Jamf Nation Community

Same problem here. Sounds like what happened when they first released Lion. I bet we have to just wait for 10.9.1 or 10.9.2. I'm hoping somebody can think of a proper fix before then.

We see here irregular behavior after binding OS X v10.9 clients to OS X Server 10.6.8. The authenticated bind works fine however the lookup later fails. The machine record is also not created and no directory lookups succeed nor do network logins. This is a test setup so no bigger problem.

Initial health-check of the OD didn't return anything that looks like this is a directory problem. 10.8 and 10.9 clients bind fine.

Alex

Just to update my first post in this thread:

The behaviour was with the first release candidate occurring (we have an adc account). We cannot replicate this in 13A603.

YES,

I found that with a Machine ALREADY bound to AD, (OS X 10.8.5), and then with Mavericks installed (OSX 10.9.0)
-- It could still use Network Home areas (Mobile account configuration, with network home auto mount over smb)

BUT - if the AD-Bind was undone -- it could NOT then be Redone
Nor could a fresh AD Bind be made..

This is not due to a an AD-Bind script fault, or a Casper-Issue,
-- I've proved that by attempting to do a manual AD-Bind, that works under 10.8.5 but fails under 10.9.0
-- with the error message about an "Incompatible AD-PlugIn"

I need too find out more about our AD-Server, we are using a Read-Only domain controller as our Primary,
and I think we are using MS-Server 2008. (I'll post more accurate info when I have it).

Currently this problem would prevent us from rolling out Mavericks to LAB areas.

Are the home folders AFP or SMB?

As a workaround I created a little Applescript to mount the user network home and another internal share in our company. It's started when the user logs in as a LaunchAgent.

You have to check if the network home is the same attribute (SMBHome:) in your AD.

-- get User Name
set UserName to do shell script "whoami"

-- get Home Directory
set HomeDir to do shell script "dscl . read /Users/" & UserName & " | grep SMBHome: | cut -c 10- | tr '\' '/'"

set HomeDir to "smb:" & HomeDir

tell application "Finder"
    -- Mount User Home
    try
        mount volume HomeDir
    on error
        -- do nothing
    end try

    -- Mount Fix Share
    try
        mount volume "smb://internal/share"
    on error
        -- do nothing
    end try
end tell

Beside the workaround for this problem the advantage of this method is that there is no error when logging in offline because the server is not reachable.

Oh and in case you are wondering why Applescript... ;) I'm using the Applescript because it makes use of Kerberos to mount the shares. So the user don't has to put in any credentials.

Hi Jacob, if you are asking me - the answer is we are using / trying to use SMB mounts.

Works OK in 10.8.5, but not in 10.9.0.
I'll try again tomorrow, with no home mount, to see if that helps..

The reason I asked is because I heard that SMB2 does not work well in Mavericks. Some people have had success using CIFS to mount the shares instead:

cifs://server/share

Alternatively, someone tried this method:

echo "[default]" >> ~/Library/Preferences/nsmb.conf; echo "smb_neg=smb1_only" >> ~/Library/Preferences/nsmb.conf

I haven't tried either, but thought it might be useful anyway.

http://cammodude.blogspot.com/2013/10/os-x-109-mavericks-workaround-for-smb.html

http://www.tuaw.com/2013/10/27/did-mavericks-kill-your-network-drive-access-heres-a-fix/

@jacob_salmela That's exactly what I just posted!

@jacob_salmela That's exactly what I just posted!

@franton Look at that!

https://jamfnation.jamfsoftware.com/discussion.html?id=8842

I noticed your file path was different; does it work as either of these?

/etc/nsmb.conf
~/Library/Preferences/nsmb.conf

Retried this morning with NO SMB home drive configured.

Using Manual setup of "Directory Utility", ( with same credentials as for 10.8.5 (which does work ))

and I still get: "The Plugin encountered an error processing request"
-- So this is NOT a casper issue.. It's a problem with Mavericks and our particular AD-Server..
-- and the issue I have is not an SMB issue..

@jacob_salmela

Correct. The /etc/nsmb.conf file (according to the man page) is system wide whereas the ~/Library/Preferences/nsmb.conf is specific to a user only.

To clarify..
(1) If I have an AD-Bind active BEFORE upgrading to Mavericks - it still works

(2) But if I try an AD-Bind AFTER installing Mavericks - It FAILS ( The AB-Bind fails )

If I have a machine with Mavericks, where the AD-Bind is still OK as in (1) above,
and then I unbind from AD I cannot then Rebind it.
(Where as when it was running 10.8.5, rebinding was no problem.)

And with NO SMB selected - to eliminate that.
It seems that I am suffering from a more fundamental problem with Mavericks and AD-Bind..
(Our AD-Admin is not in at the moment, so I can't check AD-Server details yet).

