+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
Mac Thread, Mac Home Drive Setup in Technical; I hope someone can help we currently have this setup: *Windows 2008 Domain *Mac 10.8 Server (going to be for ...
  1. #1

    Join Date
    Apr 2008
    Posts
    853
    Thank Post
    111
    Thanked 112 Times in 108 Posts
    Rep Power
    45

    Mac Home Drive Setup

    I hope someone can help we currently have this setup:

    *Windows 2008 Domain
    *Mac 10.8 Server (going to be for home directories)
    *Apple Mac Clients 10.7+

    We have got it setup already for Windows users to login plus the Mac Server talks and is joined to the Windows Domain but we can't get the users when they login to automatically create the Home Directories so could anyone help?

    For example we have VOL_2 and a folder called HOME so does anyone know how the home directories would be automatically created with this setup? do we need to make a share with a group?

    I can provide more information if needed and I would really appreciate the help!

  2. #2

    Join Date
    Apr 2008
    Posts
    853
    Thank Post
    111
    Thanked 112 Times in 108 Posts
    Rep Power
    45
    Anyone?

  3. #3

    Join Date
    Apr 2008
    Posts
    853
    Thank Post
    111
    Thanked 112 Times in 108 Posts
    Rep Power
    45
    I ll try and rephrase it abit:

    1. Windows 2012 Domain with AD users with profile Home drives to point to 3.
    2. Mac server 10.9 AD Bind with Open Directory
    3. Mac Server 10.9 Server to store Home Drives on separate Partition

    So how do I mix this up? is it a permission issue? do I need to script this?

  4. #4
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    262
    Thank Post
    9
    Thanked 112 Times in 95 Posts
    Rep Power
    39
    Hi

    Maybe I'm mistaking what you're asking but may I ask why you want to use the Mac Server hardware for storing home directories and which home directories do you mean exactly?

    I'm asking because if your plan is have separate profiles for students logging onto macs than the profiles they access when logging onto PCs then it's not going to work. Prior to OS X 10.7 this was known as Augmented Records. With 10.7 the option disappeared and is no longer supported by Apple in or out of the GUI. Beyond what Apple support it can actually be made to work but not easily. Certainly not for existing users with mature PC profiles. It will almost certainly involve a number of bespoke scripts (some of them complex) which I doubt anyone will give away for free that will (1) actually work for your location (2) be easily supported (3) or won't break on the next update or upgrade.

    Perhaps you want to use the extra capacity the hardware you have OS X Server installed on? If so it may be simpler if you simply purchased additional storage be it DAS or NAS and use that instead. For your environment use the Mac Server for what it is designed to do instead: mac/ios management and deployment as it will be easier in the long run.

    Is this a brand new Windows domain with absolutely nothing migrated from an earlier domain? How many mac clients do you have?

    HTH?

    Antonio Rocco (Apple Consultants Network)

  5. 2 Thanks to AntonioRocco:

    irsprint84 (24th December 2013), speckytecky (26th December 2013)

  6. #5

    Join Date
    Apr 2008
    Posts
    853
    Thank Post
    111
    Thanked 112 Times in 108 Posts
    Rep Power
    45
    Hum that's interesting our previous server was 10.4 this failed and the business want it the same as the 10.4 serve,r which stored data on the Mac server separate partition.

    So your saying with a clean Windows 2012 domain, Mac OSX server OD I can't has AD home drives from that Mac Server? if this is the case then we'll look at storing data away from the Mac @AntonioRocco

  7. #6
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    262
    Thank Post
    9
    Thanked 112 Times in 95 Posts
    Rep Power
    39
    Hi

    "So your saying with a clean Windows 2012 domain, Mac OSX server OD I can't has AD home drives from that Mac Server?"

    No, not exactly. Pretty much anything can be made to work within reason and if the budget allows. As ever it depends on what you want to do exactly; how hard you want to work to achieve it and how easy it is to support.

    What's interesting - assuming I've understood correctly - is the business want things the same as it was in a very old version of the OS, which did not work anyway. This I'm struggling to understand? Firstly technology moves on without much regard with what went before and if it 'failed' before, why would it work now? Perhaps someone needs to manage expectations in a realistic way? It's difficult to advise any further on a forum such as this (good as it is) without being made aware of exactly what you want to achieve. Sorry I could not help you more.

    Antonio Rocco (Apple Consultants Network)
    Last edited by AntonioRocco; 25th December 2013 at 12:51 AM.

