1 2 Previous Next 20 Replies Latest reply: Jan 10, 2014 4:24 AM by DigtialPilgrim
John Lockwood Level 5 Level 5 (5,360 points)

In previous versions of Mac OS X Server one could share network home directories (for use with network login accounts) via either AFP or NFS. Due to the way such shares are mounted by the client machine if you used AFP, then only the first network login from a client machine would work as the mount is then 'owned' by that user. This is why you could not use 'Fast User Switching' with network logins.

 

However NFS is mounted very differently and ends up looking not like a network share but part of the local file-system. In effect it is not owned by the user triggering the login and this means subsquent logins are not blocked. The contents of the path still have their normal permissions so you cannot access someone else's files.

 

Normally, AFP is fine however there are two scenarios that it is not. Firstly, if you are using either iRAPP Terminal Server, or AquaConnect Terminal Server. These allow multiple users to login and run applications on the Terminal Server. If you have the user home directories on the same server you are ok, if however you are using another server to shared those home directories as network home directories, then you would hit the AFP problem. Therefore AquaConnect specifically mention this in their manual and suggest using NFS instead.

 

Unfortunately, Lion Server now only allows setting up AFP for sharing network home directories - there are no other choices listed in the Server.app (Server Admin now has no file sharing options at all).

 

Note: It is still possible to run NFS on a Lion Server.

 

Even if you ensure NFS is running, and even if you manually setup sharing the users home directories you cannot set this up as an Open Directory auto-mount for home directories. This would therefore seem to make it impossible to use network home directories with a Terminal Server.

 

There is a second reason why using NFS rather than AFP has been very useful. Some applications are poorly written and do not work properly with AFP shared network home directories - Adobe are particularly bad. I found after switching to using NFS (to allow using a Terminal Server with Snow Leopard Server) that this had the unexpected but welcome side effect of allowing many of these misbehaving applications to work without errors.

 

So, does anyone know of a way to setup NFS shared network home directories in Lion Server? Obviously one could mix Lion and Snow Leopard servers but I am asking if this can be done with just Lion servers.

  • 1. Re: Network Home Directories sharing
    winningham Level 1 Level 1 (0 points)

    I just stumbled upon your post looking for the same thing and I found this KB to be useful. Perhaps you may too.

    http://support.apple.com/kb/HT4695

     

    Granted my issue now that Server Admin is no longer of any use with filesharing, how to actually get homedirs working correctly with ACLs and get the AFP/NFS/SMB homedirs presented correctly to the clients. Oh did I mention once I restart a 10.7 box is loses is ability to id AD-based users? At any rate, wish you the best of luck.

  • 2. Re: Network Home Directories sharing
    John Lockwood Level 5 Level 5 (5,360 points)

    The KB article you link to would let you set up an NFS share but it would not let you configure it to be an automounted location for home directories.

  • 3. Re: Network Home Directories sharing
    Charles Snider Level 1 Level 1 (5 points)

    Doesn't work here either. We have 10.6.x server that's bound to AD, and use Augmented User records to get our network home folders on AD bound 10.5/10.6 clients. Works like a champ. However, 10.7 clients will authenticate but will not mount network home folders. At all.

  • 4. Re: Network Home Directories sharing
    robnet Level 1 Level 1 (5 points)

    John, I'm not sure if you still require NFS mounted home directories since this reply is some 10 months late. However, if you do you can do it by deleting the "HomeDirectory" attribute for the specific user and remove '/Network/Servers' from the front of the path in the "NFSHomeDirectory" attribute. Do this in Lion using the "Directory Utility" viewing 'Users'. Obviously you need to have your NFS exports setup and appropriate permission configured.

  • 5. Re: Network Home Directories sharing
    John Lockwood Level 5 Level 5 (5,360 points)

    Thank you for your suggestion. I don't currently need this ability but may do so in the future (who knows). I can see your tip would let one edit accounts to use an NFS path, but your tip would not as far as I can see address adding the NFS share to Open Directory as an advertised user home directory auto-mount and thus the clients would not be auto-mounting the NFS share.

     

    With NFS home directories the client machines need to have mounted the NFS share before any user has logged in, this is normally done during the boot process. This is different to AFP home directories which only do the mount after the user has logged in.

     

    I suppose there are ways to manually configure the clients to have static mounts for NFS defined which would get round that but if you have any suggestions I would like to hear.

  • 6. Re: Network Home Directories sharing
    Charles Snider Level 1 Level 1 (5 points)

    I use 10.6 server in an OD/AD environment, and mount home folders for Augmented Users. In order to get the folders to mount with 10.7 clients, we had to change the following on the 10.6.8 server:

     

    In Workgroup Manager, go to Inspector/Config/augmentconfiguration. Edit the XMLPlist attribute and remove the following two lines:

     

    <key>Augmented Directory Node Name</key>
    <string>/Active Directory/All Domains</string>

     

    Save the setting, reboot the 10.7 client and please let me know if the AFP home mounts.

     

    It does.

     

    The  other workaround is to not use Augments, but that's not our point.

