Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: John_C
John_C Author
User level: Level 1
45 points

Active directory domain users - user home folder not present

After having lots of fun binding to a .local domain . . .

The binding is complete and all appears to work fine as to network access and such.


Problem is certain programs are having trouble launching or saving the preferences applied when they are open.

For example Firefox gives the option to Create a profile when starting.

It wants to create this profile in the location of /home/username/Library/Application Support/Firefox/Profiles/

It errors saying "Profile Creation failed. Profile couldn't be created. Probably the chosen folder isn't written. Exception Component returned falilre code NS_ERROR_FILE_ACCESS_DENIED"


This mac was logged into using the "other user" network user option and have used network credentials.

When the system is loaded if I go the the sidebar and turn on the Finder Preference "Favorite" that is my user name.

Then open this username folder it carries me to a location that has a path of /name of computer/user name/ where the name of the computer is what is shown in sharing as the computer name in the sharing preference.

I do not see a home folder for the user that is logged in the /Macintosh HD/Users/ folder where I would expect to see it.


So . . .


I have another identical computer that is logging into the domain.

This other computer logs in using the same user info but places the home directroy in the /Macintosh HD/Users/

It has no issues with any app opening or saving preferences.

This computer also mounts a volume on the desktop after login named Users$

This volume was never defined on the Mac side, it just appeared after binding and logging in.

This volume does not showup on the problem Mac.


All appears the same from what I can tell when comparing settings in the Users & Groups/Login Options/Edit/Directory Utility/Active Directory/ between these two computers.


Maybe this will make sense to someone. I'm needing help to find out how to determine what is making this problem computer not behave like the other. Any suggestions or questions would be greatly appreciated.


Thanks,

John

iMac (27-inch Mid 2011), Mac OS X (10.7.3), VM Ware with XP Pro

Posted on Feb 27, 2012 11:09 AM

Reply
7 replies
User profile for user: Strontium90
Strontium90
User level: Level 5
4,833 points

Feb 28, 2012 4:54 AM in response to John_C

Based on your description, it sounds like the problem system has not created cached credentials and may be trying to load the home based on the UNC path as defined in AD. Try this on the troubled machine:


Prep: Launch System Preferences > Accounts. Does the user in question appear in the list of users? I am guessing no. If not, then continue. If yes, then post that and I can provide an alternate step.


1: Log in as the local admin

2: Open Directory Utlity (System/Library/CoreServices)

3: Edit the Active Directory configuration and make sure that Create Mobile Account is enabled and that Use UNC path is disabled.

User uploaded file

4: Now log out and try to log in as the domain user in question.

5: You should be prompted to cache the account credentials - Accept this

6: Confirm that a home folder was created in /Users


If so, then log off of the domain account and back in as the local admin. Re-enabled the Use UNC path option from above and then log in as the domain user. Does the network home folder mount in the dock?

Reply
User profile for user: John_C
John_C Author
User level: Level 1
45 points

Feb 28, 2012 6:01 AM in response to Strontium90

Thanks for the response . . .


Like you mention the user in question does not appear in the list of users.


Following your steps I change the Active Directory Advance options in Directory Utility.

Click OK.

The "Apply" button is grayed out

When I click on the pencil to edit the Active Directory options again they show th Use UNC path as checked.


So basically it seems that it will not hold the changes being made to the Advanced Options.


I created a new admin user to try this under but got the same results.


Any ideas?

Reply
User profile for user: Strontium90
Strontium90
User level: Level 5
4,833 points

Feb 28, 2012 4:02 PM in response to John_C

Yes, that is because the account is not cached. It is visible when active but not present when no logged in to the console.


You can use dsconfigad to set the same setting. Try;


sudo dsconfigad -useuncpath disable


Then try reading the settings with:


sudo dsconfigad -show


You can also try


sudo dsconfigad -localhome enable


And finally, look in /Users to see if the user's home is present. If it is, you might want to rename it before trying to log in as the user. Don't delete it if it contains user data.

Reply
User profile for user: John_C
John_C Author
User level: Level 1
45 points

Feb 29, 2012 6:47 AM in response to Strontium90

Excellent.

Using the dsconfigad -show I was able to compare the two machines. Then made all match the working one using dsconfigad. It seems the GUI was not saving my changes. Restarted and logged in and all operates equally. If it means anything below is what I ended up having with the -show


Active Directory Forest = my_domain.local
Active Directory Domain = my_domain.local
Computer Account = my_imac_name$


Advanced Options - User Experience
Create mobile account at login = Disabled
Require confirmation = Enabled
Force home to startup disk = Enabled
Mount home as sharepoint = Enabled
Use Windows UNC path for home = Enabled
Network protocol to be used = smb
Default user Shell = /bin/bash


Advanced Options - Mappings
Mapping UID to attribute = not set
Mapping user GID to attribute = not set
Mapping group GID to attribute = not set
Generate Kerberos authority = Enabled


Advanced Options - Administrative
Preferred Domain controller = not set
Allowed admin groups = not set
Authentication from any domain = Enabled
Packet signing = allow
Packet encryption = allow
Password change interval = 14
Restrict Dynamic DNS updates = not set
Namespace mode = domain




Really appreciate it,

John

Reply
User profile for user: Strontium90
Strontium90
User level: Level 5
4,833 points

Feb 29, 2012 7:04 AM in response to John_C

Glad to help. There is a lot of inconsistency in the binding tools in Lion. There are three basic methods:


1: Use System Preferences > Accounts > Join button

2: Use Directory Utility > Active Directory

3: Use dsconfigad


The problem is that each of the tools results in a slightly different user experience and eventual management of the bind.


Enjoy

Reply

Active directory domain users - user home folder not present

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up