Specifying the Macintosh user’s home directory location

If you configure NFS, SMB, or AFP network file sharing for your Mac OS X computers, you can automatically mount and log on to file shares using Active Directory credentials.

To enable Mac OS X users to log on to file shares when the network is configured with NFS, SMB, or AFP network sharing:

  1. Open Active Directory Users and Computers or the Access Manager console.
  2. Select the user account for which you want to enable automounting, right-click, then click Properties.
  3. Click the Centrify Profile tab and set the Home directory path to use one of the following formats:
    • /Users/user_login_name to set the user’s home directory to the default home directory location for all user home directories on Mac OS X computers.
    • /SMB/server_name/share[/path] to automount a file share on the SMB server_name you specify. Be certain to use the fully-qualified domain name for server_name, or the IP address. The short name does not work. For example:
      /SMB/myHost.acme.com/Users/isuzuki

    • /SMB/unix_username/server_name/share[/path] to automount a file share when you are using Fast User Switching on the SMB server_name you specify. Be certain to use the fully-qualified domain name for server_name, or the IP address. The short name does not work. For example:
      /SMB/isuzuki/myHost.acme.com/Users/isuzuki

    • /AFP/server_name/share[/path] to automount a file share on the Apple server_name you specify.

    • /AFP/unix_username/server_name/share[/path] to automount a file share when you are using Fast User Switching on the Apple server_name you specify.

    In specifying the remote SMB or AFP file share, you must use the uppercase letters SMB or AFP at the beginning of the path. If you use lowercase letters (smb or afp), automounting fails.

    Note:   If you plan to use Fast User Switching to switch between Active Directory users on the same computer, you should use the /SMB/unix_username/server_name/share[/path] or /AFP/unix_username/server_name/share[/path] format to specify the user’s home directory to prevent conflicts between users logging on using the same share. If you want to automount a share on an Apple file server using the Apple File Protocol (AFP), however, you must use Centrify 3.0.1 or later.

  4. In Step 3, if you specified a network directory, make certain that the Active Directory user logon name (pre-Windows 2000), also known as the samAccountName, matches the Mac login name (UNIX name). Otherwise, the login is not guaranteed to work on all Mac systems.

    The name must be 8 characters or less because the UNIX name is automatically truncated to 8 characters and won’t match if the Active Directory name is longer.

    The Active Directory name is defined in the Accounts tab. For example, if you open the Properties page for a user and select Account:

    Select the Centrify Profile tab to see the UNIX name:

  5. For the shared directory you specified in Step 3 (for example, Users), set ‘full’ permissions for authenticated users. See the next section, Setting shared directory permissions, for details on how to do this.

  6. Verify that the computer on which the shared directory resides is configured on the DNS server with forward and reverse lookup zones by running the following commands in a terminal window:

    nslookup computerName.domainName

    for example:

    nslookup QA1.acme.com
    
    
    
    Server: acme.com
    
    Address: 192.168.1.139
    
    
    
    Name: QA1.acme.com
    
    Address: 192.168.1.139
    
    

     

    nslookup ipAddress

    for example:

    nslookup 192.168.1.139
    
    
    
    Server: acme.com
    
    Address: 192.168.1.139
    
    
    
    Name: QA1.acme.com
    
    Address: 192.168.1.139
    
    

    If you get an error message such as

    Can’t find server name for address 192.168.1.139

    it means a reverse lookup zone is not configured for the specified server. To configure DNS forward and reverse lookup zones, see the Microsoft Support Article 816518.