  • 7. Re: Network Home Directories sharing
    John Lockwood Level 5 Level 5 (5,360 points)

    TThe issue I original raised was not to do with home directories in an AD or mixed AD-OD environment, but to do with wanting to use NFS rather than AFP as the protocol. Lion Server no longer officially supports NFS at all and even if you manually enable it (which you can) you cannot set it as a an auto-mount for home directories. robnet above suggested a partial workaround which lets you modify user records to use an NFS formatted path for home directories but as far as I can see this still does not solve the issue of making the NFS path an auto-mount.

  • 8. Re: Network Home Directories sharing
    robnet Level 1 Level 1 (5 points)

    Although the NSF mount is not advertised via OD it still does auto mounts for the user profile directories/home shares. Keep in mind that this method is a basic setup where filesystem security is based on UIDs/GIDs (there is not authentication with NFS). If a user has admin/root rights on their Mac connected to the network they can easily create a user account with whatever UID/GID they like. This will allow them to masquerade as any user they like. I would not recommend this for production networks, maybe a lab or home network. I don't think that Lion supports NFSv4 with Kerberos?

  • 9. Re: Network Home Directories sharing
    scarrab666 Level 1 Level 1 (0 points)

    Sorry, I'm late to the Game on this one... I'm upgrading this weekend (I say upgrade but I'm really migrating from Snow Leopard to Lion Server). I was planning on having Network Homes not on my OD Master. Is this now not possible? I'm very scarred

  • 10. Re: Network Home Directories sharing
    Alfista_SK Level 1 Level 1 (0 points)

    Please can be precise with the describing where should I change the strings:

     

    <key>Augmented Directory Node Name</key>

    <string>/Active Directory/All Domains</string>

     

    I can't find it.

     

    Thanks.

  • 11. Re: Network Home Directories sharing
    Omniver Level 1 Level 1 (10 points)

    John, If I'm understanding what you are asking, I believe you can get pretty much what you want by using the Kerberized NFS option.  Kerberized NFS allows you to mount the same folder to the same mountpoint simulateously by different users (something AFS can't do) and works beatuflly with automount.  Because it handles the simultaneous mounting, it even allows you to fast-user-switch between users with home directories from the same server. 

     

    See my post https://discussions.apple.com/thread/3256600?start=0&tstart=0 which at the end shows the rather simple steps I eventually figured out to get this working with automount. 

     

    Even if you don't go with kerberized NFS, the automount steps would be identical and should work with standard, unauthenicated NFS. 

  • 12. Re: Network Home Directories sharing
    John Lockwood Level 5 Level 5 (5,360 points)

    It is still possible to manually setup the NFS server in Lion and it might be possible to set this up as an automount for Lion clients. As you say NFS does allow multiple network logins (i.e. fast user switching) to work, it also as I mentioned gets round the problems of several badly written applications which (like Adobe Creative Suite) which otherwise have problems running with network home directories.

     

    The problem is that in Lion Server you cannot define the NFS share as the location for the users network home directory any more, at least not using Apple provided tools. Or are you saying you have managed to get network home directories working via NFS?

  • 13. Re: Network Home Directories sharing
    Omniver Level 1 Level 1 (10 points)

    I'm doing it a little different, I'm NFS automounting data storage volumes rather than home directories and it's working well with simultaneous users. 

     

    My users' records (all default)  contain both the HomeDirectory field with the afs:// URL and also NFSHomeDirectory with a  /Network/Servers/machine/HomeDirExport/user path.  In my experience, automounter will happily handle NFS if it's being exported (I'm automounting both NFS and AFS and it picks whatever is being shared) so I would expect automounter to use your NFS exported home directory folders if they matched the path expected by user record entry.  The fact that by default OSX is putting in a 'NFSHomeDirectory' field is a good sign, I would expect NFS to use that field and not the AFS one.

     

    Googling around a bit on this I found http://www.rlbeaver.com/2012/04/os-x-lion-network-home-folders.html

     

    This appears to be the approach he took: 1) Export a /Users via NFS 2) Setup the auto_home map on the clients to use your export 3) Ensure the user's home directory in LDAP points to the right path to trigger the auto_home.

     

    While I haven't done it, I've verified that I right-click on a user in "Server" I can go to advanced options and set the home directory to whatever I'd like. 

     

    Good luck

  • 14. Re: Network Home Directories sharing
    Alfista_SK Level 1 Level 1 (0 points)

    Hi John,

     

    Please can be precise with the describing where should I change the strings:

     

    <key>Augmented Directory Node Name</key>

    <string>/Active Directory/All Domains</string>

     

    I can't find it.

     

    And can you help me with home directory too. I have binded OD server with AD server on witch I have all users, but I have problems to log on mac clients systems with augmented AD users on OD server. I thing all problems are with home directory. I have seted all on AD Win server like it should be (like a training video from apple), but nothings help. If its nesesery I would like to change the home directory for the augmented users to mac server, but I don't know how. Nothing work what I do....

     

    Please help me.

    Thanks.

1 2 Previous Next