If you configure NFS, SMB, or AFP network file sharing for your Mac OS X computers, you can automatically mount and log on to file shares using Active Directory credentials.
To enable Mac OS X users to log on to file shares when the network is configured with NFS, SMB, or AFP network sharing:
- Open Active Directory Users and Computers or the Access Manager console.
- Select the user account for which you want to enable automounting, right-click, then click Properties.
- Click the Centrify Profile tab and set the Home directory path to use one of the following formats:
/Users/user_login_nameto set the user’s home directory to the default home directory location for all user home directories on Mac OS X computers./SMB/server_name/share[/path]to automount a file share on the SMBserver_nameyou specify. Be certain to use the fully-qualified domain name forserver_name, or the IP address. The short name does not work. For example:/SMB/myHost.acme.com/Users/isuzuki/SMB/unix_username/server_name/share[/path]to automount a file share when you are using Fast User Switching on the SMBserver_nameyou specify. Be certain to use the fully-qualified domain name forserver_name, or the IP address. The short name does not work. For example:/SMB/isuzuki/myHost.acme.com/Users/isuzuki/AFP/server_name/share[/path]to automount a file share on the Appleserver_nameyou specify./AFP/unix_username/server_name/share[/path]to automount a file share when you are using Fast User Switching on the Appleserver_nameyou specify.
In specifying the remote SMB or AFP file share, you must use the uppercase letters
SMBorAFPat the beginning of the path. If you use lowercase letters (smborafp), automounting fails.Note: If you plan to use Fast User Switching to switch between Active Directory users on the same computer, you should use the
/SMB/unix_username/server_name/share[/path]or/AFP/unix_username/server_name/share[/path]format to specify the user’s home directory to prevent conflicts between users logging on using the same share. If you want to automount a share on an Apple file server using the Apple File Protocol (AFP), however, you must use Centrify 3.0.1 or later. -
In Step 3, if you specified a network directory, make certain that the Active Directory user logon name (pre-Windows 2000), also known as the
samAccountName, matches the Mac login name (UNIX name). Otherwise, the login is not guaranteed to work on all Mac systems.The name must be 8 characters or less because the UNIX name is automatically truncated to 8 characters and won’t match if the Active Directory name is longer.
The Active Directory name is defined in the Accounts tab. For example, if you open the Properties page for a user and select Account:
Select the Centrify Profile tab to see the UNIX name:
-
For the shared directory you specified in Step 3 (for example,
Users), set ‘full’ permissions for authenticated users. See the next section, Setting shared directory permissions, for details on how to do this. -
Verify that the computer on which the shared directory resides is configured on the DNS server with forward and reverse lookup zones by running the following commands in a terminal window:
nslookup computerName.domainName
for example:
nslookup QA1.acme.com Server: acme.com Address: 192.168.1.139 Name: QA1.acme.com Address: 192.168.1.139
nslookup ipAddress
for example:
nslookup 192.168.1.139 Server: acme.com Address: 192.168.1.139 Name: QA1.acme.com Address: 192.168.1.139
If you get an error message such as
Can’t find server name for address 192.168.1.139
it means a reverse lookup zone is not configured for the specified server. To configure DNS forward and reverse lookup zones, see the Microsoft Support Article 816518.
Doc Feedback