Creating Active Directory Users from Workgroup Manager

[babaton]

Hi,

I'm trying to setup our xserve so our clients will authenticate against AD but have their prefs managed by OSX Server.
So far I've got the clients logging on ok,group folders mount nicely and I can see AD users and groups from workgroup manager.

But when I try to add a home directory for an AD user i get -
'Got unexpected error Error of type -14140 on line 1127 of PMMUGMainView.mm'

I get the same if I try to create a new active directory user so it looks like workgroup manager is having problems writing to the active directory.

Has anyone seen and resolved this?

[Go3iverson]

WGM's connection to AD is stricly read only. Even if your authenticated to AD, with an account that has R/W access, you will not be able to update your AD from WGM, unless you extend the schema of the AD to include the OS X specifc attributes. I highly do not suggest modifying your schema. You have the OS X Server so you won't have to!

Why do you need to add the home directory in WGM for your AD? Just go into the properties of the user account in the AD and set the home folder share directly in there. Just specify it as you would any other share.

[babaton]

thanks, that works nicely but with one problem.

It doesn't move the "home" to the network, just mounts the empty directory.Which is actually fine but at the same time AD users are locked out of half the local home on their desktop macs.

I can reassign permissions but its a pain in the arse.

To be honest i'd rather the home directory was kept locally.we don't want all those music,pictures and movies folders all over the server.they'd fill up pretty quick with crap.

So what i'm after is a way to mount shared volumes at startup and leave the local home as it is.

I've tried adding users to multiple OD groups but OSX only seems to want to mount one group share at a time.

Have I missed something simple or is there a way to run some sort of login script?

[Go3iverson]

That's odd. By default, the AD plugin is set up to force creation of a local home for all users, unless it was changed.

use

dsconfigad -localhome enable

in the terminal to force local home creation on login. Also, at any point in time were you trying to use network homes? I've seen that get kinda sticky every now and again when trying to move back.

[babaton]

I've got it working now, I had been using network homes so that may have had something to do with it.

Also my DNS wasn't setup correctly so I had problems with the KDC and the password server.

It seems DNS is the most important thing to get right when you're setting up an OD server.

In anycase, the AD users now have their network folder mounted (from the AD profiles tab)and they have full access to their local home.

Thanks.

[Go3iverson]

OH yeah!

DNS is a very big deal with directory services! In older versions of OS X Panther, I think previous to 10.3.5, the AD plugin was exceptionally reliant on proper forward and reverse DNS entries. Apple's made the plugin more versatile, but best pratices are best practices.

OD won't run properly without proper DNS. It's suggested that you have your DNS up and running before creating your OD server, though that makes things a little tricky if your OD server is also going to be your DNS server.

I thought I detected a hint of network homes by what you described!

[babaton]

thanks very much Go3iversion, things are starting to come together now.

Cheers!

[Go3iverson]

No problem!

We've all gone through the trials and tribulations of directory service integration, so I try to make sure no one has to go through as much pain as I did, when I started on it!