[MacTUG] OD Augmented Users with custom home path

Steve Hellyer phasetwo at apple.com
Mon Nov 1 15:46:27 EDT 2010 

Hi Dani,

This is a wonderful tease.  Is there more coming?  Maybe a little more orientation what you doing here?

For example perhaps...

We decided not to have the Mac OS X client and Windows 7 clients save in the same location for the same user.  This meant we needed to turn off "follow UNC path" in the Mac OS X client AD directory extension which the Windows clients follow.  Etc... (Really I will let you fill this in I am just guessing from previous conversations. I think the reasons why you are doing this are not clear to the list.)


Also you describe this as a way to "mount custom home path from NetApp appliance without toggling UNCpath" but isn't this exactly what you are doing?

>   echo ==== $0 -- enabling UNCpath >> $OF
>    dsconfigad -useuncpath enable >> $OF

Turn ON use UNC path using command line configuration utility Directory Service AD extension

>    echo ==== $0 -- Arbitrary lookup of known AD User >> $OF
>    dscl '/Active Directory/All Domains' read Users/fixmac > /dev/null

Causing some activity. Which I am guessing causes generation Kerberos service ticket for CIFS/SMB file services.  Clearly your not interested in result if you piling into /dev/null.

>    echo ==== $0 -- disabling UNCpath >> $OF
>    dsconfigad -useuncpath disable >> $OF

Turn OFF use UNC path using command line configuration utility Directory Service AD extension


>    echo ==== $0 all done >> $OF

Isn't this toggling the UNCpath?  Maybe you meant without manually toggling UNCpath?

Very inventive! Just think we need a bit more meat around what thinking was to get you to invent this workaround for you situation.

Regards,

Steve

On 2010-11-01, at 11:14 AM, Dani Roloson wrote:

> Jim Johnston was able to get the OD Augumented AD accounts
> to mount custom home path from NetApp appliance without toggling UNCpath
> by adding the following:
> 
> The long and short of it:
> - There is a Kerb negotiation with AD that does NOT
>   occur if we're using AD + OD w/ useuncpath disable
> 
> Here is a workaround:
> 
> -rw-r--r--  1 root  wheel  451 Oct 25 12:06 /System/Library/LaunchDaemons/ca.uwaterloo.TriggerADKerbWhenUsingOD.plist
> 
>    <?xml version="1.0" encoding="UTF-8"?>
>    <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
>    <plist version="1.0">
>    <dict>
>        <key>Label</key>
>            <string>ca.uwaterloo.TriggerADKerbWhenUsingOD</string>
>        <key>ProgramArguments</key>
>            <array>
>                <string>/usr/sbin/TriggerADKerbWhenUsingOD</string>
>            </array>
>        <key>HopefullyExitsLast</key>
>            <true/>
>        <key>RunAtLoad</key>
>            <true/>
>    </dict>
>    </plist>
> 
> 
> -rwxr--r--  1 root  staff  607 Oct 25 12:09 /usr/sbin/TriggerADKerbWhenUsingOD
> 
>    #!/bin/csh -fb
> 
>    set OF=/tmp/TriggerADKerbWhenUsingOD.log
> 
>    while ( `ps axww | grep loginwindow | grep -v grep | wc -l` == 0 )
>        echo ==== $0 - no loginwindow daemon yet - sleeping 3 seconds >> $OF
>        sleep 3
>    end
>    echo ==== $0 loginwindow is running -- sleeping 40 seconds to stabilize >> $OF
>    sleep 40
>    echo ==== $0 -- enabling UNCpath >> $OF
>    dsconfigad -useuncpath enable >> $OF
>    echo ==== $0 -- Arbitrary lookup of known AD User >> $OF
>    dscl '/Active Directory/All Domains' read Users/fixmac > /dev/null
>    echo ==== $0 -- disabling UNCpath >> $OF
>    dsconfigad -useuncpath disable >> $OF
>    echo ==== $0 all done >> $OF
> 
> _______________________________________________
> MacTUG mailing list
> MacTUG at lists.uwaterloo.ca
> https://lists.uwaterloo.ca/mailman/listinfo/mactug

-------------------------------------------------------
Steve Hellyer
Pre-Sales Systems Engineer
Education Division (Higher Education)
Apple Canada Inc.
7495 Birchmount Rd.
Markham, Ontario, Canada
L3R 5G2

PH: (905)513-5647
Mailto: phasetwo at apple.com

Training Websites
http://training.apple.com/
http://www.witzapplecertifiedtraining.com/

AppleCare Online Support
http://www.apple.com/ca/support/

AppleCare Technical Phone Support
tel:1-800-263-3394  (basic up and running support for individual consumers)

AppleCare Enterprise Level Support
http://www.apple.com/ca/support/products/macosxserver_sw_supt.html

AppleCare Service Locations (Canada)
http://www.apple.ca/buy/locator/
Select Service Locations from pull down menu

More information about the MacTUG mailing list