Roaming Homes on Xserve with AD Authentication
I am integrating an OS X Server (Xserve, Xeon Quad) in an Active Directory environment (Win 2003 Server). I have the Xserve set up as an Open Directory Master and it's bound to the Active Directory domain. Kerberos is working for AFP, but SMB is NOT working (seems SMB is actually not Kerberized and requires the /etc/smb.conf file to be configured correctly - another issue for another day... but if you have advice, I won't stop you).
The reason they're doing this is because they want their Mac folks to have roaming network home folders. So, the "home folder" (smbHome) records for all the users in AD (Active Directory) point to the User share on the Xserve. Clients bound to AD and OD (AD first, of course) are able to authenticate and log in.
Here's the messed up thing:
SOME users get the networked home folders mounted (/private/Network/Servers/server x.company_x.com/Users/userx). OTHERS do NOT.
From best I can tell, Mac OS X knows where to mount the home folder based on the Directory Services attribute called "NFSHomeDirectory," which regularly (in the case of NetInfo, for example) goes to the Users's folder (/Users/user_x). In order for it to be a roaming home folder, the NFSHomeDirectory attribute needs to have a value of /Network/Servers/server x.company_x.com/Users/userx and AD has NO attribute for "NFSHomeDirectory" (or HomeDirectory, for that matter).
So how does OS X get the NFSHomeDirectory value? As far as I can tell, dynamically. It takes the smbHome field (which DOES exist in AD) and uses it to dynamically sculpt a HomeDirectory (xml plist format) and, using that, then an NFSHomeDirectory (at last).
Here's the problem - SOME of the AD users are getting a "HomeDirectory" attribute and SOME are getting NOTHING. They all have an smbHome and the format is the same for every one (\\Xserve\Users\user_x). When I get a user with a "HomeDirectory" attribute, it makes the right kind of "NFSHomeDirectory." When I get a user with NO "HomeDirectory," the "NFSHomeDirectory" is dynamically set to "/Users/user_x" which forces OS X to make the user's home folder locally, thwarting my plan to make the home folders NETWORKED (stored on the Xserve) and completely negating the reasons for why I'm out there.
Forward and reverse lookups (using the host command line binary) are working for the Xserve using the Windows DNS system.
Is my understanding flawed? What on Earth is going on here??
Anyone ever done this? Anyone know why some AD users get the dynamically assigned "HomeDirectory" attribute while others do not? Is that even what's happening?
Quad Core Xeon Xserve Mac OS X (10.4.8) Win 2003 AD Server
Quad Core Xeon Xserve Mac OS X (10.4.8) Win 2003 AD Server