AD Login and SMB Home Directory Mounts?

mccallister
Contributor

Is there any entity out there that has managed to figure out how to get Macs to work with AD to mount home directories on windows file servers?

In 10.8 our users could log in with their AD credentials and get their home directory mounted that was on the windows file server. Then Apple broke their implementation of SMB in 10.9 and has never fixed it. Trying to mount home directories on SMB servers give errors such as wanting to repair the user's library and all kinds of permissions and ACL errors.

Anyone out there that has it working? I really would like to move away from having to have home directories creating on the start up disk for AD logins..

2 REPLIES 2

JesseNCSD
New Contributor III

The solution to this at our shop was to create homes with 'modify' access, not 'full control' for our users. The users are set as owners, they just don't have full control.

Full control allows a specific SID/GUID to be set that is essentially trying to add a role that denies delete on base folders for all users (good in that it tries to prevent mistaken deletes of key folders), but this ID is misinterpreted by Windows' filesharing and mistakenly screws with resultant permissions, from what we can tell.

We have a Mac/Windows hybrid home that works across platforms and have been using it with 10.9-10.12.

mark_mahabir
Valued Contributor

In the end we went for Mobile AD accounts and this extremely useful script.

Customers are encouraged to drag and drop their local files to network shares whenever they are on campus. You could always investigate an rsync based backup script to be completely safe, or investigate Google Drive, OneDrive etc.