Network home folder for macos Sierra (and before)
20 Mai 2017
Sommaire
History
OS X 10.7
NFS:
No need to complex configuration on server (Linux). Few complexity on OS X client to automaticly mount the disk. (require to use the OpenDirectory or local database. Solved by using NFS Manager software). Can be included into automount (auto_home) to ease auto mounting of NFS shares. On OS X clients, only few problem with reserved ports and speed that can be solved by using an appropriate configuration.
Most problems are coming from incompatibility of Extended attributes and character encoding (filenames are not encoded in the same way, and file Tagging is lost for example)
AFP:
Good support. Almost easy to configure on server part (Netatalk on Linux). Whereas still some application do not work (uncompressing a zip file with the context menu, for example).
SMB:
Not well supported by OS X 10.7 (not supported for Network home folders, but functionnal for direct mounts).
OS X 10.10 to 10.12 (Sierra)
NFS:
Works identically as with previous OS X version: Work properly with extended attributes & characters encoding limitations.
Note: NFS is not selectable in macOS server, whereas it appear to be very stable.
AFP:
Using AFP several problems occurred with different services (iCloud, Keychains, AddressBook…). Apparently this was because of Extended Attribute that was not fully compatible between HFS->AFP(netatalk)->Ext4. Probably using ZFS on Linux server with Netatalk could have resolve some of those problems.
Addressbook application do not display any address (and is working well when the home is set to a HFS filesystem).
Apple will stop any development on AFP and is now supporting SMB. So I try Samba to see if all of those problems will disappear.
SMB:
Same problems as AFP (maybe coming from the Linux Samba server, which behave differently to a MacOS server)
Linux server configuration
Note: It has to be mentionned that a macos server is running onto the Linux server with VirtualBox. This was because has of 10.8 OSX release, the OpenLDAP system implemented onto Linux server was not supported anymore by Apple Server tools. Seem that Apple tries to leave from LDAP (and Open Directory).
So the Linux server keeps NFS, Netatalk and SMB services.
NFS configuration
In /etc/exports
/home *.local.lan(rw,no_root_squash,insecure,subtree_check)
Netatalk configuration
[Global] dbus daemon = /usr/bin/dbus-daemon ldap auth method = none ldap auth dn = cn=admin,dc=local,dc=lan ldap server = ldap.local.lan ldap userbase = cn=users,dc=local,dc=lan ldap userscope = base ldap groupbase = cn=groups,dc=local,dc=lan ldap groupscope = base ldap uuid attr = apple-generateduid ldap name attr = uid ldap group attr = cn hostname = disk.local.lan afp listen = 192.168.124.94 map acls = mode mimic model = MacPro log level = default:note log file = /var/log/afpd.log dsireadbuf = 14 max connections = 64 afp read locks = yes dircachesize = 16384 vol preset = defval [defval] ea = samba [Homes] basedir regex = /home [NetUsers] path = /home valid users = @users3 @users4 [Time Machine] path = /home/users4/TimeMachine time machine = yes vol size limit = 1000000 valid users = @users3 @users4
Samba configuration
[global] workgroup = WORKGROUP dns proxy = no interfaces = eth2 bind interfaces only = yes log level = 3 log file = /var/log/samba/log.%m max log size = 1000 syslog = 1 panic action = /usr/share/samba/panic-action %d server role = standalone server passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user vfs objects = catia fruit streams_xattr recycle ; fruit:locking = netatalk fruit:encoding = native streams_xattr:store_stream_type = no streams_xattr:prefix = user. recycle:repository = ___recycle___ recycle:exclude = .DS_Store|._.DS_Store recycle:keeptree = yes ea support = Yes hide files = /.DS_Store/Network Trash Folder/TheFindByContentFolder/TheVolumeSettingsFolder/Temporary Items/.TemporaryItems/.VolumeIcon.icns/Icon?/.FBCIndex/.FBCLockFolder/ read only = No
macOS Sierra (10.12) to macOS Mojave (10.14) client configuration
The trick is to use a local directory, where will be located the Library folder. Other folders will point to Samba (or NFS) mounts.
The problem is that Samba is not mounted early in the boot process, thus the background pictures are lost. Only a NFS mount is mounted early, so Pictures will be located there.
An idea would be to use an automount of the Samba mount, but Samba requires a specific user/password (whereas NFS and AFP doesnot). It is problematic if several users uses the same Mac client (this could be resolved by using a logout script that unmount the particular user Samba share: do not work for simultaneous users).
Methodology
On macOS server in Profile Manager (or OpenDirectory via directory editor), set the User’s home to local directory (/Users/…). No networked home:
Create the associated user directory in /Users localy on the client disk, if it doesn’t exist already.
SMB mounts:
Add a startup item which is a SMB remote folder to the Users (System Preferences->Users & Groups->Startup Items…).
Create links in the local user directory:
ln -s /Volumes/<user>/Downloads
also for Documents, Movies, Downloads, … (but not for Library and Pictures)
NFS mounts
Directly on computer:
By default /etc/auto_home is filled with:
# # Get /home records synthesized from user records # +/usr/libexec/od_user_homes
To create an auto_home mount system, add at the end of /etc/auto_home file:
* nfs.moreau37.lan:/home/&
Or use NFS Manager to create an automount home NFS: https://www.bresink.com/osx/NFSManager.html (not tried)
This way the /home directory will be automatically mounted when accessed.
Via Directory service (LDAP)
Notice that on macOS 10.14 the /etc/auto_home content is:
# # Automounter map for /home # +auto_home # Use directory service # # Get /home records synthesized from user records # +/usr/libexec/od_user_homes
Apparently it would be possible to automatically add the nfs server address via directory service (OpenLDAP).
The solution is partly given here: https://www.admin-linux.fr/montage-de-home-distant-avec-autofs-et-nfs-sur-macos/
The correct LDAP values for /home is below:
dn: automountMapName=auto_home,cn=automountMap,dc=moreau37,dc=fr automountmapname: auto_home objectclass: automountMap objectclass: top dn: automountKey=*,automountMapName=auto_home,cn=automountMap,dc=moreau37,dc=fr automountinformation: -fstype=nfs,rw,resvport nfs.moreau37.fr:/home/& automountkey: * objectclass: automount objectclass: top
dn: automountMapName=auto_master,cn=automountMap,dc=moreau37,dc=fr automountmapname: auto_master objectclass: automountMap objectclass: top dn: automountKey=/home,automountMapName=auto_master,cn=automountMap,dc=moreau37,dc=fr automountinformation: auto_home automountkey: /home objectclass: automount objectclass: top
Next
Pictures should be linked to:
ln -s /home/<user>/Pictures
Also, for users with shared Unix systems: Link all .bash* files and so on files that can be used on both original Linux system and macOS.
OS X 10.15 (Catalina)
Still working.
Notice that /etc/auto_home file content is resetted at each reboot. But it is not a problem as the setting is coming from Directory (LDAP).