+ Post New Thread
Results 1 to 12 of 12
Mac Thread, Saving to network home, how? in Technical; Hopefully my last newbie "how do i" question. We have our users network home mounted on the dock and it ...
  1. #1
    HMCTech's Avatar
    Join Date
    Apr 2008
    Posts
    618
    Thank Post
    37
    Thanked 48 Times in 35 Posts
    Rep Power
    23

    Saving to network home, how?

    Hopefully my last newbie "how do i" question.

    We have our users network home mounted on the dock and it loads the home folder for them on our windows server. Our problem is now they have no way to save to this apart from saving local then dragging into.

    Does anyone have a clever or better way to do it? Would like for them to be able to go to File > Save as and have a location they can save to that is their network home. And ideally if possible not allow them local saves.

  2. #2
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    268
    Thank Post
    10
    Thanked 113 Times in 95 Posts
    Rep Power
    41
    Hi Alex

    Perhaps you're slightly confused? In a classic AD-OD Integration Users homes are as defined in the Home Profile tab when selecting Properties for that User on your DC. Provided things are as they should be with your environment then when Users provided their account credentials they should be accessing their Home Folder wherever that is. Most applications will either present the 'Documents' container or the 'Desktop' container as the default save location when selecting 'Save' or 'Save As'.

    Perhaps you've 'forgotten' to deselect the option 'Force local home directory on startup disk' when binding mac clients to the DC using the Active Directory Plug-in in Directory Utility? De-selecting this option 'forces' mac clients to 'auto-mount' the Users' home profile as specified in AD.

    Not de-selecting the option means that every User who logs in client Macs will download their home profile locally when they first log-in. This has the potential of filling up the internal hard drive for every single mac client. Especially true if you have hundreds of users moving from mac to mac.

    Antonio Rocco (ACSA)

  3. #3

    Join Date
    May 2008
    Posts
    213
    Thank Post
    2
    Thanked 27 Times in 27 Posts
    Rep Power
    17
    There is a 'down arrow' on cocoa save dialogs that will let you choose a location to save, do you mean this?!

  4. #4
    HMCTech's Avatar
    Join Date
    Apr 2008
    Posts
    618
    Thank Post
    37
    Thanked 48 Times in 35 Posts
    Rep Power
    23
    Quote Originally Posted by AntonioRocco View Post
    Hi Alex



    Perhaps you've 'forgotten' to deselect the option 'Force local home directory on startup disk' when binding mac clients to the DC using the Active Directory Plug-in in Directory Utility? De-selecting this option 'forces' mac clients to 'auto-mount' the Users' home profile as specified in AD.



    Antonio Rocco (ACSA)
    Force local home was ticked, have now unticked this but this has created several problems. Now The network home on the dock can no longer connect. And none of our preferences we managed on WGM seem to have any effect. So now this is more of a problem because before we could get out network home through the dock, but could not access it through finder.

  5. #5
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    268
    Thank Post
    10
    Thanked 113 Times in 95 Posts
    Rep Power
    41
    Hi Alex

    I'm sorry you're having problems. However if this is not working in the way you've described then either there is something seriously wrong with your AD network (possible but doubtful) or it's the way you've gone about doing the integration (more likely).

    At the top of this Forum there are some handy links to 'how-tos' and walk-throughs on how to integrate macs in an AD environment. Perhaps you should take a closer look at what they have to say? Failing that you could consider hiring a consultant/specialist to come in and do this for you?

    You could also look at Ross's site where there are handy video tutorials outlining how to go about doing this:

    HowToMac.co.uk | Bringing the future of Apple into education

    Antonio Rocco (ACSA)

  6. #6
    HMCTech's Avatar
    Join Date
    Apr 2008
    Posts
    618
    Thank Post
    37
    Thanked 48 Times in 35 Posts
    Rep Power
    23
    Quote Originally Posted by AntonioRocco View Post
    Hi Alex

    I'm sorry you're having problems. However if this is not working in the way you've described then either there is something seriously wrong with your AD network (possible but doubtful) or it's the way you've gone about doing the integration (more likely).

