Please Note: This document has been archived and is no longer updated. Hybrid Home Folders are only supported on macOS 10.14 and older.
Network share mounting is now provided by either NoMAD (for pure Active Directory environments) or Jamf Connect (for Entra ID Hybrid environments). The following capabilities are available:
- The user home directory (SMBHome) can be mounted as a drive on the Desktop at login. It is named with the user's user name
- Other network shares can be mounted for with the option of mounting specific shares for members of Active Directory Security Groups
- Network share paths can contain some dynamic variables, including:
- User name
- Domain
- Full Name
- Computer Serial Number
- userPrincipalName (UPN)
- Email address
About
dataJAR have developed a mechanism and workflow which allows for shared use macOS devices to leverage both local and network storage.
When an network based user logs on to a macOS device, we can query the directory service and derive the users' home folder location, before attempting a mount and subsequent linking of local resources to their network equivalents. For example, please review the following table:
Local Resource | Network Resource |
/Users/username/Desktop |
smb://dfs.lan/FileStore/UserData/username/Desktop |
/Users/username/Documents |
smb://dfs.lan/FileStore/UserData/username/My Documents |
/Users/username/Music |
Redirection not supported |
/Users/username/Pictures |
Redirection not supported |
/Users/username/Movies |
Redirection not supported |
This allow the network user to roam between macOS devices and access their data freely without being tied to just one system. It is important to note that rich media or database heavy applications like iMovie, Final Cut Pro X, Logic Pro X, Adobe Premiere and Microsoft Outlook are not supported for read/write directly to network storage and as such users are encouraged to work locally before copying their work to the network before logging out. This is more a limitation with network infrastructure and storage rather than macOS or the application.
Your assigned dataJAR Systems Engineer will discuss and implement the optimum configuration for your environment.
Microsoft Windows NTFS Permissions
To ensure SMBHome
folders function correctly on macOS based clients using the default Active Directory Connector supplied with macOS please ensure the following requirements are met:
- The share name for home directories is not call ‘home’ as this can conflict with existing
auto_master
mounts within macOS. - Permissions on the user home areas should be creator/owner on their relevant folder
- Permissions on the parent folder/s should be the following, applied to "this folder only":
Adding Additional Mounts
As well as connecting local resources to the network, we have the ability to mount network based volumes based on the users' Active Directory security group membership. For example, if the network user is a member of the security group ALL_STUDENTS
then we can ensure that the STUDENT_RESOURCES
share is mounted.
Please note: Nested security groups are not supported.
To ensure we are able to configure and automate the connection to your network shares, please ensure you provide your implementation engineer the following information:
Server FQDN | Share Name (Resource Name) | Security Group |
fs01.domain.lan |
Staff_Resources |
All Staff |
fs02.domain.lan |
Student_Resources |
All Students |
Support
If you have an active support agreement with dataJAR then updates to your logon automations are included as part of your subscription. Any questions or queries, please liaise with support team via support@datajar.co.uk