So my problem is not really "Home Area Mount" - it's NO AD-Bind -- Under Mavericks..

I wondered if any others were seeing a similar problem..

Not here. Our AD bind on imaging works flawlessly.

My AD-Bind on imaging also works flawlessly - with 10.8.5
But not with Mavericks.. (10.9.0)

Works fine on both here.

Maybe start a new discussion about the bind issue?

OK I've just started a new discussion on the binding problems here:

https://jamfnation.jamfsoftware.com/discussion.html?id=8872

Lincoln

Just to clarify in this thread, we discovered this issue coincided with our update to JSS 9+.

The reason our home drives were disappearing was due to two things: a bad managed preference and a bug that was fixed in 9.21 with Login Window config profiles inserting blank preferences.

btaitt, did you need to recompose your profile or redistribute your profile or did it correct itself after the update.

I am having the same issues, did the update earlier today but still having issues with most network folders.

btaitt,

can you please specify which managed preference is / was bad with your system? I have very similar problems with a customer's AD binding here.

entholzner,

It was a combination of things:

- A login window configuration profile that puts a banner on the login page and forces names/password field. We replaced it with a new config profile with the same settings. - A managed preference with Finder settings "Show Removable Media on Desktop" and "Mounted Servers on Desktop". Basically, deleting that managed preference fixed it and replacing the config file kept it in place.

oh wow, I'm finally glad to see a post about this here, I've been tearing my hair out over this issue for a while. Happened when I upgraded the JSS 8.7 to 9.12 - network home directories don't mount, just a big honkin' question mark in the dock. I came to the conclusion that some kind of user-level managed preference was screwing stuff up but was never able to isolate it. I removed a set of test machines from the scope, deleted mcx settings, removed the jamf framework, re-enrolled and still no-go, but I think it's because I didn't scrape up all the mcx settings. Anyway, I was getting totally annoyed, so I straight up reimaged a machine and things are back to normal (however I'm not in a position to reimage our entire fleet for a while). So now I'm busy converting a lot of these managed prefs to config profiles or policies. And then I suppose another JSS update is in order.

In addition to the managed preferences you listed, one that was affecting me was com.apple.swipescrolldirection

What I've found is that any user-level managed preference, regardless of what it is - e.g.: Flip4Mac's version checker, "show hard drives on desktop" - causes the home directory to not mount. Even a single key. This occurs on 10.7.5, 10.8.4, 10.8.5 and 10.9.0 on Casper 9.2. At present I have all user-level managed preferences turned off in order to restore home directory mounting, as it's a higher priority to me. What I found is that adding any user-level managed pref also added some unwanted stuff to the loginwindow (not com.apple.loginwindow, just loginwindow) domain that seems to mess with homedir mounting.

Do an mcxquery and an mcxquery -user username with your user-level managed preferences on. Repeat with them off (add the computer into the Exclusions section). Then use "diff" (or equivalent comparison, e.g.: TextWrangler) to compare the results. You may find there's differences aside from the ones you expected.

Unfortunately, Configuration Profiles are currently also a bit buggy too: https://jamfnation.jamfsoftware.com/discussion.html?id=8442

I've logged it with JAMF, worked around it for now, and looking at the fix mount script.

Yeah -- see:

https://jamfnation.jamfsoftware.com/discussion.html?id=8914

and

https://jamfnation.jamfsoftware.com/discussion.html?id=8279

This has been a big issue since 9.X -- I had a script made a long while back to assist in working around this for now. https://gist.github.com/GSquared/6fcd0d0da615ba213647

It is filed under defect D-005615 from JAMF, they definitely know about it!

Does anyone know if this was fixed in the 9.24 update? I don't see it listed as a known issue but I don't see it listed as fixed either.

So this is still happening to me, but only when there are certain config profiles and/or policies applied. Problem is, I don't know which ones, it's completely weird. Btaitt, I read your post above that said your issue was due to a bad managed preference and then something regarding a config profile that was fixed in 9.21. I tested this just now and I am still experiencing the problem - no managed preferences are being applied to my machine. I do have a login window config profile but I don't think it's the culprit since I can get the homes to mount with that profile applied. I've tried making my test machine a member of a group that has 2 config profiles and 3 policies in scope - when it's a member of the group, I get the question mark. When it's outside the group (zero policies/config profiles in scope), the network home mounts fine. When I started applying each of those policies and config profiles individually - not just one at a time, but incrementally - it's fine too, which makes zero sense to me because they all add up to everything that was being applied when the computer was a member of the group.

Since my last post on this thread I've upgraded to Casper 9.24 and am using an OS X 10.9.2 base image.

This has worked fine for us since the 9.32 update.