Posted on 10-23-2013 08:50 AM
Is anyone else experiencing this problem?
We threw Mavericks onto a few test machines last night, all of which are bound to AD. Problem is, after upgrading, the network home folders don't mount. Our 10.8 and 10.7 clients still work fine. Unbinding/Binding to AD didn't seem to fix it either.
Solved! Go to Solution.
Posted on 11-13-2013 07:21 AM
Just to clarify in this thread, we discovered that our specific issue coincided with our update to JSS 9+. Turns out it didn't have anything to do with Mavericks, but I'm glad another discussion was started for those having 10.9 issues.
The reason our home drives were disappearing was due to two things: a bad managed preference and a bug that was fixed in 9.21 with Login Window config profiles inserting blank preferences.
Posted on 10-23-2013 11:23 PM
I have the same problem. There is a new option in the dsconfigad command.
-sharepoint ('enable' or 'disable' mount network home as a sharepoint.)
But it doesn't seem to change anything if i enable it.
Posted on 10-24-2013 08:36 AM
Same problem here. Sounds like what happened when they first released Lion. I bet we have to just wait for 10.9.1 or 10.9.2. I'm hoping somebody can think of a proper fix before then.
Posted on 10-28-2013 03:18 AM
We see here irregular behavior after binding OS X v10.9 clients to OS X Server 10.6.8. The authenticated bind works fine however the lookup later fails. The machine record is also not created and no directory lookups succeed nor do network logins. This is a test setup so no bigger problem.
Initial health-check of the OD didn't return anything that looks like this is a directory problem. 10.8 and 10.9 clients bind fine.
Alex
Posted on 10-28-2013 05:07 AM
Just to update my first post in this thread:
The behaviour was with the first release candidate occurring (we have an adc account). We cannot replicate this in 13A603.
Posted on 10-28-2013 06:07 AM
YES,
I found that with a Machine ALREADY bound to AD, (OS X 10.8.5), and then with Mavericks installed (OSX 10.9.0)
-- It could still use Network Home areas (Mobile account configuration, with network home auto mount over smb)
BUT - if the AD-Bind was undone -- it could NOT then be Redone
Nor could a fresh AD Bind be made..
This is not due to a an AD-Bind script fault, or a Casper-Issue,
-- I've proved that by attempting to do a manual AD-Bind, that works under 10.8.5 but fails under 10.9.0
-- with the error message about an "Incompatible AD-PlugIn"
I need too find out more about our AD-Server, we are using a Read-Only domain controller as our Primary,
and I think we are using MS-Server 2008. (I'll post more accurate info when I have it).
Currently this problem would prevent us from rolling out Mavericks to LAB areas.
Posted on 10-28-2013 07:13 AM
Are the home folders AFP or SMB?
Posted on 10-28-2013 07:36 AM
As a workaround I created a little Applescript to mount the user network home and another internal share in our company. It's started when the user logs in as a LaunchAgent.
You have to check if the network home is the same attribute (SMBHome:) in your AD.
-- get User Name
set UserName to do shell script "whoami"
-- get Home Directory
set HomeDir to do shell script "dscl . read /Users/" & UserName & " | grep SMBHome: | cut -c 10- | tr '\' '/'"
set HomeDir to "smb:" & HomeDir
tell application "Finder"
-- Mount User Home
try
mount volume HomeDir
on error
-- do nothing
end try
-- Mount Fix Share
try
mount volume "smb://internal/share"
on error
-- do nothing
end try
end tell
Beside the workaround for this problem the advantage of this method is that there is no error when logging in offline because the server is not reachable.
Oh and in case you are wondering why Applescript... ;) I'm using the Applescript because it makes use of Kerberos to mount the shares. So the user don't has to put in any credentials.
Posted on 10-28-2013 04:17 PM
Hi Jacob, if you are asking me - the answer is we are using / trying to use SMB mounts.
Works OK in 10.8.5, but not in 10.9.0.
I'll try again tomorrow, with no home mount, to see if that helps..
