Ok, forgive the long winded post - but I thought some background would be in order. Briefly, the problem we have is:

We create a new user in eDirectory, extended them with apple-user,
add apple-user-homeDirectory of:
/Network/Servers/<ip of server>/SERVER.VOLUME/HomeDirectory

and an apple-user-homeurl of:
afp://<ip of server>/SERVER.VOLUME/HomeDirectory

AFP works fine, I can manually mount this volume with login / password in OSX with Command-K

LDAP authentication works great.

After login, no home directory is mounted or exists, so we get an error (login still occurs).

Now, if I change the apple-user-homeurl to:
<home_dir><url>afp://<ip of server>/SERVER.VOL</url><path>HomeDirectory</path></home_dir> (this is how an X Serve stores this value in Open Directory) and attempt to login, login fails "because an 'error' occurred"

If I check the console / system logs on the OSX client, I see:
authorizationhost[455]: afp home directory mount failed in theEnumerator->Count in AFP_OpenSession: status = Unknown error: -5023

Now, for the weird part, if I change apple-user-homeurl on the user back to:
afp://<ip of server>/SERVER.VOLUME/HomeDirectory - login then works fine and their home directory is created and they are able to use the Mac normally.

Any ideas? I will post this to Apple forums as well. If I get any answers I will cross-post them.

Joe Jenkins

ps: Novell, please please please, we really need a working OSX client for Netware / OES!!!


New Netware 6.5SP8 server / eDirectory 8.8 SP5 / latest NMAS
Latest Novell AFP FTF patch from mid Sept 2009

Edirectory schema extended and LDAP mappings made with documentation I pieced together on the web. If I browse via ldap, I am seeing proper returns for all the objects I need to login.

Mount object created in Edirectory for the AFP mount corresponding to users home directories.

OSX test client is Snow Leopard 10.6.2 (patched this morning, clean install)

Authentication works fine, client works fine once I do the switcheroo with the apple-user-homeurl as indicated above, AFP mounts work fine in OSX, no weird errors in NMAS/LDAP dstrace, AFPTCP.log etc

By the way, if anyone else is trying to figure this out, my LDIF and my LDAP template may be of use:

The LDIF is the Apple schema you apply to your eDirectory to support OS X computers. The template is used by the Directory Utility on OSX for mapping eDirectory values to their OSX values. It's taken me about two weeks of work off and on to get a working set of these, hope they save someone else some time!

Thanks to whoever wrote the "Integrating Mac OS X and Novell eDirectory" document - it was a great help, as is Randy Saek's posts here and his written document "Mac OS X and Novell eDirectory integration" - with these documents and numerous posts on Novell's forums, I've almost got this working well :) (these documents are available all over the web, but if you can't find them, let me know and I'll put them on my webserver)

Joe Jenkins