Home Folders on MacOS Server 5.11.1

[DJLC]

FWIW, when I did my OS X Server training/certification at Apple (many moons ago) DNS was considered mandatory. Also, as a consultant I had a handful of service calls where setting up DNS resolved random login issues.

+1. I was never OS X Server certified or anything, but the certified guy who got me up to speed at my first OS X Server related job stressed DNS super hard. Over the years, I helped troubleshoot Open Directory issues for several organizations — nearly every time, it was because they were using an IP instead of an FQDN, forward lookup zones weren't set up correctly, or reverse lookup zones weren't set up correctly. No error messages; client Macs would just refuse to authenticate at the loginwindow.

OD / Network Homes / Mobile Accounts are all tricky and fickle beasts, IMO... Cool in their day, but constant trouble.

 

[hobowankenobi]

FWIW, when I did my OS X Server training/certification at Apple (many moons ago) DNS was considered mandatory. Also, as a consultant I had a handful of service calls where setting up DNS resolved random login issues.

OK, good to know. I have never had any DNS issues with fixed IPs on Mac Servers...but that was years back, and I could see that it could vary by service too.

 

[Altemose]

This might be getting way off topic...but installing the OneDrive client is a long, LONG way off from authenticating at login. Does OneDrive support user account login management? I thought it only supported data syncing from the desktop client.

Possible Login/account management options I am aware of:

Local Options:

Local accounts (default Mac setup)
LAN Directory Server: Open Directory (MacOS Server, or others...more info)
LAN Directory Server: MS Active Directory
LAN Directory Server: Synology AD
LAN Directory Server: Samba AD

Cloud/WAN Options:

Okta
JumpCloud
OneLogin
MS Azure (AD in the cloud...coming someday.)
Google

I'm sure there are more. Most above cost...either a moderate or very high price.

OpenSource LDAP like in (MacOS Server can be free or very low cost), but less than fun/easy to setup, and perhaps less than robust to run. There is a user here that claims to have gotten Google accounts working, which would slick, free, cloud-based authentication, but I can't vouch for it myself.

• All the above (plus other similar platforms) allow the management of user credentials.
• None of the above (that I am aware of) support/are recommended for Roaming Home Directories...at least at any moderate scale.

The concept that I was referencing was simulating the "Silent Configuration" that Windows environments get through Group Policy. In those environments, the system authenticates against AD and using GPOs also signs into the desktop client and downloads the data. Ideally, this functionality may be able to be replicated on macOS. Though, based on OP's situation, they may be able to even get it to some semblance of that point and achieve the desired results.

 

[Jedi.Master.Dre]

FWIW, when I did my OS X Server training/certification at Apple (many moons ago) DNS was considered mandatory. Also, as a consultant I had a handful of service calls where setting up DNS resolved random login issues.

With a DNS server running do you think roaming home folders are still attainable with current iMac clients and macOS? I can run an older version of macOS Server such as 5.6, or new such as 5.11.1. It would be awesome to run macOS server 5.11.1 and have roaming profile and home folders between my 2011 iMacs and newer 2019/2020 iMac clients.

 

[DJLC]

With a DNS server running do you think roaming home folders are still attainable with current iMac clients and macOS? I can run an older version of macOS Server such as 5.6, or new such as 5.11.1. It would be awesome to run macOS server 5.11.1 and have roaming profile and home folders between my 2011 iMacs and newer 2019/2020 iMac clients.

Mobile Home Directories (also known as roaming user profiles) were deprecated in macOS Sierra: https://support.apple.com/en-us/HT206871. Your newer clients won't be able to automatically sync to their network home folders. However, the network home folder will still auto-mount as a volume at login.

 

[rezwits]

I would have 20 iMacs logging in on average and it would be immensely useful. 60-100 active users at any given period.

I have successfully joined 2011 iMacs with Home Folders. I get an error when the new T series iMacs are attempting to login. The home folders exist on the server and the user shows as connected, but the login hangs indefinitely. So close. I am baffled.

Ugh.

You won't get roaming/mobile accounts, but one way I was, well two ways, is, if you have a System with Users and you upgrade if they were already setup they will continue, up to BigSur at least, if you upgrade the OS...

But here is something I got to work "once" that was nice.

