Parallels Desktop 8 for Mac is lets you seamlessly run Windows and Mac applications side-by-side

Login | Register

Post new topic Reply to topic  [ 12 posts ] 

Thu Jun 03, 2010 4:10 pm

Offline
Joined: Tue May 25, 2010 7:11 pm
Posts: 2

I recently had a problem with an iMac (21.5-inch, Late 2009), running
10.6.3 fully updated and bound to AD.

The fans would come on full blast and not stop until the machine was
shut down or restarted. After troubleshooting the problem to no
avail, I decided to image the disk and start over.

I re-installed OS X 10.6 and fully updated the machine. I then bound
the machine to AD. Then I migrated the accounts from the old system
image. The fan issue has not come back since.

The problem is that I can't seem to get the user's network home folder
to come back to the dock. I have tried everything I know of including
unbinding and rebinding the computer, changing settings for "force
local user home folder" etc.
I have a feeling that a simple plist file controls the automount and
dock folder icon, but I can't find any information to lead me in the
right direction.

The AD setup we use has network home folders for every user, and,
normally, SL automatically mounts the drive and inserts the user's
network home folder onto the right side of the dock, near the
applications, documents, and downloads folders.

Could someone please help?



Top Top
  Profile

Fri Jun 04, 2010 9:45 am

Offline
Joined: Fri Jun 04, 2010 8:54 am
Posts: 1

Have you made sure the path to the user's network home is fully qualified in AD? Also, try reapplying the permissions to the user's network home, ensuring they have full rights. We have issues with these permissions reverting to where the user doesn't have enough rights.



Top Top
  Profile

Wed Jun 23, 2010 7:25 am

Offline
Joined: Wed Jun 23, 2010 7:15 am
Posts: 1

I seem to have the same issue related to the network home folder.
I have an AD - OD integration.
I would like to have a single sign-on, for this I need to bind the mac client to AD using AFP. However when doing this, it doesn't even allow my client to log on just tells me an error occured. Deleting the home folder path from the users profile on AD seems to resolve this problem and let the user login.

However if I bind the client using SMB, the home drive specified in the AD user profiles mounts fine but the users need to re-enter his/her password when mounting any afp drives after that.

I currently on OS 10.6.3, in the process of updating to 10.6.4 and see if that might solve the problem.
-g



Top Top
  Profile

Wed Jul 28, 2010 8:14 am

Offline
Joined: Thu Jun 24, 2010 6:51 am
Posts: 2

Is the icon missing completely, or is it showing up as a question mark labeled, "[username]'s network home"?

If it's a question mark, I found a possible solution. It seems Windows doesn't care about the permissions in the root of whatever your home folder share is, but Snow Leopard does. SL needs to see the folders inside your root home folder share. For instance if it's:

\\servername\home$

...then MacOS needs at least "list folder contents" permissions. Grant this permission to the "Authenticated Users" special group. Don't grant it to "Everyone" because "Everyone" is everyone, even unauthenticated users.

Where I've seen this problem they further break home folders down by department such as:

\\servername\home$\marketing\%username%

In this case, granting "list folder contents" to the beginning (home$) and then again to the departmental folder (marketing) was enough.

I uncovered this when I realized the IT department could have their home folders appear in the dock but not any other department. IT has Create Folders access to the root of the share and beyond. MacOS did create a ".TemporaryItems" folder in the root of the share when we in IT would log on, and only IT owned the resulting folder. First I granted Modify to Authenticated Users to see if that helped, which it didn't, then I added the List Folder Contents to the root. When that worked, I took away .TemporaryItems and it still worked.

Also, in general I don't set permissions on the network shares themselves, instead setting them on the file systems. I have all shares have "Everyone, Full Control," but the NTFS permissions underneath will dictate who really gets access to what. This simplifies administering networks shares considerably, while granting you finer control over permissions.



Top Top
  Profile

Wed Feb 02, 2011 1:12 pm

Offline
Joined: Wed Feb 02, 2011 1:03 pm
Posts: 1

gordonf wrote:

...then MacOS needs at least "list folder contents" permissions. Grant this permission to the "Authenticated Users" special group. Don't grant it to "Everyone" because "Everyone" is everyone, even unauthenticated users.

Where I've seen this problem they further break home folders down by department such as:

\\servername\home$\marketing\%username%

In this case, granting "list folder contents" to the beginning (home$) and then again to the departmental folder (marketing) was enough.


Setting the NTFS folder security permission for Authenticated Users to the Allow "List Folder Contents" worked. So long as your UNC paths are set correctly.

Thanks



Top Top
  Profile

Thu Jan 12, 2012 8:32 pm

Offline
Joined: Thu Jan 12, 2012 8:22 pm
Posts: 2

Hi Guys,

I know that this thread was from about a year ago, but has anyone tried this with 10.7.x?

We've tested this with 10.7.2 and have found that the home folder cannot be more than one subfolder deep, no matter what the permissions are.

ie.
\\server\share$\homefolder works as expected
\\server\share$\department\homefolder does not work and leaves the Dock icon as a question mark.

We've even tested this with the user having Full Control all the way through the structure.

We've also tested this by shorting the path and setting the home folder to:
\\server\share$\1\1

This also takes care of case sensitivity of folders, which I've read can also be an issue.

We're about to log a support call with Apple, so will report back on our findings.

Cheers,
Jeremy.



Top Top
  Profile

Mon Jan 30, 2012 2:01 pm

Offline
Site Admin
Joined: Wed May 12, 2010 7:45 pm
Posts: 179

jeremyts wrote:
We've tested this with 10.7.2 and have found that the home folder cannot be more than one subfolder deep, no matter what the permissions are.


Is it possible that you are using ACLs and are propagating permissions in a way that is not evident? ACL propagation can have some unexpected consequences if you're using really granular settings.

Just a thought.



Top Top
  Profile

Wed Feb 01, 2012 4:28 pm

Offline
Joined: Thu Jan 12, 2012 8:22 pm
Posts: 2

With help from Apple Support we proved that it's a 10.7.x issue, but fixed with the 10.7.3 update, which is now publicly available: http://support.apple.com/kb/HT5048

We're hoping to roll this out across the fleet ASAP.

Cheers,
Jeremy.



Top Top
  Profile

Sun May 27, 2012 8:42 pm

Offline
Joined: Sun May 27, 2012 8:38 pm
Posts: 2

Allow this authorization to the "Authenticated Users" unique team.



Top Top
  Profile

Fri Aug 09, 2013 1:13 am

Offline
Joined: Thu Aug 08, 2013 8:21 pm
Posts: 2
Location: www.audvdmart.com

If I bind the client using SMB, the home drive specified in the AD user profiles mounts fine but the users need to re-enter his/her password when mounting any afp drives after that.

_________________
Each man is the architect of his own fate.http://www.audvdmart.com/



Top Top
  Profile WWW
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 12 posts ] 

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: DrMichael and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum


Search for:
Jump to:  
cron

OS X Mountain Lion Server for Dummies
By John Rizzo

Simplifies the installation, configuration, and management of Apple's OS X Server software. Support Mac and Windows clients for file sharing, email, and directory services; Install software to your iOS devices and Macs. Incorporate a Mac subnet into a Windows Active Directory domain, manage Mac and Windows clients, and configure security options, and more. Click here for more.

Serving the cross-platform community since November 15, 1997. Copyright 2010-2013 John Rizzo. All rights reserved.
Powered by phpBB