    At the top of this Forum there are some handy links to 'how-tos' and walk-throughs on how to integrate macs in an AD environment. Perhaps you should take a closer look at what they have to say? Failing that you could consider hiring a consultant/specialist to come in and do this for you?

    You could also look at Ross's site where there are handy video tutorials outlining how to go about doing this:

    HowToMac.co.uk | Bringing the future of Apple into education

    Antonio Rocco (ACSA)
    It has been the guides on this site and the varios papers for leopard that I have used to do the intergration

  7. #7
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    268
    Thank Post
    10
    Thanked 113 Times in 95 Posts
    Rep Power
    41
    Hello Alex

    Oh Dear!! That's even worse! All I can think of is perhaps there has been some misunderstanding somewhere? You could contemplate starting again? Ideally what should happen is:

    Absolutely make certain DNS is perfect. By this I mean everything resolves on both pointers. Make sure your DC does not have its loopback address listed as its primary DNS Server in the NIC Properties. It's important the DC can resolve itself on both pointers using nslookup.

    Create an appropriate (A) Record (with associated PTR Record) for the XServe.

    Avoid using .local for the TLD although in an AD environment and since 10.5.4 this is not such an issue.

    Don't do anything with the Mac Server just yet. Verify you can successfully bind a Mac Client to the AD first and use a standard student user account to access the home folder. Prior to doing this issue this command from Terminal on the test client:

    sudo dsconfigad -packetsign disable -packetencrypt disable

    It should report "Settings changed successfully". To verify they have issue this command:

    sudo dsconfigad -show

    The last two entries should list the two options as being disabled. Now being to 'bind' the client to AD. To 'reset' completely a client you already have prior to doing this issue these commands:

    sudo rm -R -v -i /Library/Preferences/DirectoryService

    You'll be prompted to provide y/n for each file within the Directory. Key in y (or yes) followed by a carriage return until you get the bash prompt again. Next issue this command:

    sudo rm -R -v -i /Library/Preferences/edu.mit.Kerberos

    You may get a message telling you the file can't be found. Don't worry and don't panic as typically the TGT (Ticket Granting Ticket) is removed once the client is unbound from the AD. Next issue this command:

    sudo reboot now

    The mac should now reboot. On successful log-in access the Sharing Preferences Pane via System Preferences. Define a suitable name within the relevant field. Next access the Date & Time Preference Pane and assign the IP address of your Network Time Server. Typically this will be your DC. Now launch Directory Utility. Click the lock and select "Show Advanced Options". Select the Active Directory plug-in and click the Pencil icon. Click the disclosure triangle by the side of the "Advanced Options". De-select the "create home on local startup disk". Add the Domain name in the relevant field. Click Bind and provide authentication details for an account that has authority for the AD Domain. What you should see is a 5-stage process. If the network environment (and DNS) is as it should be this should not take more than 30 seconds to 1 minute although I have seen it take longer. If you're still looking at it 10-15 minutes later then there is something seriously wrong somewhere. In which case I would start looking at your Switches (for negotiation issues such as spanning tree etc) as well as the physical structure of the network itself. Not forgetting to double-check any restrictive permissions/policies assigned on the AD itself as well as DNS (naturally). Hopefully this wont be the case and the 5-stage process completes normally. Navigate to /Library/Preferences and make sure the edu.mit.Kerberos file has been created. Inspect the contents of this file with TextEdit. Verify a generation ID has been created and that the Kerberos Realm is what it should be.

    Now log out the client and test by providing a student user's account details. You should at this point be logged in looking at a default desktop and dock and accessing the user's home folder as it exists on the AD.

    To see what happens next post again if the above instructions have been successful

    Hope this helps?

    Antonio Rocco (ACSA)

  8. #8
    HMCTech's Avatar
    Join Date
    Apr 2008
    Posts
    618
    Thank Post
    37
    Thanked 48 Times in 35 Posts
    Rep Power
    23
    Hi Antonio

    I have followed your guide to the letter on a mac mini that I had just put OS X on, I log in as a staff member and the desktop finder opens up the the network home (hoorah!) and the dock is blank minus finder icon. But when I log in as a pupil the dock is filled with the default icons, and the home is still local.

