AD home directory not mounting properly

New Contributor

Environment: Active Directory fores and domain at the 2008 functional level. No open directory or golden triangle. Casper joins macs to the domain no problems. Users have AD accounts. Some have home directories set, some don't.

If an AD user without a home directory set logs into any mac also joined to the domain, everything works great. No issues.

If an AD users with a home directory logs onto a 10.8.x mac also joined to the AD, everything works great. Home directories mount, everything is golden. I have tried with several different users who are members of several different groups having home directories on different Windows servers (both 2003 and 2008).

It all breaks when the exact same user (with the home directory settingss) logs onto a 10.7.5 mac (also joined to AD). One of two things happens:

  1. if the home directories ntfs permissions grant that user "ownership" of their directory the user can't log on at all. I get the message saying "Logging in to the account failed because an error occurred." That's it, the user never logs on.
  2. If the home directory ntfs permissions are set to everyone full control with inheritance at the top of the directory structure, the user can log on, but an error message comes up saying that an error occurred when connecting to "servername" but it at least lets the user logon. There is a question mark icon where the home directory should be on the dock. I can then go and connect to the server with the SMB path, it asks for the users credentials which I put it and then it will mount the directory. And that is only if there are basically no permissions set to the entire share and directory tree.

What gives? We have hundreds of 10.7.x machines. I can't have users only be able to log on to the new ones and not the old ones.


Contributor III

I'll assume the following:

  1. DNS forward and reverse are good
  2. [code]dscl /Search -read /Users/jbr HomeDirectory[/code] returns with proper AFP/SMB mount.
  3. [code]dscl /Search -read /Users/jbr NFSHomeDirectory[/code] returns with the proper Server path
  4. [code]klist -A[/code] returns with the correct TGT

With AFP/SMB shares for home directories, you need to make sure that it's "readable" throughout the entire path. This is easily done in POSIX for "Everyone" marked as "Read". Not sure of the Windows Server equivalent.

New Contributor


Where would I run those commands? Like I said, I can't get the user to log onto a 10.7.5 machine if there are any type of restrictive permissions at the home directory share. Or should I run those commands on the 10.8.6 machine?