Posted on 10-29-2013 04:33 AM
The reason I asked is because I heard that SMB2 does not work well in Mavericks. Some people have had success using CIFS to mount the shares instead:
cifs://server/share
Alternatively, someone tried this method:
echo "[default]" >> ~/Library/Preferences/nsmb.conf; echo "smb_neg=smb1_only" >> ~/Library/Preferences/nsmb.conf
I haven't tried either, but thought it might be useful anyway.
http://cammodude.blogspot.com/2013/10/os-x-109-mavericks-workaround-for-smb.html
http://www.tuaw.com/2013/10/27/did-mavericks-kill-your-network-drive-access-heres-a-fix/
Posted on 10-29-2013 04:42 AM
@jacob_salmela That's exactly what I just posted!
Posted on 10-29-2013 04:42 AM
@jacob_salmela That's exactly what I just posted!
Posted on 10-29-2013 04:52 AM
@franton Look at that!
https://jamfnation.jamfsoftware.com/discussion.html?id=8842
I noticed your file path was different; does it work as either of these?
/etc/nsmb.conf
~/Library/Preferences/nsmb.conf
Posted on 10-29-2013 04:55 AM
Retried this morning with NO SMB home drive configured.
Using Manual setup of "Directory Utility", ( with same credentials as for 10.8.5 (which does work ))
and I still get: "The Plugin encountered an error processing request"
-- So this is NOT a casper issue.. It's a problem with Mavericks and our particular AD-Server..
-- and the issue I have is not an SMB issue..
Posted on 10-29-2013 05:02 AM
Correct. The /etc/nsmb.conf file (according to the man page) is system wide whereas the ~/Library/Preferences/nsmb.conf is specific to a user only.
Posted on 10-29-2013 05:04 AM
To clarify..
(1) If I have an AD-Bind active BEFORE upgrading to Mavericks - it still works
(2) But if I try an AD-Bind AFTER installing Mavericks - It FAILS ( The AB-Bind fails )
If I have a machine with Mavericks, where the AD-Bind is still OK as in (1) above,
and then I unbind from AD I cannot then Rebind it.
(Where as when it was running 10.8.5, rebinding was no problem.)
And with NO SMB selected - to eliminate that.
It seems that I am suffering from a more fundamental problem with Mavericks and AD-Bind..
(Our AD-Admin is not in at the moment, so I can't check AD-Server details yet).
So my problem is not really "Home Area Mount" - it's NO AD-Bind -- Under Mavericks..
I wondered if any others were seeing a similar problem..
Posted on 10-29-2013 05:10 AM
Not here. Our AD bind on imaging works flawlessly.
Posted on 10-29-2013 05:29 AM
My AD-Bind on imaging also works flawlessly - with 10.8.5
But not with Mavericks.. (10.9.0)
Posted on 10-29-2013 05:38 AM
Works fine on both here.
Maybe start a new discussion about the bind issue?
Posted on 10-31-2013 04:49 PM
OK I've just started a new discussion on the binding problems here:
https://jamfnation.jamfsoftware.com/discussion.html?id=8872
Lincoln
Posted on 11-13-2013 07:21 AM
Just to clarify in this thread, we discovered this issue coincided with our update to JSS 9+.
The reason our home drives were disappearing was due to two things: a bad managed preference and a bug that was fixed in 9.21 with Login Window config profiles inserting blank preferences.
Posted on 11-13-2013 07:21 AM
Just to clarify in this thread, we discovered that our specific issue coincided with our update to JSS 9+. Turns out it didn't have anything to do with Mavericks, but I'm glad another discussion was started for those having 10.9 issues.
The reason our home drives were disappearing was due to two things: a bad managed preference and a bug that was fixed in 9.21 with Login Window config profiles inserting blank preferences.
Posted on 11-13-2013 10:21 AM
btaitt, did you need to recompose your profile or redistribute your profile or did it correct itself after the update.
I am having the same issues, did the update earlier today but still having issues with most network folders.
Posted on 11-20-2013 11:50 PM
btaitt,
can you please specify which managed preference is / was bad with your system? I have very similar problems with a customer's AD binding here.