    Staff members in Active Directory are an OU under the domain so it goes domain > Staff > staffuser and the network home is set in AD as //server/staff/share/staffuser

    Pupils in Active Directory are split into different OU's for each year group. A 5th form pupil for example would be domain > Pupils > 5form > pupiluser and the network home is set to //server/pupils/yeargroup/pupiluser.

    Can you see anything that would give a hint as to why this wouldnt work with pupils?

  9. #9
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    268
    Thank Post
    10
    Thanked 113 Times in 95 Posts
    Rep Power
    41
    Hi Alex

    Perhaps permissions and/or access are set differently for staff and students? As you drill down through the OUs permissions must be set to allow home folder creation. If Permissions are set to r/w for the parent OU and then at some stage restricted before it gets to the ultimate OU then this could explain what you're seeing?

    To test create a test User in the parent OU with the relevant path for the home profile defined in the same OU. Test with a login again. Do this for each successive OU drilling your way down to the ultimate one. Hopefully at some stage you'll find which OU is stalling the whole process.

    Alter permissions to suit.

    This is just my observation but I think Apple has 'designed' the AD plug-in making the assumption every AD environment follows Microsoft's standards. In my experience there are never any two ADs which are the same and I'm not even talking about an RM build.

    In which case how can the plug-in accommodate any 'bespoke' permissions you've applied as well as how you're organizing your OUs?

    None of what I've posted is meant as a criticism in any way. AFAIK it'a just the way it is. Clearly macs are not PCs. It's important therefore to understand this when contemplating integration. There are strengths and weaknesses in both platforms which can be utilized if approached correctly. The wonder is the two platforms can be made to 'work' in an LDAP environment at all? The fact that it can be made to work is (in my view) wholly due to Apple. I've yet to see Microsoft making any effort to accommodate disparate platforms in a similar way?

    Hope this helps?

    Antonio Rocco (ACSA)

  10. #10
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,476
    Thank Post
    10
    Thanked 500 Times in 440 Posts
    Rep Power
    114
    Things which can stop it working:

    Users need full control over their home folder
    User home folders must not be more than one level deep \\Server\Share\UserFolder
    Users need read permissions for this folder only on the root of the share.

  11. #11
    HMCTech's Avatar
    Join Date
    Apr 2008
    Posts
    618
    Thank Post
    37
    Thanked 48 Times in 35 Posts
    Rep Power
    23
    Antonio,

    I spent all of Saturday morning comparing our staff users to the pupils. they both have different file servers so I was initially thinking it was permissions on one of the levels of shared folders they save to.

    But it turns out that the pupils needed a tick in "read" in "Authenticated Users" of the security tab (accessible through advanced featured in AD) to be able to work. Why, I have no idea I dont really care, trying about two dozen things first mind you. But all I know is it works now and all our users can save to "home" which is the windows file server.

    Thank you so much for all your help and time.

    Alex
    Last edited by HMCTech; 16th August 2009 at 08:34 PM.

  12. #12

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,191
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    57
    Quote Originally Posted by AntonioRocco View Post
    Hello Alex
    sudo dsconfigad -packetsign disable -packetencrypt disable
    Could i ask why you do this? Just never heard of this one done before.

SHARE:
+ Post New Thread

Similar Threads

  1. Macbook on home XP network
    By Nikthomas in forum Mac
    Replies: 12
    Last Post: 17th March 2009, 01:16 PM
  2. Help me with my home network please!
    By Deaks in forum Windows
    Replies: 10
    Last Post: 22nd July 2008, 11:13 AM
  3. network home directory ?
    By mac_shinobi in forum Mac
    Replies: 7
    Last Post: 29th April 2008, 01:55 PM
  4. Network Drive For Home Use.
    By richard in forum Hardware
    Replies: 26
    Last Post: 31st December 2007, 03:37 PM
  5. Delayed Write Failed when saving over a network
    By indiegirl in forum Wireless Networks
    Replies: 15
    Last Post: 4th November 2005, 10:21 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •