SO.....How would you set up a Mac Lab with an AD server???? We are having lots of issues and questions....

steventhemacman
New Contributor III

I know this is a bit off topic, but I have two jobs, and one is at a small school at night being their mac admin. They recently decided to ditch the Mac servers because they thought they were causing all of the issues we have been experiencing. After spending thousands and thousands of $$ switching to AD (two new Dell servers, etc) and having the exact same issues, we found it was a bad WAC that was doing most of issues. So we blew away the Mac servers for no reason in the end. (not my decision, somebody just wanted them gone I think)

Anyways, so how would you set up a Mac Lab? We have them authenticate to AD, and the homes are there on the MS server as well. We resurrected one Mac server for Profile Manager and have that set up properly and working. Our problems our how to replicate the environment as much as possible that we had before. I used to have network homes with folder redirections to local storage for the Movies, Music and Pictures folders (kids had assigned seats so it worked great). So except for large media projects everything followed them around. Trying to get this to work in AD is a mystery. Also, mounting AD shares in the dock is another thing. Also, the AD setting on each Mac, what is the best setting?UNC path, local account creation, etc. SO many questions, I can't list them all.

Just looking for advice and opinions. The company we (not me, new tech boss) hired said they could do mac AD integration but are failing miserably and seem confused every time they are here.

So how would you do it? BTW, this is one lab for k-5 and one lab for 7th and 8th grade. All labs are 10.8 and a few 10.9 for fun.

Thanks!

6 REPLIES 6

mperez_hrbi
New Contributor

Hi there.

We have had some problems with AD and our Macs overall. Before going on a tangent all together I'd like to say that we've had tremendous problems with reliable AD shares (network directories both "personal drives" and our company "shared drive". Most of the problems arose with timeouts and being unable to determine an "elegant" way to auto mount our network directories.

Admittedly, I'm not overly versed with all the technicalities of why this fails but we too were promised better AD integration and have only been able to get mobility accounts configured to integrate into AD - no network home folders to reduce layers of complexity and potential points of failure as we have multiple sites. Granted your internal network is fine and you're connected via ethernet, I'm sure you could configure a script to auto mount the directory/ies and deploy via casper - I found this online for adding the directory to the dock http://www.klauskorner.com/mac-advisor/tips_and_hints/network/shared_device_dock/.

Not sure that I answered much for you but i'll continue to read through your question slowly and see if there's any experiences/info I can lend.

best,
mp

alexjdale
Valued Contributor III

Yeah, we basically don't support auto-mounting network drives in our environment. If a user's AD account is set up in certain ways where the mount fails, users can't even log in at all. I don't blame that on Active Directory necessarily, rather Apple not putting much effort into their plugin to support it.

rhysforrester
New Contributor

Auto mounting of AD network drives have been failing in our environment for the last two previous versions of OS X. We've temporarily gotten around this by running an AppleScript at login

tell application "Finder" mount volume "smb://server/share"

A valid kerberos ticket is present, so it just maps without the need to prompt the user for a username:password. We're still investigating the cause, which I believe to be AD related, as there's no SMBHome or other NetworkHome key showing when doing a dscl lookup.

cashxx
New Contributor

Been working fine here, I have a /Library/LaunchAgent I think and it runs a script in /sbin that mounts the users share on login and goes by what is set in the Users Active Directory Account script field. So graphic.cmd will mount certain shares while cadstud.cmd will mount another set of shares. Note you may not want to turn off streams, they are on by default so you may want to remove that option. Here is my script:

currentuser=$USER

LogonScript=dscl "/Active Directory/YOURDOMAIN/All Domains" -read "/Users/$currentuser" scriptPath
ScriptName=echo $LogonScript | grep -i -o -e 'w+.cmd' | tr '[A-Z]' '[a-z]'

/bin/ls /Volumes > /tmp/VolListTmp.txt
/bin/sleep 2
strfile=/tmp/VolListTmp.txt
for strline in `/bin/cat $strfile` do strfldr=${strline%,} if [[ "$strfldr" != "Macintosh HD" && "$strfldr" != "Temporary_Storage" ]]; then umount -f $strfldr rm $strfldr echo Logging in.... fi done
/bin/rm -rf $strfile

