[Network Administration] : Using AFP home directories

So far, I’ve been using NFS to mount my home directories on my OS X machines with the automounter. It’s worked pretty well so far. There are a couple of issues that I’m hoping to work around. One is that the automounter can unmount the drives, which in this case would be the home directory. I’ve been converting this over to using AFP as the native file sharing protocol for the home directories. Synology’s DSM includes support for AFP as one of the protocols. I don’t have any Windows machines, so I’m not going to worry about SMB for support, although it appears that Apple will drop support for AFP in the near future.

Continue reading “[Network Administration] : Using AFP home directories”


[Network Administration]: Automounter over LDAP

This is basically an update to the autofs and automounter page that was published earlier to reflect some changes to how things are set up now. I still have my automount maps in the LDAP directory, but the DN for the maps is updated to the currently provided autofs schema that comes with the Ubuntu package instead of the rfc2307bis schema which seems to have languished in draft form. I’ve also unified some of the files across both Linux machines and OS X. Continue reading “[Network Administration]: Automounter over LDAP”

[Network Authentication]: OS X Kerberos Authentication and LDAP Authorization

I’ve also enabled Kerberos authentication and LDAP authorization on my OSX machine in addition to Linux machines. OSX supports Kerberos out of the box and deploys it for authentication against an OSX server. Also, the native OpenDirectory implementation is OpenLDAP, so we should be able to talk with our LDAP directory. Additionally, we’ve generated the directory entries with the records that we’ll need for OSX authorization, we just need to enable it. Continue reading “[Network Authentication]: OS X Kerberos Authentication and LDAP Authorization”

[Network Administration]: Network Accounts

At a basic level, the Kerberos KDC manages the passwords, and the LDAP directory is used to manage user accounts and user groups for both Linux systems and OSX systems. In order to do this, the Kerberos KDC needs to have users and passwords, and the directory needs entries with some basic information that both systems require for authorization. Once the information is in both the KDC and the directory, then both linux and OSX systems can be configured to use the information.
Continue reading “[Network Administration]: Network Accounts”

MYSQL client builds and OSX

There’s a problem getting the mysql client libraries for OSX working as they are. The dynamic loader has a problem loading the lib.

dyld: Library not loaded: libmysqlclient.18.dylib
  Referenced from: /Users/mungeduser/Desktop/work/cvs/media/client/test/_bin/Darwin.x86_64/test
  Reason: image not found
Trace/BPT trap

One solution is to modify the dynamic lib to

bash-3.2$ sudo install_name_tool -id /usr/local/mysql/lib/libmysqlclient.18.dylib /usr/local/mysql/lib/libmysqlclient.18.dylib

[Network Administration]: Clean OSX setup

Well, my laptop had been acting up, and I’ve decided to clean install everything. I’ve got my copy of 10.8 Mountain Lion to install. I went with the clean install since I’m not sure why things are not running properly. I generated a USB install drive on one partition for Mountain Lion following this writeup, and leaving the rest open for future versions if necessary. The post has a section at the end for putting multiple boot images on a single disk.

Couple of things that I noticed. First, since I’ve moved most of my information to the network, this was less painful that it could have been. I loaded the template from the previous post, and I had my network accounts coming across from the filer, so those were all ready to go right away. Not without a couple of errors here and there. First, for my LDAP accounts, I was not able to access the Users & Groups pane from the system preferences. If I tried to open the page, system preferences would just crash. Turns out there is a LDAP attribute that was missing for Mountain Lion. In my new mapping, I mapped GeneratedUID to the uidNumber attribute in my directory. It’s working fine so far.

Second, I wasn’t getting syncing when I created my mobile account. I would just get the standard skeleton account for a new user even though I was able to log in through my network credentials. It wouldn’t even try to sync from my network home. I got a number of “home path is nil” errors in my FileSync log. I think that it tried to sync, but was failing almost immediately. Based on this post, I added OriginalHomeDirectory in my LDAP mappings to the homeDirectory attribute in my directory. Also, I used the -u option to calling createmobileaccount. This seemed to resolve the issue. Now my call to createmobileaccount looks like

sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n USER -X -s -v -u nfs://SERVER/EXPORT_PATH

[Network Administration]: No Littering!

I’m beginning to get annoyed about all of the hidden/system files and directories that have begun to litter through my NFS server. In particular, there are two.

The first is the .DS_Store files. These come from OS X Finder and are written every time a directory is accessed. I find them all over my NFS directories on my NAS. Apple has a KB note about how to turn these off over network connections. You can actually go one step further and disable the file creation globally.

defaults write /Library/Preferences/com.apple.desktopservices DSDontWriteNetworkStores true

This will write the plist for the system wide preferences.

I’ve also seen a post that this should also work on USB or local drives with the key DSDontWriteUSBStores and DSDontWriteLocalStores. I haven’t tried any of this though — just a warning.

The other directories that litter my NAS are the @eaDir directories. These are created on my Synology DS212 NAS. There is a post that details how to prevent the creation of these directories. Basically, these are created by a bunch of indexing daemons.

To find all of the files on the command line you can use:
find . -name .DS_Store -type f to search down from the current directory and optionally remove it with the pipe | xargs rm -rf
find . -name @eadir -type d