home directory on different computer
I was just helping a few fellow grad students with their new G5s (I'm so jealous because by supervisor is a microsoft head and gave me a 5 year old hand-me-down PC) in hopes of gaining access to using them as well. Anyway, their supervisor got these 2 computers and none of them know how to really use them (like mounting shares from other servers and such). Here's the main problem though. They have 2 G5s used by several students and they created accounts on each for all their students. Now each student has a home directory and such on each computer. How can the accounts be changed so that the home directory is on some other server. We have file servers on campus that serve out home directories and such already. Can this be done via samba?
Also, how could they get their accounts authenticated to our campuses kerberos server? I'm guessing this is all done via directory services or something. Would all these setting have to go in per user or is there a more global area that would affect all users.
Thanks in advance. Sorry if this should be in "genius bar".
Also, how could they get their accounts authenticated to our campuses kerberos server? I'm guessing this is all done via directory services or something. Would all these setting have to go in per user or is there a more global area that would affect all users.
Thanks in advance. Sorry if this should be in "genius bar".
Comments
nExt step, the dirty netinfo database. an admin is gonna have to pop in there, and update each user's home folder, to point it the the mount position of the share (with the user's name concatenated of course). don't worry, this part can also be scripted. i think the necessary command is niutil, or something like that. check the man pages for exacts. oo, you can probably even write a script that will check if the currently logged in user has a foreign home folder, and if so, to have it change its own home place to that foreign folder.
actually, instead of the second paragraph there (which is still possible), you could mount the share to /Users. if it contains a single folder per user, each named after a certain user, then you dont have to mess with each user's home folder setting in netinfo.
i just thought of a potential issue. each user is identified by a UID, which would also have to be transferred to the mac computer, or its designated netinfo db. i'm not sure of an easy way to do that. its probably still pretty easy, but i cant think of exactly how to do it.
Alternatively, you can share user spaces between the two machines through NFS shares, although you'd only really want to do it if you were sure that the network was stable enough to not present any problems, and if the machine you were exporting the filesystems from was going always to be on.
This involves setting up one machine to export the filesystem (i.e. the user folder), and the other machine to mount it, and make it a particular users home folder. All of this can be done in the NetInfo Manager (or using nidump/niload on the CLI). UIDs will need to match up; you'll need to have administrator privileges.
I've never done this before, so caueat emptor:
Setting up NFS Exports
(1) Open the NetInfo Manager
(2) Click the lock to make changes and authenticate as administrator
(3) BACK UP THE DATABASE (Management>Save Backup): killing the NetInfo DB makes your machine... problematic, shall we say.
(4) Click on the exports directory (/exports); if it doesn't exist, create it
(5) Click "New" to create a new subdirectory
(6) Name it for the filesystem you're exporting (e.g. /Users/foo)
(7) Give it some properties: (cmd-shift-N)
(a) clients: the IP address of the machine/s you're exporting to
(b) opt: any options you want (see man exports for details); for example, you might want to use maproot=root
(c) name: the filesystem i.e. /Users/foo in this example
(8) Save changes
(9) Reboot, and pray you haven't killed your NetInfo DB.
Setting up NFS Clients
(1) Open the NetInfo Manager
(2) as above
(3) ditto
(4) Click on the mounts directory; this should exist
(5) ditto
(6) Name it for the remote filesystem (e.g. /Users/foo)
(7) Give it some properties:
Property Value
(a) "vfstype" "nfs"
(b) "passno" "0" (that's a zero)
(c) "dir" your mountpoint, the directory which will contain the NFS share: this MUST exist e.g. "/netusers"
(d) "dump_freq" "0" (that's also a zero)
(e) "name" [the name of the NFS server]:[the full path to the exported directory] e.g. 192.168.1.1:/Users/foo
(f) "opts" "w"
(8) Save changes
(9) Reboot, and pray
Go to the CLI and type "mount" to see if your exports/imports are working (they'll be listed with something like
"/dev/disk1s7 on /Users/foo (NFS exported, local)"
Finally, select the /users directory in the NI DB on the client machine, select the user who's directory you just shared, and edit the home directory value to the mountpoint and name of the directory you just shared. Here it might be "/netusers/foo"
Once again: I've never actually done this, so don't quote me on it. Comments anyone?
This might be explained more clearly here for clients and here for servers.
If you want to get a bit more tricky, you can set up a NetInfo domain to parent to other machines (but which to work will still need the NFS stuff), or do LDAP or Active Directory...
We do have active directory on our campus for the windows machines. We also use nfs on all the unix and linux machines to have a common home directory no matter where you login. Actually, the windows home directory is in a subdirectory called "winhome" in the unix/linux home directory. I doubt nfs is an option though as I believe that would give the admins of the G5s (some profs/students) access to too much (root access to other people's stuff on the mounted drive). Although I may be wrong there. Active directory and/or LDAP seems to be the way to go.
I found out that this group is awaiting the arrival of another G5 which will act as a server (don't know if they are getting OSX server on it or not) so I guess they will figure more stuff out then. I'm guessing accounts for the handful of students using these computers on the server and the 2 G5s authenticating to that.
It's too bad that our department doesn't set up the xserve that was purchased over a year ago so that students or faculty or anybody could use it. But I guess if people actually communicated and worked together, this wouldn't exactly be a university. Long live chaos!!