On the MacEnterprise maillist, Arjen van Bochoven wrote of problems with automatic HomeSyncs under Leopard with NFS home directories. Manual syncs worked fine, but the automatic background syncs would fail with errors that looked like this:
1::  Peer "network" is unable to sync. (-[SPeer_FS_PHD mountPeerVolume] (Peer-FS-PHD.m:140): "'((homePath))' is nil") 0::  [2009/02/19 10:45:10.640] Peer "network" is unable to sync. Not enough peers will be available to continue syncing. 0::  [2009/02/19 10:45:10.640] Aborting sync of "HomeSync_Mirror".
I saw the exact same problem in my environment. This also affected login and logout syncs. Here’s the (ugly) fix.
For each mobile account, you’ll need to make two modifications to the account info in the local DS:
/usr/bin/dscl . create /Users/$USERNAME dsAttrTypeStandard:OriginalHomeDirectory "<home_dir><url>nfs://$NFSEXPORT</url><path>$USERNAME</path></home_dir>"
where $USERNAME is the short username, and $NFSEXPORT is the nfsserver and its export.
This gives HomeSync a nfs:// URL to use to mount the network home directory (It shouldn’t have to do this, since the network home is already available at the autofs mountpoint for the network home, and obviously really doesn’t need it since manual syncs work), but we have to do it anyway.
The OriginalHomeDirectory attribute has two parts – a URL describing the mount, and a path describing the path to the actual home dir, relative to the mount. In my case, when I type `mount`, my home autofs mount looks like this:
homeserver:/vol/home/fahome on /home/fahome
and my NFS home path is
So the URL is ‘nfs://homeserver/vol/home/fahome/’ and the path is ‘gneagle’.
Depending on how the home mounts are setup in your environment, the division between the URL and the path might be different, for example, we might have had this instead:
URL ‘nfs://homeserver/vol/home/’ with a path of ‘fahome/gneagle’.
The next change:
/usr/bin/dscl . append /Users/$USERNAME dsAttrTypeNative:preserved_attributes dsAttrTypeStandard:OriginalHomeDirectory
This prevents the OriginalHomeDirectory attribute from being overwritten by the empty value presumably coming from the network. (If there was a useful value in the network directory, this hack wouldn’t be needed.)
You may be able to create the accounts “correctly” in the first place by using /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount and passing the syncURL with the -u option in the form “nfs://homeserver/export/home/gneagle”. This didn’t work in my environment, and even if it did, it wasn’t really an option to use createmobileaccount, so I instead wrote a login hook that “fixes” the mobile account if needed. WordPress will cut off the right side of the script when displaying it, but you can select, copy and paste into your favorite text editor for examination:
#!/bin/sh # Leopard bug workaround as of 10.5.2. March 5 2008 # inserts nfs:// URL into OriginalHomeDirectory attribute # for mobile accounts so that login/logout/background syncs # work reliably # # Greg Neagle, Walt Disney Animation Studios # the following is the actual NFS share that is mounted via autofs NFSEXPORT="homeserver.example.com/vol/home/fahome/" USERNAME=$1 LOCALACCT=`/usr/bin/dscl . read /Users/$USERNAME 2>/dev/null` if [ "$LOCALACCT" != "" ]; then # $USERNAME is a local account NETHOME=`/bin/echo $LOCALACCT | /usr/bin/grep OriginalNFSHomeDirectory` if [ "$NETHOME" != "" ]; then # $USERNAME is a mobile account # in our case, the path and the username are one and the same /usr/bin/dscl . create /Users/$USERNAME dsAttrTypeStandard:OriginalHomeDirectory "<home_dir><url>nfs://$NFSEXPORT</url><path>$USERNAME</path></home_dir>" PRESERVED_ORIG_HOME=`/usr/bin/dscl . read /Users/$USERNAME dsAttrTypeNative:preserved_attributes | /usr/bin/grep dsAttrTypeStandard:OriginalHomeDirectory` if [ "$PRESERVED_ORIG_HOME" = "" ]; then /usr/bin/dscl . append /Users/$USERNAME dsAttrTypeNative:preserved_attributes dsAttrTypeStandard:OriginalHomeDirectory fi fi fi
The user logs in with their network account. MCX computer group settings cause the user to be asked if they want to create a mobile account, if they agree the mobile account is created and the home directory is encrypted with FileVault. As they log in, the login hook runs and if needed, inserts the additional info into the cached local account info so that automatic HomeSyncs work.
