AD Error - Home folder located on SMB or AFP.

Hi

This could be either a DNS related issue, an AD Config related issue or a Kerberos Time Sync issue. Either way you will have to consult with the AD DC System Admin.

For the AD Config issue you could ask if the folder being used for Home Network Folder creation is (a) published in the AD node and (b) users have full read/write access. Make sure that SMB Digital Signing is disabled. There are two instances of this and make sure Servers and Clients are all looking at the same Network Time Server.

For the DNS issue. If internal DNS services are based around .local and if the DCHP Service is also based on the AD DC then simply adding the domain name followed by .local in the Search Domain field should help. Whilst you are in the Network Preferences pane for your clients set IPv6 to off. If the bind has been successful you should see some information in the WINS/NetBios part of the Network Prefs Pane. By the way when you bound the mac clients to the AD you did use the Active Directory Plug-in in Directory Utility rather than LDAPv3?

Assumming that everything is as it should be with the AD DC then on successful bind a TGT should have been exchanged with the client mac. A file is created in /Library/Preferences and is called edu.mit.Kerberos. You can inspect its contents with TextEdit. You can also inspect tickets and principals using the Kerberos application in /System/Library/CoreServices.

How successful this all works is pretty much down to how well the AD DC has been configured. I have been to sites were the AD Admin has told me that internal DNS services are working fine only to find that there is no reverse lookup zone and that the AD Server can't even resolve its own name to its own IP address. I hope that this is not the case for you?

Microsoft do have a knowledge base article in pdf format that MS Certified System Admins should be consulting when contemplating mac integration into Active Directory. You can download this paper from here:

http://www.microsoft.com/downloads/details.aspx?FamilyID=89ee677b-0ff6-4558-a54b -6070e2c8cd65&DisplayLang=en

Hope this helps, Tony

We have the same problem. The message comes up the first time you attempt to login and then when you login again it lets you in. I have Found that if in directory access you turn off "use UNC path from active directory to derive network home location" then you don't get this message, but you also lose saving to the windows home directory for the user. You can still browse for the server and home directory and connect to it with no problem.

The other thing I have tried is selecting "force local home directory on startup disk" and "use UNC path from active directory to derive network home location" which does the job as well but this time gives you the home directory next to the "Trash".

I am still after a better solution to the problem. I have put a Xserver in to push some settings through but I really could do with knowing if there is a way to push the library folders to the mac server and then push all the other home folders to a windows server.