Posted on 11-25-2013 07:34 AM
entholzner,
It was a combination of things:
- A login window configuration profile that puts a banner on the login page and forces names/password field. We replaced it with a new config profile with the same settings. - A managed preference with Finder settings "Show Removable Media on Desktop" and "Mounted Servers on Desktop". Basically, deleting that managed preference fixed it and replacing the config file kept it in place.
Posted on 11-25-2013 02:45 PM
oh wow, I'm finally glad to see a post about this here, I've been tearing my hair out over this issue for a while. Happened when I upgraded the JSS 8.7 to 9.12 - network home directories don't mount, just a big honkin' question mark in the dock. I came to the conclusion that some kind of user-level managed preference was screwing stuff up but was never able to isolate it. I removed a set of test machines from the scope, deleted mcx settings, removed the jamf framework, re-enrolled and still no-go, but I think it's because I didn't scrape up all the mcx settings. Anyway, I was getting totally annoyed, so I straight up reimaged a machine and things are back to normal (however I'm not in a position to reimage our entire fleet for a while). So now I'm busy converting a lot of these managed prefs to config profiles or policies. And then I suppose another JSS update is in order.
In addition to the managed preferences you listed, one that was affecting me was com.apple.swipescrolldirection
Posted on 11-26-2013 03:12 AM
What I've found is that any user-level managed preference, regardless of what it is - e.g.: Flip4Mac's version checker, "show hard drives on desktop" - causes the home directory to not mount. Even a single key. This occurs on 10.7.5, 10.8.4, 10.8.5 and 10.9.0 on Casper 9.2. At present I have all user-level managed preferences turned off in order to restore home directory mounting, as it's a higher priority to me. What I found is that adding any user-level managed pref also added some unwanted stuff to the loginwindow (not com.apple.loginwindow, just loginwindow) domain that seems to mess with homedir mounting.
Do an mcxquery and an mcxquery -user username with your user-level managed preferences on. Repeat with them off (add the computer into the Exclusions section). Then use "diff" (or equivalent comparison, e.g.: TextWrangler) to compare the results. You may find there's differences aside from the ones you expected.
Unfortunately, Configuration Profiles are currently also a bit buggy too: https://jamfnation.jamfsoftware.com/discussion.html?id=8442
I've logged it with JAMF, worked around it for now, and looking at the fix mount script.
Posted on 11-26-2013 05:29 AM
Yeah -- see:
https://jamfnation.jamfsoftware.com/discussion.html?id=8914
and
https://jamfnation.jamfsoftware.com/discussion.html?id=8279
This has been a big issue since 9.X -- I had a script made a long while back to assist in working around this for now. https://gist.github.com/GSquared/6fcd0d0da615ba213647
It is filed under defect D-005615 from JAMF, they definitely know about it!
Posted on 03-04-2014 11:48 AM
Does anyone know if this was fixed in the 9.24 update? I don't see it listed as a known issue but I don't see it listed as fixed either.
Posted on 03-06-2014 04:14 PM
So this is still happening to me, but only when there are certain config profiles and/or policies applied. Problem is, I don't know which ones, it's completely weird. Btaitt, I read your post above that said your issue was due to a bad managed preference and then something regarding a config profile that was fixed in 9.21. I tested this just now and I am still experiencing the problem - no managed preferences are being applied to my machine. I do have a login window config profile but I don't think it's the culprit since I can get the homes to mount with that profile applied. I've tried making my test machine a member of a group that has 2 config profiles and 3 policies in scope - when it's a member of the group, I get the question mark. When it's outside the group (zero policies/config profiles in scope), the network home mounts fine. When I started applying each of those policies and config profiles individually - not just one at a time, but incrementally - it's fine too, which makes zero sense to me because they all add up to everything that was being applied when the computer was a member of the group.
Since my last post on this thread I've upgraded to Casper 9.24 and am using an OS X 10.9.2 base image.
Posted on 09-09-2014 06:26 AM
This has worked fine for us since the 9.32 update.