Portable Home Directories — Part 2

Last week, in part one of this series, we took began deploying Portable Home Directories, reviewing their prerequisites and enabling the mobile managed preferences. This week we'll continue the process, by setting up an AFP share to host our user homes and configuring our Open Directory accounts to take advantage of them.

Sharing Portable Home Directory Files:

In order to make your server-based home directories available to other machines, you'll need to share them out to your network (preferably via AFP). In Leopard, the "File Sharing" settings reside in the Server Admin application. Open it, then select your server name, and choose the gear-shaped "Settings" button from the toolbar. You'll see a collection of potential server features to enable (such as allowing SSH and ARD access) including a listing for "Server Side File Tracking". Checking the box and clicking "Save" will allow Mac OS X server to cache file changes prior to synchronizing home directories, which offers a significant performance boost over Tiger's system of scanning and comparing home directory contents.

Server Admin: File Tracking for Mobile Home Sync

Next, select "File Sharing" from the Server Admin toolbar (or the equivalent settings in Tiger's Workgroup Manager). If your server has fast redundant disk space available to hold your portable home directories, there's not a compelling reason to not just share out /Users. If you have a large number of users (or a small boot disk), you'll want to create a separate share on external storage. In either case, select the "Volumes" and "Browse" buttons below the toolbar and select the folder you'll be using for your Portable Home Directories, then click the "Share" button right above the file browser and "Save" at the window's bottom-right.

Server Admin: Browse File Sharing

Once you share the directory, a new "Share Point" button will appear at the center of the "Sharing" pane. Select it, then check "Enable Automount". You'll then be asked to enter an administrative user name and password for your Open Directory domain. Keep the default setting of mounting user home folders over AFP by clicking "OK", then move on to the "Protocol Options" button below it.

When Portable Home Directory deployments go wrong, it's usually at this stage. In the AFP "Protocol Options", be sure that "Allow AFP guest access" is checked (you'll also want to uncheck the options to share via SMB, FTP, or NFS). If you have other AFP shares active (which you most likely do), be sure guest access is turned off on the rest of them. Then select "AFP" from the service list on the left of the Server Admin window, choose the "Access" pane, and check "Enable Guest access" there as well.

Server Admin: AFP Guest Sharing

This may seem counterintuitive, as guest (or unauthenticated) access to the home directory share may sound like a terrible idea. In most cases you wouldn't want any data shared out to network guests, and Apple even forces you to confirm the setting in two separate places. In the case of Portable Home Directories, however, the shared volume gets automounted prior to any user logging in. The data inside each home directory stays private, but the root of the share needs to be accessible to any machine bound to the Open Directory domain. Guest access is the mechanism through which this is achieved, and without it the remainder of your deployment process won't get anywhere.

Assigning Portable Home Directories To User Accounts:

Now that your mobility preferences are set and your AFP share is set to automount, the final step is assign home directories to your existing users. Open Workgroup Manager and select "Accounts" from the toolbar, then highlight a test user from the left column and choose the "Home" pane. By default, two options are offered as home directory locations, /Users and None. Instead, click the "plus" button at the bottom of the list to add an additional option.

Server Admin: Home Directory Path Configuration

In the dialog sheet that appears, use the first field to enter the AFP address of the home directory share in URL format (such as afp://server.example.com/Users). In the second field, fill in just the name of the user's home directory, which should be the same as their account "short name". In the third field, enter the full path of the automounted home share as it will appear on client machines. This begins with /Network/Servers/, then the address from the first field minus the afp:// prefix, and finally the user's short name. When all three fields are filled properly, click "OK", then assign the user a disk quota (somewhere between 20-40GB is reasonable for most user environments) and hit "Save".

Server Admin: Home Directory Path Assignment

With this first account done, you can now highlight all the users who'll be getting mobile accounts, select your pre-configured share point, assign a quota, and save those settings to the entire list at once. If these are new accounts, you can even use the "Create Home Now" button to populate your AFP share with custom home directories. If you'll be syncing existing home directories on client machines, you don't have to create a home folder at all, instead allowing the data to copy to the server on their next network-based login.

Recommended Reading: For the full story on Portable Home Directory setup, try the essential Leopard User Management Guide [PDF - 2.5MB] at Apple.com.

Categories: Mac OS X Leopard, Mac OS X Tiger, Managed Preferences, OS X Server, Open Directory 
Posted on 2 July 2008 by Ellis Jordan Bojar