Let say you have an ADMIN account like Admin/admin, and you login into that account, on the machine you want A USER to use.
Then goto Network/and see the Servers, while logged in as Admin, pick the Server and MOUNT the user SHARE, login as the user you want to login (don't save to keychain etc), and get the damn "User" folder mounted while admin is STILL "logged in" switch to the Login Window, and login as the user, with the mounted User share from the Server.

There is something wrong with the Login Screen "not being able" to mount the User folder from the server "as the user" and then being able to "chill" aka login, while using the mount.

There are some hooks you can fiddle with in the Directory Utility, maybe you could find a way to run a login script that'll mount the as the user but man that would be a headache...

You might be able to do some kind of terminal login, and reboot? and have the share mount? UGH hehe

Good Luck, thanks for the Video tho, seems they updated the "Workgroup Manager" app essentials in the new Server App (from that video)which is promising... maybe I'll grab a couple of M1 MacMini's and setup a Directory Replica!!

once again, good luck! Oh and High Sierra can still be a DNS server for your internal classroom and each machine...

 

[Flint Ironstag]

I would have 20 iMacs logging in on average and it would be immensely useful. 60-100 active users at any given period.

I have successfully joined 2011 iMacs with Home Folders. I get an error when the new T series iMacs are attempting to login. The home folders exist on the server and the user shows as connected, but the login hangs indefinitely. So close. I am baffled.

Ugh.

Admire your pluck, but I would absolutely not recommend relying on this professionally. It will break. Apple will not support you.

BUT, you can get cozy with DSCL & kerberos. Also make sure your times are closely synchronized between server & clients. Make sure your server can resolve its own IP. Have had to do this dance countless times. Apple needs to kill server, or seriously overhaul it.

changeip checkhostname result - Apple Community

discussions.apple.com

 

[Jedi.Master.Dre]

FWIW, when I did my OS X Server training/certification at Apple (many moons ago) DNS was considered mandatory. Also, as a consultant I had a handful of service calls where setting up DNS resolved random login issues.

That is excellent to know. I suspected that. Any tips? I have briefly tried DNS Enabler which is "Bind" but with a GUI interface, It seems promising.

 

[AlumaMac]

That is excellent to know. I suspected that. Any tips? I have briefly tried DNS Enabler which is "Bind" but with a GUI interface, It seems promising.

I have to agree with the other posters who have expressed caution in trying to implement this in a production environment. Odds are if you are able to get it working it will inevitably break in the future with no possible solution.

 

[trueclou]

I have been running a Mac lab at the school I teach at, and have been using MacOS Server 5.7.1 to create student accounts and store all of my students files on a 2012 Mac Pro running High Sierra with numerous 2011 27" iMacs with El Capitan and High Sierra as client computers. That Mac Pro has 12TB worth of HDDs in it.

I recently purchased four 27" 2019 and ten 27" 2020 iMacs. The new client iMacs mostly have 256GB SSDs. These new iMacs mostly have Big Sur on them and were shipped with Big Sur. As a result I am running MacOS Server 5.11.1 now on one of the iMacs that has an 8TB SSD. My goal is to have my students be able have student accounts on MacOS Server and have their Home Folders reside on the "Server" iMac, like they used to on MacOS Server 5.7.1.

I have spent a ridiculous amount of time trying to figure out ways get this to work, none have worked.

I would also like to be able to still use the 2011 iMacs as clients if possible.

I have been able to create student accounts and access Home Folders by logging into the server but the Menu Bar and My Documents are currently being stored on the client iMac that the user logs in to. This is frustrating as I have several different classes and numerous students and I would like them to be able to access their files and settings from any of the client iMacs at the stations in my lab.

I have contacted Apple Support twice for extended conversations to no avail.

I realize that Apple has deprecated services on MacOS Server. That being said, all I really need is the ability to create user accounts and have the home folders and settings reside on the 8TB "Server" iMac. It seems ridiculous that the updated "Server" app doesn't actually operate much like a server anymore.

I am very frustrated to say the least. I hope I am missing something here.

The new iMac with the 8TB SSD was obviously quite expensive and purchased to be the main storage for my lab so I would really like to be able to use it for that purpose. 14 new iMacs was a big investment for my department.

