Network Home Folder Redirection with Profile Manager?
Mac mini, OS X Server
Newsroom Update
Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >
Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >
Step1: First you have to create the plist file like you would like it.
For instance, I use TextWrangler to create my plist with the following settings.
Step two:
then you have to convert it to XML in terminal using..
/usr/bin/plutil -convert xml1 /path/to/plistfile
You will not see any feedback if the file has converted properly.
Step three:
then you have to upload the converted plist to your profile server.
Step1: First you have to create the plist file like you would like it.
For instance, I use TextWrangler to create my plist with the following settings.
Step two:
then you have to convert it to XML in terminal using..
/usr/bin/plutil -convert xml1 /path/to/plistfile
You will not see any feedback if the file has converted properly.
Step three:
then you have to upload the converted plist to your profile server.
Thanks for the solution.
Any way you would be willing to share the text from the image as text?
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>LoginRedirection</key>
<array>
<dict>
<key>action</key>
<string>deleteAndCreateSymLink</string>
<key>destPath</key>
<string>/tmp/%@/Library/Application Support</string>
<key>path</key>
<string>~/Library/Application Support</string>
</dict>
</array>
<key>LogoutRedirection</key>
<array>
<dict>
<key>action</key>
<string>deleteandCreateSymLink</string>
<key>destPath</key>
<string>/tmp/%@/Library/Application Support</string>
<key>path</key>
<string>~/Library/Application Support</string>
</dict>
</dict>
</array>
</dict>
</plist>
Thanks, thats great.
I started a discussion like this that I will point to your answer.
Hi chris-digginIT,
Any idea how to not allow simultaneous login on managed computers using profile manager?, thanks in advance.
Hector
Thanks for the help.
@ Hector, so far, WGM is the only way that i've seen to do that. I'm sure it can be done thru the command line somehow as well.
Hi Hector,
Since Allow Simultaneous is handled in OD, you need to download Workgroup Manager 10.9 and use it to edit each users account by disabling the setting manually (deselect the checkbox under Advanced tab for the user. .
Basically, WGM is adding in a MCXFlag into the user account stored in OD. The flag is a PLIST (XML).
Here is a read using DSCL of my account before and after making the desired change in WGM. I'm sure you could edit all your accounts with DSCL scripting, but I'm not sure if you can pull the plist data and create a custom profile to push out to a group using Profile Manager. But it's worth a shot if you have lots of accounts to edit. You can see the MCXFlag added below in the pink box.
Here is the DSCL man page.
https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/ man1/dscl.1.html
I hope this helps.
Chris
HI Chris, We uploaded the Simultaneous login in PLIST in profile manager but could not get it to work. We did verify that the setting was pushed to the devices. Can you tell me where you took your screen shot from so I can see what my setting are perhaps? Do you have any other ideas as to what we could have done wrong? We do have WGM installed, how do I know that they are not conflicting with each other? Thanks for all your help.
Has anyone been able to get this to actually work? I finally had time to test and did the following:
- Uploaded the plist file, com.company.cacheredirect.plist in my case, to Profile Manager with the code in the exact format showing below. No conversion needed. Chris-digginIT's version had a double </dict> line near the end that had to be reduced to a single to work.
- Applied the profile to the same Preference Domain that was used originally when doing this with WGM : com.apple.MCXRedirector
- Folder for redirect is created in /tmp on the local machine but caching is still going to our network homes.
Any guess how to make it actually redirect? It appears to not create the symlink.
PLIST:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>LoginRedirection</key>
<array>
<dict>
<key>action</key>
<string>renameAndCreateSymLink</string>
<key>destPath</key>
<string>/tmp/%@/Library/Caches</string>
<key>path</key>
<string>~/Library/Caches</string>
</dict>
</array>
<key>LogoutRedirection</key>
<array>
<dict>
<key>action</key>
<string>deleteSymLinkAndRestore</string>
<key>destPath</key>
<string>/tmp/%@/Library/Caches</string>
<key>path</key>
<string>~/Library/Caches</string>
</dict>
</array>
</dict>
</plist>
Hi Erich,
I had the exact same issue as you. There were two things that solved it for me:
- I had the plist named com.spark.folderredirection. I instead renamed it to com.apple.MCXRedirector which is what workgroup manager calls it
- I changed the file protocol for home folders to AFP. SMB home folders were not disconnecting when the user logged out or their machine restarted so when you log back in, these settings do not always take effect. Changing to AFP makes the user log out straight away.
Let me know if you have any luck! Its a lonely world for a mac admin!!
- Alan
p.s. Thanks for your solution Chris
Alan,
Thanks for spotting the AFP requirement. I am now running into the balky bit of getting users to connect via AFP. I got one to do it but others will not. Changed user home share to AFP via Server 4.0.3 which should shift it over. Rebooted server just in case. Server shows the change to AFP after reboot. One user now connects via AFP all others, not so much.
Ideas?
I have been growing frustrated with the partial transition that has happened in server services in the last couple of years.
What happens when you log in after changing the share folder to allow home directories over AFP? Do you get an error message on the client machine or does it just log in using SMB again?
Alan,
On initial change, no user could log in with generic "can't log in at this time" error. After additional reboot everyone can log in but go straight to SMB.
I had this exact same issue too Erich.
When I changed the home folder setting from AFP to SMB, the absolute path to the user's home directory's didn't update. I remembered this same behaviour occurred in earlier OS and I used to just use workgroup manager to remove the "smb://" path for the user and manually add the "afp://" path.
Without having workgroup manager this time, I highlighted all of my local network users in the Server App, edited them, set their home folders back to "Local Only" and confirmed. After that, I selected all the users again and chose my network share folder. This updates the absolute path (which you no longer have a place to see in 10.10 server!) to "afp://".
Give that a go..
That's it.
Slightly easier process: I selected the user, selected the showing user home location and saved. That was the one user that worked before. Now I have others working as well.
Thanks Alan. That covers it. Hopefully this will be migrated to SMB so it can provide the same benefits there too.
Network Home Folder Redirection with Profile Manager?