Network home folder for macos Sierra (and before)

20 Mai 2017

Sommaire

History

OS X 10.7

NFS:

No need to complex configuration on server (Linux). Few complexity on OS X client to automaticly mount the disk. (require to use the OpenDirectory or local database. Solved by using NFS Manager software). Can be included into automount (auto_home) to ease auto mounting of NFS shares. On OS X clients, only few problem with reserved ports and speed that can be solved by using an appropriate configuration.

Most problems are coming from incompatibility of Extended attributes and character encoding (filenames are not encoded in the same way, and file Tagging is lost for example)

AFP:

Good support. Almost easy to configure on server part (Netatalk on Linux). Whereas still some application do not work (uncompressing a zip file with the context menu, for example).

SMB:

Not well supported by OS X 10.7 (not supported for Network home folders, but functionnal for direct mounts).

OS X 10.10 to 10.12 (Sierra)

NFS:

Works identically as with previous OS X version: Work properly with extended attributes & characters encoding limitations.

Note: NFS is not selectable in macOS server, whereas it appear to be very stable.

AFP:

Using AFP several problems occurred with different services (iCloud, Keychains, AddressBook…). Apparently this was because of Extended Attribute that was not fully compatible between HFS->AFP(netatalk)->Ext4. Probably using ZFS on Linux server with Netatalk could have resolve some of those problems.

Addressbook application do not display any address (and is working well when the home is set to a HFS filesystem).

Apple will stop any development on AFP and is now supporting SMB. So I try Samba to see if all of those problems will disappear.

SMB:

Same problems as AFP (maybe coming from the Linux Samba server, which behave differently to a MacOS server)

Linux server configuration

Note: It has to be mentionned that a macos server is running onto the Linux server with VirtualBox. This was because has of 10.8 OSX release, the OpenLDAP system implemented onto Linux server was not supported anymore by Apple Server tools. Seem that Apple tries to leave from LDAP (and Open Directory).

So the Linux server keeps NFS, Netatalk and SMB services.

NFS configuration

In /etc/exports

/home             *.local.lan(rw,no_root_squash,insecure,subtree_check)

Netatalk configuration

[Global]
dbus daemon = /usr/bin/dbus-daemon
ldap auth method = none
ldap auth dn     = cn=admin,dc=local,dc=lan
ldap server      = ldap.local.lan
ldap userbase    = cn=users,dc=local,dc=lan
ldap userscope   = base
ldap groupbase   = cn=groups,dc=local,dc=lan
ldap groupscope  = base
ldap uuid attr   = apple-generateduid
ldap name attr   = uid
ldap group attr  = cn
hostname = disk.local.lan
afp listen = 192.168.124.94
map acls = mode
mimic model = MacPro
log level = default:note
log file = /var/log/afpd.log
dsireadbuf = 14
max connections = 64
afp read locks = yes
dircachesize = 16384
vol preset = defval

[defval]
ea = samba

[Homes]
basedir regex = /home

[NetUsers]
path = /home
valid users = @users3 @users4

[Time Machine]
path = /home/users4/TimeMachine
time machine = yes
vol size limit = 1000000
valid users = @users3 @users4

Samba configuration

[global]
   workgroup = WORKGROUP
   dns proxy = no
    interfaces = eth2
    bind interfaces only = yes
   log level = 3
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 1
   panic action = /usr/share/samba/panic-action %d
   server role = standalone server
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   map to guest = bad user
    vfs objects = catia fruit streams_xattr recycle
;   fruit:locking = netatalk
    fruit:encoding = native
    streams_xattr:store_stream_type = no
    streams_xattr:prefix = user.
    recycle:repository = ___recycle___
    recycle:exclude = .DS_Store|._.DS_Store
    recycle:keeptree = yes
    ea support = Yes
    hide files = /.DS_Store/Network Trash Folder/TheFindByContentFolder/TheVolumeSettingsFolder/Temporary Items/.TemporaryItems/.VolumeIcon.icns/Icon?/.FBCIndex/.FBCLockFolder/
    read only = No

macOS Sierra (10.12) to macOS Mojave (10.14) client configuration

The trick is to use a local directory, where will be located the Library folder. Other folders will point to Samba (or NFS) mounts.

The problem is that Samba is not mounted early in the boot process, thus the background pictures are lost. Only a NFS mount is mounted early, so Pictures will be located there.

An idea would be to use an automount of the Samba mount, but Samba requires a specific user/password (whereas NFS and AFP doesnot).  It is problematic if several users uses the same Mac client (this could be resolved by using a logout script that unmount the particular user Samba share: do not work for simultaneous users).

Methodology

On macOS server in Profile Manager (or OpenDirectory via directory editor), set the User’s home to local directory (/Users/…). No networked home:

Create the associated user directory in /Users localy on the client disk, if it doesn’t exist already.

SMB mounts:

Add a startup item which is a SMB remote folder to the Users (System Preferences->Users & Groups->Startup Items…).

Create links in the local user directory:

ln -s /Volumes/<user>/Downloads

also for Documents, Movies, Downloads, … (but not for Library and Pictures)

NFS mounts

Directly on computer:

By default /etc/auto_home is filled with:

#
# Get /home records synthesized from user records
#
+/usr/libexec/od_user_homes

To create an auto_home mount system,  add at the end of  /etc/auto_home file:

* nfs.moreau37.lan:/home/&

Or use NFS Manager to create an automount home NFS: https://www.bresink.com/osx/NFSManager.html (not tried)

This way the /home directory will be automatically mounted when accessed.

Via Directory service (LDAP)

Notice that on macOS 10.14 the /etc/auto_home content is:

#
# Automounter map for /home
#
+auto_home # Use directory service
#
# Get /home records synthesized from user records
#
+/usr/libexec/od_user_homes

Apparently it would be possible to automatically add the nfs server address via directory service (OpenLDAP).

The solution is partly given here: https://www.admin-linux.fr/montage-de-home-distant-avec-autofs-et-nfs-sur-macos/

The correct LDAP values for /home is below:

dn: automountMapName=auto_home,cn=automountMap,dc=moreau37,dc=fr
automountmapname: auto_home
objectclass: automountMap
objectclass: top

dn: automountKey=*,automountMapName=auto_home,cn=automountMap,dc=moreau37,dc=fr
automountinformation: -fstype=nfs,rw,resvport nfs.moreau37.fr:/home/&
automountkey: *
objectclass: automount
objectclass: top
dn: automountMapName=auto_master,cn=automountMap,dc=moreau37,dc=fr
automountmapname: auto_master
objectclass: automountMap
objectclass: top

dn: automountKey=/home,automountMapName=auto_master,cn=automountMap,dc=moreau37,dc=fr
automountinformation: auto_home
automountkey: /home
objectclass: automount
objectclass: top

Next

Pictures should be linked to:

ln -s /home/<user>/Pictures

Also, for users with shared Unix systems: Link all .bash* files and so on files that can be used on both original Linux system and macOS.

OS X 10.15 (Catalina)

Still working.

Notice that /etc/auto_home file content is resetted at each reboot. But it is not a problem as the setting is coming from Directory (LDAP).