I was thinking of whether or not I could use BootCamp to run High Sierra on the 2020 iMac on a second volume, that doesn't seem possible but might seemingly do the trick if it was.

I was also wondering if a virtual machine, such as VMWare Fusion or Parallels would allow me to run High Sierra and MacOS Server 5.7.1 on the 8TB 2020 iMac (that was shipped with Big Sur).

Are there any settings or means to accomplish this in MacOS Server 5.11.1?

If this can't be achieved with MacOS Server 5.11.1, I would greatly appreciate suggestions on any third party software that may be able to achieve this.

Any solutions, suggestions or help would be much appreciated.

Hi Jedi.Master.Dre,

I recently found your question on problems with the network home directory on macOS Server since Big Sur. I experience exactly the same problems in our department’s Mac lab. I struggled several hours without finding a reliable solution. It seems impossible to connect to a Monterey server from a Monterey client if a network home directory is configured in the Open Directory accounts. On the login attempt the users get the error message that you describe.
However, if the clients run under Catalina the login will succeed.
I guess that the reason for this is the changed structure of the startup volume since Big Sur. The read-only part of the startup disk might prevent the ‚/Network/Servers/…‘ directory on the client (that is needed for network home directories) from being created of modified during login. I tried several possible workarounds but none worked.
Did you find a solution in the meantime?

Best, Christoph

 

[DJLC]

I have to agree with the other posters who have expressed caution in trying to implement this in a production environment. Odds are if you are able to get it working it will inevitably break in the future with no possible solution.

I tried several possible workarounds but none worked.

Just dropping in to +1000 @AlumaMac's comment here. You may find a workaround somehow or somewhere, @trueclou, but I urge you not to rely on it for anything important. Even if you get it working, it will break one day with no way out. I'm not one to die on hills, but this hill is an exception.

FWIW, the last time I supported this type of configuration in a production environment was around 2014-2015. And we ran away from it as quickly as we could. It was unreliable then; I can't imagine how bad it'd be today hacked together.

 

[Jedi.Master.Dre]

Hi Jedi.Master.Dre,

I recently found your question on problems with the network home directory on macOS Server since Big Sur. I experience exactly the same problems in our department’s Mac lab. I struggled several hours without finding a reliable solution. It seems impossible to connect to a Monterey server from a Monterey client if a network home directory is configured in the Open Directory accounts. On the login attempt the users get the error message that you describe.
However, if the clients run under Catalina the login will succeed.
I guess that the reason for this is the changed structure of the startup volume since Big Sur. The read-only part of the startup disk might prevent the ‚/Network/Servers/…‘ directory on the client (that is needed for network home directories) from being created of modified during login. I tried several possible workarounds but none worked.
Did you find a solution in the meantime?

Best, Christoph

I got it to work once a while ago, thinking back it was on a T1 2019 running Catalina. I could never replicate it so this sort of makes sense. I gave up after hundreds of hours working at it and several warnings issued here.

In your experience does the OS on the server matter?

 

[Flint Ironstag]

This is a dead end. Surely there's some type of free directory service via home-brew / mac ports?

 

[Jedi.Master.Dre]

This is a dead end. Surely there's some type of free directory service via home-brew / mac ports?

I’m open to suggestions.

 

[Flint Ironstag]

If there's not a bare metal combination directory / file sharing solution, I would probably go proxmox, with FreeNAS and a directory service (if basic accounts in FreeNAS don't cut it).

 

[zorinlynx]

I help maintain computer labs at a university, with some Macs, so you can imagine networked home directories and trying to do some sort of roaming profiles on Macs has been a thorn in my side for over a decade now.

The simple truth is Apple does not care about roaming profiles or networked home directories. It used to work many years ago, but slowly got more and more broken over time until it's basically impossible now. It's basically the ~/Library folder that breaks when on a network share; everything else mostly works.

In the end the solution was to have a throwaway home directory on the machine and instruct students to save important data on their mounted file share. I also had a script that would mount "Documents", "Downloads", and "Desktop" from the student's network directory on top of those folders on the local home directory. Of course this means the ~/Library folder doesn't migrate between machines, but it's a workaround, not a perfect solution.

Luckily, we are moving away from Macs in computer labs. They just don't work well in that use case anymore. When students have a project requiring a Mac it's easier to assign them a Macbook for the semester.