Though this fixed the issue for our environment, I still consider this a bug.
11 thoughts on “Leopard, MobileAccounts, and NFS homes”
great info- very helpful
Hm.. February 2009,.. more than 1 year ago. 😦
I was kinda hoping to find an article (or two) on your trials n’tribulations of PHD (mobile accounts… network homes etc.) under Snow Leopard clients.. and Snow Leopard Server… in the hopes that your words would give me insight.
I’ve got my users on an external disk in a subfolder called ‘users’ . I’ve got that mounted on the server on /Volumes/stormtroopers (currently at /dev/disk7).
I’ve defined the sharepoints in WGM
the ‘users’ sharepoint is automount enabled with guest access
and a typical user (e.g., anakin) has
sharepointurl := afp://deathstar.georgelucas.ch/users
path to home folder := anakin
full path := /Network/Servers/deathstar.georgelucas.ch/users/anakin
Lastly, I have indeed created the home for anakin, and I’ve double-checked that NFShomedirectory is defined with the same value as the full path. I’ve even peeked into the folder and do see the files.. correctly chowned.
On the virgin client machine Alderaan (only the local admin account exists) I use the login window and type in anakin’s username and password. The local folder IS created, and I *CAN* login in.
NOW (finally!)… My question…
When the mobile account for anakin SYNCS a df briefly shows one or both of…
Whether it shows one, the other, or both seems to be arbitrary from one sync-moment to another.
Should I be using a fullpath of /Volumes/users
instead of /Network/Servers/deathstar.georgelucas.ch/users/anakin ?
Can you detect any weirdness in my setup?
Thx for any help.
I’m sorry: I simply don’t know. We don’t use AFP network homes, and we don’t use Open Directory, so I’m not sure what the correct/expected behavior is.
Thanks anyway, @GregN 🙂
For other readers… Head on over to http://www.afp548.com/forum/viewtopic.php?forum=18&showtopic=26930 for more on this problem.
I SORT OF found a solution (June 24), by using a full path of /Network/Servers/server1.epfl.ch/Volumes/team1/users/user1, disabling the fstab management of /Network/Servers in auto_master, and restarting the automounter.
Hey- I’d like to talk to you about home sync. I’m doing something fairly interesting- I have my home on an airdisk, and I’ve used WGM on my local account to tell it that it’s there… Now I’d like to use WGM, or whatever else, to do a proper home sync, cache redirects, etc.
I could dig out how to make this work myself (one of the many things I do is run a very small OS X server at work) but it seems like you really know what’s going on and may have some good pointers. So… email me!
The client main client in question is 10.5, though I would like to copy-and-paste the same settings to my 10.6 box… that’s round 2…
Hi Greg, I have a question about your use of the NetApp filers in the respect of a heterogenous client environment, and network home folders/PHDs.
Do you share out home directories over CIFS to your Windows users, NFS to your Mac and Linux clients? do you have any users who would log into say, a Windows client one day and a Mac client the next?
Also, how have you handled general non-home shares? Do you share those out over both protocols from the Netapp filers?
Thanks in advance
“Do you share out home directories over CIFS to your Windows users, NFS to your Mac and Linux clients?”
Yes. The home directories are made available to Windows users, but aren’t _used_ as their home directories.
“do you have any users who would log into say, a Windows client one day and a Mac client the next?”
“Also, how have you handled general non-home shares? Do you share those out over both protocols from the Netapp filers?”
In most cases, yes.
I just have to say Thanks! Of the scores of web pages I’ve scoured, yours is the one that seems to have gotten me out of Portable Home Directory hell. Huzzah!
With my setup it doesn’t work. I have local Users directories synced with /home shares on NFS server which.
My mount info prompts:
I have enterd the following command in the terminal:
I also tried with machine naming (‘poseidon’ with or without local domain ‘ home.lan’) but that doesn’t work either.
My ~/Library/Logs/FileSyncAgent/FileSyncAgent-verbose.log tells me:
NSLocalizedDescription = “No route to host”;
For further details about verbose log see: http://pastebin.com/xPPUNf4U
On my server log I read a succesvol authentication
[…] in my FileSync log. I think that it tried to sync, but was failing almost immediately. Based on this post, I added OriginalHomeDirectory in my LDAP mappings to the homeDirectory attribute in my directory. […]
Comments are closed.