Setting up local homes on Active Directory-bound Apple servers.
I had an interesting issue crop up recently, where I was setting up three Mac XServes for a group of developers coming over from the Linux side. These servers were being bound to Active Directory, which has a number of nice advantages for me in terms of management, especially in the realm of password management, but there was one issue that needed taken care of.
On Unix (like Linux and OS X), when you get an account, your account is set up with an associated home folder. You don’t generally have an account on a server where you don’t have a home, or where your account’s home folder is located on another server (and possibly another platform as well.) With Active Directory though, that’s perfectly possible. This is usually pretty easy to resolve on the desktop and laptop side, where you configure the AD plug-in to either force a local home or set up a mobile home when you log in at OS X’s GUI Login Window. On a server, it’s not so easy because users generally are not standing in front of the server and logging in via the OS X Login Window; they’re accessing it via SSH or another method of remote access. So how do you set them up with a local home?
Log into the server as an admin then run the following commands:
sudo ./MCXCacher -U <user shortname>
sudo createhomedir -c -u <user shortname>
Easy as that. Running those commands will first tell the MCXCacher program to create a mobile user in NetInfo with cached credentials, and then the createhomedir program will make a home folder in whatever place you have set to be the folder that houses your homes. Your users will then get correctly sent to their home folder after logging in via SSH, and single-sign-on with Kerberos will also work just fine.