if [[ "$currentuser" != "admin" && "$currentuser" != "root" ]]; then case $ScriptName in graphic.cmd) mkdir -p "/Volumes/UDrive" mount_smbfs -o nostreams,nonotification //SERVERFQDN/students/Multimedia/$currentuser "/Volumes/UDrive" mkdir -p "/Volumes/ClassFiles" mount_smbfs -o nostreams,nonotification //SERVERFQDN/ClassFiles "/Volumes/ClassFiles" mkdir -p "/Volumes/ResourceServer" mount_smbfs -o nostreams,nonotification //SERVERFQDN/ResourceSvr/Fonts "/Volumes/ResourceServer" mkdir -p "/Volumes/ColorPrint" mount_smbfs -o nostreams,nonotification //SERVERFQDN/ColorPrint/Files_To_Be_Printed "/Volumes/ColorPrint" ;; cadstud.cmd) mkdir -p "/Volumes/UDrive" mount_smbfs -o nostreams,nonotification //SERVERFQDN/students/CADStudents/$currentuser "/Volumes/UDrive" mkdir -p "/Volumes/ClassFiles" mount_smbfs -o nostreams,nonotification //SERVERFQDN/ClassFiles "/Volumes/ClassFiles" ;; travstud.cmd) mkdir -p "/Volumes/UDrive" mount_smbfs -o nostreams,nonotification //SERVERFQDN/students/Travel/$currentuser "/Volumes/UDrive" mkdir -p "/Volumes/ClassFiles" mount_smbfs -o nostreams,nonotification //SERVERFQDN/ClassFiles "/Volumes/ClassFiles" ;; compstud.cmd) mkdir -p "/Volumes/UDrive" mount_smbfs -o nostreams,nonotification //SERVERFQDN/students/Computer/$currentuser "/Volumes/UDrive" mkdir -p "/Volumes/ClassFiles" mount_smbfs -o nostreams,nonotification //SERVERFQDN/ClassFiles "/Volumes/ClassFiles" ;; travstud.cmd) mkdir -p "/Volumes/UDrive" mount_smbfs -o nostreams,nonotification //SERVERFQDN/students/Travel/$currentuser "/Volumes/UDrive" mkdir -p "/Volumes/ClassFiles" mount_smbfs -o nostreams,nonotification //SERVERFQDN/ClassFiles "/Volumes/ClassFiles" ;; compstud.cmd) mkdir -p "/Volumes/UDrive" mount_smbfs -o nostreams,nonotification //SERVERFQDN/students/Computer/$currentuser "/Volumes/UDrive" mkdir -p "/Volumes/ClassFiles" mount_smbfs -o nostreams,nonotification //SERVERFQDN/ClassFiles "/Volumes/ClassFiles" ;; bastud.cmd) mkdir -p "/Volumes/UDrive" mount_smbfs -o nostreams,nonotification //SERVERFQDN/students/Business/$currentuser "/Volumes/UDrive" mkdir -p "/Volumes/ClassFiles" mount_smbfs -o nostreams,nonotification //SERVERFQDN/ClassFiles "/Volumes/ClassFiles" ;; medstud.cmd) mkdir -p "/Volumes/UDrive" mount_smbfs -o nostreams,nonotification //SERVERFQDN/students/Medical/$currentuser "/Volumes/UDrive" mkdir -p "/Volumes/ClassFiles" mount_smbfs -o nostreams,nonotification //SERVERFQDN/ClassFiles "/Volumes/ClassFiles" ;; elec.cmd) mkdir -p "/Volumes/UDrive" mount_smbfs -o nostreams,nonotification //SERVERFQDN/students/Electronics/$currentuser "/Volumes/UDrive" mkdir -p "/Volumes/ClassFiles" mount_smbfs -o nostreams,nonotification //SERVERFQDN/ClassFiles "/Volumes/ClassFiles" ;; masterstaff.cmd) mkdir -p "/Volumes/UDrive" mount_smbfs -o nostreams,nonotification //SERVERFQDN/Drives/$currentuser "/Volumes/UDrive" mkdir -p "/Volumes/StaffFaculty" mount_smbfs -o nostreams,nonotification //SERVERFQDN/StaffFaculty "/Volumes/StaffFaculty" mkdir -p "/Volumes/Schedules" mount_smbfs -o nostreams,nonotification //SERVERFQDN/Schedules "/Volumes/Schedules" ;; masterfac.cmd) mkdir -p "/Volumes/UDrive" mount_smbfs -o nostreams,nonotification //SERVERFQDN/Drives/$currentuser "/Volumes/UDrive" mkdir -p "/Volumes/Schedules" mount_smbfs -o nostreams,nonotification //SERVERFQDN/Schedules "/Volumes/Schedules" mkdir -p "/Volumes/Students" mount_smbfs -o nostreams,nonotification //SERVERFQDN/students "/Volumes/Students" mkdir -p "/Volumes/FacShare" mount_smbfs -o nostreams,nonotification //SERVERFQDN/FacShare "/Volumes/FacShare" mkdir -p "/Volumes/StaffFaculty" mount_smbfs -o nostreams,nonotification //SERVERFQDN/Schedules "/Volumes/StaffFaculty" mkdir -p "/Volumes/ClassFiles" mount_smbfs -o nostreams,nonotification //SERVERFQDN/ClassFiles "/Volumes/ClassFiles" mkdir -p "/Volumes/ResourceServer" mount_smbfs -o nostreams,nonotification //SERVERFQDN/ResourceSvr/Fonts "/Volumes/ResourceServer" mkdir -p "/Volumes/ColorPrint" mount_smbfs -o nostreams,nonotification //SERVERFQDN/ColorPrint/Files_To_Be_Printed "/Volumes/ColorPrint" ;; esac
fi

exit 0

tvreeland
New Contributor

Steven,

I know this is an old thread but I hope you're still watching it.

I'm curious about how you went about the redirect of the Movie and other directories? Did you script it, or did you do static link in the user's AD profile directory, or ?? I've inherited a Mac lab and the video and large image files have been an issue. They are currently stored in the profile on the AD share, which is HORRIBLE for obvious performance issues. I'd love to know how you handled it before I go about trying to replicate what you did.

Thanks!

rcorbin
Contributor II

@tvreeland I'd also be interested in hearing the answer from @steventhemacman But I guess this thread is pretty old.

I have a thread posted on a similar topic at :

https://www.jamf.com/jamf-nation/discussions/20258/mac-labs-student-file-storage-mobile-vs-network-accounts-etc