  8. Thanks to AntonioRocco from:

    irsprint84 (25th December 2013)

  9. #7

    Join Date
    Apr 2008
    Posts
    853
    Thank Post
    111
    Thanked 112 Times in 108 Posts
    Rep Power
    45
    No one understands how it was configured and works well (10.4) before I was hoping it was as easy as a Windows share. I'm not going to go to much to the exact business reason I'm only interested in the technical reasons we have a new Mac server with 1TB of space and we don't have 1000s of users so the business were hoping to use this space aka like before as we paid alot for this server but with 10.9. So just to confirm 10.7 onwards would have alot of difficulty to setup home drives on the Mac? My Mac knowledge is 2/5 I can set this up easily on a Windows Domain with correct permissions. So all I m looking to achieve is as simple as possible:

    Windows AD Login (Done) -> Mac OD (Done) -> Windows Profile Home directory redirection to Mac Server and auto create home drives (Not Done)

    All I want to confirm to the business this would be difficult to create and support compared to having shares on our SAN, which we would have to extend at quite a cost when all we need is a few GB for home drives using the Mac. Hope that makes sense? and thanks for the info so far @AntonioRocco
    Last edited by irsprint84; 25th December 2013 at 03:02 PM.

  10. #8
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    262
    Thank Post
    9
    Thanked 112 Times in 95 Posts
    Rep Power
    39
    Hi

    I'm beginning to understand and thanks for explaining further.

    Yes it would be difficult to create and support compared to having shares on your SAN. To be precise yes from 10.7 onwards you will have difficulty setting up home drives on a Mac server for users that don't exist on that server and that exist on another server/directory. Of course you can set up similar on your Windows Server easily because that's where your users are. But that's not what you want to do.

    In an effort to simplify things and if there's no compelling reason to keep it why don't you remove the AD environment altogether? Keep the Windows Servers by all means as they are better at providing network services such as DNS and DHCP than OS X Server and simply set up an OD environment instead? Open Directory is Apple's Active Directory. Single Sign On will still be there as the OD Master will be the KDC for the network. Export the users you already have in AD using whatever tools you're comfortable with and import them into Open Directory. Delete them from AD when you're done. On the mac server define a folder for home folders and share it. Try to keep the folder/share structure as simple as possible. Avoid nesting folders within folders. Select your users and select the newly created share for home folder creation. Server.app will do the rest including assigning appropriate permissions. Finally make sure those users are given appropriate SACLs (Service Access Control Lists) to use the file sharing service (SMB or AFP). On the client side join the macs to your OD Server (no need for AD and use the LDAP connector instead) and login with a network account. That should be it.

    If you don't want to do the above leave things as they are and give the AD admin account as well as desired AD Groups read/write ACLs for the share you create on the mac server. In AD specify the home folder location using UNC (drive letter etc). If at the point when you click create/apply you get an error it would be difficult to help further via this forum. If you don't get an error you should be good to go although you may get problems later on when network users start logging in. You might find they can't write to their own home folders on successive logins after the initial one. This can be fixed but not easily unless you're familiar with UNIX and how POSIX permissions work. However 3rd-Party tools such as Passenger offer a GUI drive method of repairing and applying POSIX permissions if that situation arises.

    Some points you should be aware of:

    OS X server admin tools such as the Server.App and Profile Manager struggles with more than 500/1000 users.

    The deprecated WorkGroup Manager application also struggles with more than a 1000 users and in this iteration of the Server (10.9) will work but may create other unexpected problems.

    For management you should be using Profile Manager and applying policies at hardware level rather than user/group level as before.

    Hopefully the above should help and may move you on further than where you are now?

    Antonio Rocco (Apple Consultants Network)
    Last edited by AntonioRocco; 25th December 2013 at 08:12 PM.

  11. Thanks to AntonioRocco from:

    irsprint84 (25th December 2013)

  12. #9

    Join Date
    Apr 2008
    Posts
    853
    Thank Post
    111
    Thanked 112 Times in 108 Posts
    Rep Power
    45
    This has been very helpful I ll speak to the business about this

  13. #10

    Join Date
    Apr 2008
    Posts
    853
    Thank Post
    111
    Thanked 112 Times in 108 Posts
    Rep Power
    45


    I tried the Mac Home Drive way with keep Windows AD and got the above error.

    Now I've set the permissions similar to the Windows Domain way but I'm guessing I need a 'SYSTEMS' account but I can't add this at the Mac side any suggestions?

  14. #11
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    262
    Thank Post
    9
    Thanked 112 Times in 95 Posts
    Rep Power
    39
    Hi

    The screen grab above seems to indicate nested folders? Up to a point this is OK but you must make macuser directory/folder the share for home folder creation and not the Students directory/folder. What you have may be the 'Windows' way but it is not the 'Mac' way. There's no real equivalent to OUs in Apple's LDAP offering hence the reason why I've suggested moving away from Active Directory.

    On the mac server where and how are you applying permissions exactly?

    Antonio Rocco (Apple Consultants Network)

  15. Thanks to AntonioRocco from:

    irsprint84 (26th December 2013)

  16. #12

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 283 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175
    Here's my suggestion since you are using 10.7-10.9 clients. Either use OD fully for managing the users and Home Directories as AntonioRocco suggested, or eliminate OD from the equation and use AD and NAS / iSCSI storage for home directories along with profiles on the Mac Server for managing the Macs.

