Jamf Nation Community

kellsbells · ‎10-14-2014

We’re predominately a Windows shop and in the process of binding our (10.9 only) Macs to AD. At the moment our clients mount the SMBHome contained within the homeDirectory attribute on AD as expected, at /home/username.

However, what I'd like to do is have clients take this attribute but add a suffix so the path:

smb://share/staff/firstletterofusername/username/MacOSX

....gets mounted, as opposed to:

smb://share/staff/firstletterofusername/username

which is used by our Windows clients.

It looks as though the clients are populating their own NFSHomeDirectory attribute (which points to /home/username) which is fine, but I suppose I would prefer the local mount point to be /Users. I’m guessing I can get our AD team to add and populate that attribute on our servers.

The only idea I’ve had so far is to write a script for the JSS that runs at user login time which does the following:

Get the username
Retrieve the user's SMBHome value and convert to forward slashes
Add the user to the /etc/sudoers file so the local mount point (at /Users) can be created if not present already
Issue the mount command
Remove user from /etc/sudoers file

But I can’t help thinking there’s a better way of doing this. Scripting is not really my strong point, yet. I know that scripts in the JSS run as root, so the main problem is a normal user being able to create a directory under /Users. And then I wonder about that user having the right permissions to write stuff to the SMB share.

Can anybody suggest a better way of doing this?

Any advice most welcome!

calumhunter · ‎10-14-2014

so currently when a user logs in a share called $username gets mounted and appears on their desktop?

and you would like instead for a subfolder of $username called MacOSX to be mounted and appear on their desktop?

is that what your after? Because this would mean that the contents of $username would not be visible to the users on OS X, imagine they create a word doc and save it at $username/mydoc.doc
this would be inaccessible to the users on OS X

kellsbells · ‎10-15-2014

Yes at the moment smb://share/staff/firstletterofusername/username is mounted under /home/username. It doesn't appear on the dock but I know this is working fine via Terminal.

smb://share/staff/firstletterofusername/username/MacOSX exists and I would like my Mac clients to mount that automatically when a network user logs in.

calumhunter · ‎10-15-2014

the easiest way would be to just symlink the the folder
so when username share is mounted into /home/username

then just symlink it with something like
ln -s /home/username/MacOSX ~/Desktop

kellsbells · ‎10-21-2014

Thanks, but won't that mean things like their Documents won't automatically be stored in my desired location unless they manually drag them to the desktop icon?

I'd like the user to be by default writing everything into $currentsmbshare/MacOS, so their Music, Pictures, Documents, Movies folders etc. get created there.

This is mainly so when accessing their Windows systems, their OS X files are distinct. They should be able to see their OS X files from a managed Windows system, but we don't yet see a need for OS X users to see their Windows files - not automatically anyway.

calum_oac · ‎10-21-2014

.

calumhunter · ‎10-21-2014

Oh so you want to do network home directories?
I wouldn't do that. OS X keeps a Library folder in the users home folder, this contains a lot of settings files etc etc, it gets hammered with disk I/O putting that over the network even on a few clients connected to a gig network is asking for trouble. Over wifi on laptops? Crazy talk especially when you add in network drop outs closing the lid of the laptop and having it reconnect to the server.

sym linking specific folders would be the way to go with a mobile account. but honestly I wouldn't bother. It sounds like you're engineering a solution to a non-existent problem, mac files and windows files are just files, why bother separating them out and only introduce inflexibility to your solution. Just because you dont see a need for users to access their files created on windows systems doesn't mean that users dont have that need or wouldnt appreciate the functionality.

Please dont take this the wrong way i'm not trying to be rude

kellsbells · ‎10-21-2014

Yes we will need to do network homes as we have all the storage infrastructure in place already. Our laptops will have mobile AD accounts.

I've read elsewhere that network homes should be OK in the main, but some Library/Cache files ought to be redirected to local disk.

calumhunter · ‎10-21-2014

I think you will find it is a horrible user experience.
remember to test test test all your applications - adobe, office, ilife apps, iwork apps etc etc
i recall adobe and office having issues with this.

I would go the other way, mobile accounts and redirect the users folders except the Library folder to the network share

that way ~/Documents redirtects to /home/username/macosx/documents (network share) leaving ~/Library on the local HD

kellsbells · ‎10-22-2014

Mobile accounts even on our desktops?

Do other environments set things up this way?

Jamf Nation Community

Network homes