SMB “home drive” mounts not being auto-mounted at ldap login, Mounts setup in User-group profiles

automountldaposx-serverserver.appsmb

In Profile Manager to mount the default home drives set for the User in Server.app, you mark a checkbox "Add Network Home," but then. Does anyone know which plist in the system, etc, that is actually referencing? because it does not work for me, and home drives do not auto-mount.

When you click "add network home" it adds text like {{{home drive}}} into the list of mount points (it looks exactly like that, but with less than and greater than signs instead of curved-brackets).

This specific question is regarding a small network where upon login, users get several mount points authenticated, and one not authenticated (they were originally set up using .mobilconfig files generated in profile manager, and previously in Workgroup Manager).

I've limited this question now to focus on the "home drives," because I believe so far, that overlapping device & user-group profiles were causing some of these problems, but I've removed these, and now, the OSX User/Networked home drives still do not auto-mount.

As a nice reference for the 2 steps involved in setting this up, see the question and answer on this Server Fault forums post. I should also add that mounting doesn't seem consitant at all, and sometimes other mount points don't come up, but this seems to related possibly to other factors.

Users login, most of the time they get these SMB shares, which via the config profiles are allowed to show up on the desktop (Finder settings), as well as get auto-mounted in Users & Groups. The problem is that they just don't show up sometimes! The Server logs are fairly clean, dnslookup is fine, the Server names all match the fqdn so the usual LDAP-related issues are in check.

OSX server is running on a Mac Mini running Yosemite with Server v. 5.0.1 (the same problem existed on server 4 as well), with the clients mostly on El Capitain, although I've seen this also in a mixed enviornment. This occurs in only about 20% of User accounts, with no pattern in the directory service information that I can see.

Best Answer

I'm beginning to form my own answers on this, but the full understanding will take a lot of research and log review, so please edit, post other answers, and/or comments here!

In an older guide for OSX Server, I've read these comments, but surely rather than being required to allow guest access to those shares, a local account on the Server can mount them, or maybe that information is from before the authenticated-mounting made its way to OSX:

Be sure to enable guest access both for the share point and for the protocol under which it is shared.

Note: Automounted share points are available to clients only when their computers start up.

One element of this problem can be explained by reading over the Open LDAP documentation, which Apple's Open Directory is based on. I have seen from time to time, at least once of the messages they describe, in the Open Directory logs.

Deep within OSX there may be inconsistencies of BerkleyDB versions, which for the simple-end-user in a perfect world could be resolved between the ideal combination of versions of OSX on the client, OSX (on the server), and Server.app or other changeable componts, also on the server.

from the link:

C.2.9. ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

Using SASL, when a client contacts LDAP server, the slapd service dies immediately and client gets an error :
 SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) Then check the slapd service, it stopped.
This may come from incompatible of using different versions of BerkeleyDB for installing of SASL and installing of OpenLDAP. The problem arises in case of using multiple version of BerkeleyDB. Solution: - Check which version of BerkeleyDB when install Cyrus SASL.

Reinstall OpenLDAP with the version of BerkeleyDB above. http://www.openldap.org/doc/admin24/appendix-common-errors.html

Related Solutions

Lion Server: Is Mobility in Workgroup Manager related to Profile Manager in the Server.app

Mobility in Workgroup Manager and Mobility in Profile Manager are tools to do the same job. If you have used previous versions of Mac OSX Server Workgroup Manager is familiar but is now deprecated. Profile Manager should do all that is required to set up a network account that is accessible on a laptop out of the network office. What I have found is that using both tools at once on a single device/account is, as you might expect, not helpful in identifying and setting good syncing rules. My experience is limited to small networks (<10 devices) and this information comes as a result of my test server experience, as I have yet to upgrade any production servers.

MacOS – Profile Manager Configuration Profiles Stored on OS X

The profiles appear to be stored in

/private/var/db/ConfigurationProfiles/Store/ConfigProfiles.binary

I'd not recommend tampering with it, though.

To see what profiles are installed, and then remove one, assuming you can sudo to the user, you could try:

root$ sudo -u chymb profiles -L
chymb[1] attribute: profileIdentifier: com.stackexchange.apple.test
There are 1 user configuration profiles installed for 'chymb'
root$ sudo -u chymb profiles -R -p com.stackexchange.apple.test

Best Answer

Related Solutions

Lion Server: Is Mobility in Workgroup Manager related to Profile Manager in the Server.app

MacOS – Profile Manager Configuration Profiles Stored on OS X

Related Question