE: select home share point.


Note. If using 2 NICS, the auto created sharepoint will probably use the public (ext) IP's domain name. If you want to change this to the internal private domain name then select, duplicate and edit the FQDN. Leave the second field (Path) blank, this shows blank if setting for more than 1 user but gets filled in with the user name (home dir name) on save.

Note. The home path must not contain any spaces. Max length of the homepath:

10.3 to 10.3.4: Length of FQDN + Length of Sharevolume path = 41 chars max 10.3.5: = 55 chars max

E.g. "example.domain.com" + "sharevolume/sharedir" = 38 chars


Click: Create Home Now. Save.

Check in finder that homes have been established. 10.3.4 (&5) seems to be pretty good at creating these. Earlier versions seemed to require "sudo createhomedir -a" in Terminal. Apple docs recommend only using 'Create Home Now' for max 250 users at a time.

CLIENT CONFIG (DIRECTORY ACCESS UTIL) Services-> LDAPv3-> Configure... Server Name= server FQDN. As set in Open Directory Master: Kerberos Realm Name. LDAP Mapping: From Server: Search Base = e.g. "dc=domain,dc=com". As set in Open Directory Master: Search Base. Authentication... Search: Custom Path. Add: LDAPv3 domain. Restart client & test network user login.


Note. If user fails to log in (shaking login window), check:

ON SERVER Double check that KDC is 'really' working by going to Server Admin-> Open Directory. Click the Role choice list and reselect Master - the resultant window should show the Kerberos Realm. If this is blank then KDC is NOT running. Cancel & revert to get back to previous window.

Log out of server admin account, to produce login window. Login as a network user. If the network user's home mounts successfully then problem is likely to be on client mapping. Otherwise a problem with home mounts. Note that some dock applications may show with question marks where these are not present on server - this is normal.

ON CLIENT DNS is resolving for server FQDN (forwards and reverse). Use lookup in Network Utility app, not dig. Directory Access: LDAP Mapping - uses correct search base. Directory Access: Authentication - directory node shows correctly.

If required, delete contents of /Library/Preferences/DirectoryService, restart and re-configure.


from xdavid at macosxhints.com

Retrieved from "http://macos-x-server.com/wiki/index.php?title=Network_home_dirs"
Personal tools
Toolbox