Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-3330: How to set up network home folders for Mac users in Zone Mode

Centrify Identity Service, Mac Edition ,  

26 July,16 at 05:42 PM

Applies to: Centrify Identity Service, Mac Edition


 
Question:
 
How can an AD user be configured to login to a Centrify-joined Mac system with a network home folder in Zone Mode?

 
Answer:
 
Notes:

Steps:
  1. On a network file server, create a folder where all the network home directories will be created.
     
  2. Right-click on this folder and configure the following settings:
     
    Sharing tab > Permissions button > Remove "Everyone" > Add "Authenticated Users" > Select "Full Control" 
     
    User-added image
     
    Security tab > Add "Authenticated Users" > Select "Full Control" 

    (This is required for initial setup of the network home folders, limiting users to only be able to access their own home folders can be configured afterwards.)

    User-added image

     
  3. In ADUC, go to the AD user object and right-click and select their AD Properties:
     
    Profile tab > Home folder section > choose Connect > Enter the folder path in the format:
     
    \\ [fully qualified server hostname] \ [share path] \%username%
     
    E.g: \\server-name.domain.com\ShareFolderName\%username%
     
    (The username will be filled automatically in place of the %username% token)
     
    User-added image
     
  4. Once the user's AD properties are updated, the home folder will be automatically created on the network file server.
     
  5. Open up the Centrify DirectManage Access Manager / DirectControl console and navigate to the Zone where the AD user has been added.
     
  6. Right-click on the user's account and select Zone Profile, configure the home path to the following format:
     
    / [SMB/AFP] /%{user}/ [fully qualified server hostname] / [share path] /%{user}
     
    E.g: /SMB/%{user}/server-name.domain.com/ShareFolderName/%{user}
     
    (The username will be filled automatically in place of the %{user} token)
     
    User-added image

     
    NOTE:
    This is the format used in Hierarchical Zones and can be inserted directly into the user profile's Home Directory attribute as well as the Zone Properties > "User Defaults" tab.
     
    If using the older Classic Zone, then the following format should be used instead for the "Default Values" tab:
     
    /SMB/${user}/server-name.domain.com/ShareFolderName/${user}
     
    (Dollar-symbol instead of percentage-symbol)
     
    This will automatically substitute the user's name into the path for newly added users. For users already in Classic Zones - the user's username will need to be manually added into the path as there is no automatic substitution for existing Classic Zone paths.
     
  7. Go to the Mac and login as Local Admin 
     
  8. Open the Terminal and run:
     
    adgpupdate
    sudo adflush
     
  9. Verify that the AD users have now been configured with network home directories by running the command:
     
    adquery user -h ad_username
     
  10. The network home path will be shown in UNIX format:
     
    /SMB/ad_username/server-name.domain.com/ShareFolderName/ad_username
 
 
To restrict access of the network home folders so that users can only get into their own network homes, please see the following KB:


For additional information not covered in this guide or troubleshooting assistance, please review the Centrify Online Help or Customer Support Portal at https://www.centrify.com/support/customer-support-portal/
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.