    For a small number of users, you could spend $2,00-2,500 for a decent FreeNAS server that can provide AFP and SMB shares with AD integration (and 8-12TB storage), or you could buy something like the Drobo B800i connected via iSCSI to your Windows server to provide storage for your user home directories (you can do the same with FreeNAS as well, it also supports iSCSI).

    Basically Apple has left the SMB/enterprise server market, but has tried to make it easier to just use Windows (or Linux) servers on the back end. You can still use a Mac mini server and the Server app for a SOHO or small business network, but otherwise you should probably only look at using the Mac server for profile manager, netinstall, and caching server.

  17. Thanks to seawolf from:

    irsprint84 (26th December 2013)

  18. #13

    Join Date
    Apr 2008
    Posts
    853
    Thank Post
    111
    Thanked 112 Times in 108 Posts
    Rep Power
    45
    Quote Originally Posted by AntonioRocco View Post
    Hi

    The screen grab above seems to indicate nested folders? Up to a point this is OK but you must make macuser directory/folder the share for home folder creation and not the Students directory/folder. What you have may be the 'Windows' way but it is not the 'Mac' way. There's no real equivalent to OUs in Apple's LDAP offering hence the reason why I've suggested moving away from Active Directory.

    On the mac server where and how are you applying permissions exactly?

    As picture above I have given auth users permission for Folder "Students"

    *Read/ traverse
    *Write/ Create Folder
    *Inheritiance/ Apply to this folder

    At the sharepoint end I have given

    Antonio Rocco (Apple Consultants Network)
    If it has to come to move away from AD then so be it but I have to make an attempt to show the business that it's difficult plus because we're a University it would have to be a major change request and project, which I m trying to avoid. I have taken note of your advise and will speak to the business about it (I d prefer the windows share way) but while I m on holiday I'm just seeing if it possible to get similar to before 10.5 but as you guys say it's very difficult but just want to give it a shot.

    Apple_Share.png

    As picture above I have given auth users permission for Folder "Students"

    *Read/ traverse
    *Write/ Create Folder
    *Inheritiance/ Apply to this folder

    At the sharepoint end I have given same permissions as above. Obvoiusly a Windows way and not a Mac I would add SYSTEM here though I gather this won't work on the Macs

  19. #14
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    262
    Thank Post
    9
    Thanked 112 Times in 95 Posts
    Rep Power
    39
    Hi

    @seawolf - Thank you for your input.

    @irsprint84 - Thanks once again for the info. A minor point but POSIX permissions should be:

    Owner : root : R/W
    Group : staff : R/O
    Everyone : R/O

    For ACLs there should be an entry for an account that has authority for the AD Domain and a group or groups you want to have mac home profiles for. If it's everyone in your AD database I would add the domain users OU.

    What the screen grab does not show is the share structure itself. In other words which folder are you sharing. A screen grab of appropriate SACLs for the group would be helful.

    FWIW I doubt very much if a University is going to move away from Active Directory simply because of the initial investment.

    If it's still not working after that then my best advice is to:

    (1) Look to get someone on site who you can discuss your requirements with and (crucially) knows what they're doing

    and/or

    (2) Re-think what it is you want to do. Basically seawolf's advice is as sound as anything else offered here.

    HTH?

    Antonio Rocco (ACSA)
    Last edited by AntonioRocco; 26th December 2013 at 07:18 PM.

  20. #15
    speckytecky's Avatar
    Join Date
    May 2006
    Location
    UK
    Posts
    2,497
    Thank Post
    3,372
    Thanked 256 Times in 209 Posts
    Blog Entries
    3
    Rep Power
    109
    Just noticed this thread. I too am having issues since Apple decided to 'upgrade' . Being a distinct amateur when it comes to Apple I was hugely relieved a couple of years ago to find @edumac on this forum and we had him in for a morning and he ironed out all our Mac / AD integration wobbles. Unfortunately he no longer seems to be about. As NM in my school I'd happily pay a Mac expert for a mornings work to come in and make our Apples sit happily in the AD basket again as currently I'm wasting a heap of time trying to get it to happen.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 5
    Last Post: 5th March 2012, 01:46 PM
  2. Replies: 6
    Last Post: 22nd February 2011, 11:23 AM
  3. Mac OS X: Mapped Home Drives
    By tomdawson in forum Mac
    Replies: 12
    Last Post: 15th October 2010, 12:12 PM
  4. Home Drive / User Area Setup
    By burgemaster in forum Windows
    Replies: 10
    Last Post: 21st February 2008, 12:43 PM
  5. Replies: 2
    Last Post: 1st October 2005, 02:55 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •