Since about 2003, lab computers where I work were network home based (before that, we used something called MacAdmin, which would sync people’s files on login and logout). Network Home Directories (NHDs from now on), are “okay”. They used to work quite well. Around Tiger (10.4) (Spotlight specifically), things started their slow progress downhill with NHDs.
First, disabling Spotlight completely to keep it from indexing stuff over the network. Then redirecting ~/Library/Caches, and then more and more redirects since Microsoft and Adobe play the easy “card” of “We don’t support working over the network”. While most things would work, they wouldn’t work perfectly. As Leopard (10.4) aged, things got sketchier as I found a really annoying bug in AFP that we hit, but didn’t get addressed until Snow Leopard (10.6). Which, we addressed by upgrading the servers to 10.6, but the clients stayed on 10.5, and continued to use NHDs. NHDs would have been completely useless if it hadn’t been for Network Home Redirector (NHR) from Jeff Ochsner. I contributed a bit, but mostly, used it fairly vanilla.
But, things just didn’t work well. Programs were slow, someone accidentally capturing in Final Cut Pro to their Documents folder would slow everyone to a crawl, and we had to enforce user quotas to keep usage in check. And user quotas would cause problems with student groups that needed to share larger files.
So, after 7 years of things “working”, we finally bit the bullet this last summer break, and moved everyone over to Portable Home Directories, with Preference syncing. Basically, users still get a consistent user experience, but their files don’t travel with them. We did this largely because: 1. Thumb drives are cheap. 2. Incoming students are required to purchase external HDs. and 3. Dropbox, gmail, etc are all good ways to move files around.
We sync Preferences mainly so people can have Dock customization, preferences in Final Cut, Word, CS5, etc. Basically, here’s the include and exclude list:
Include Folders/Files:
[DDET Click to expand!]
~/Library/Preferences
~/Library/Safari
~/Library/Application Support/Firefox
~/.dropbox
~/Library/Keychains
~/Library/Application Support/Opera
~/Library/Application Support/Google/Chrome
~/Library/Fonts
~/Library/Mail
[/DDET]
Excluded Folders/Files:
[DDET Click to expand!]
~/.SymAVQSFile
~/.Trash
~/.Trashes
~/Documents/Microsoft User Data/Entourage Temp
~/Library/Application Support/SyncServices
~/Library/Application Support/MobileSync
~/Library/Caches
~/Library/Calendars/Calendar Cache
~/Library/Logs
~/Library/Mail/AvailableFeeds
~/Library/Mail/Envelope Index
~/Library/Preferences/Macromedia/Flash Player
~/Library/Printers
~/Library/PubSub/Database"
~/Library/PubSub/Downloads
~/Library/PubSub/Feeds
~/Library/Safari/Icons.db
~/Library/Safari/HistoryIndex.sk
~/Library/iTunes/iPhone Software Updates
IMAP-
Exchange-
EWS-
Mac-
~/Library/Application Support/Firefox/Crash Reports
~/Library/Preferences/chc.
~/Library/Application Support/Google/Chrome/Safe Browsing Bloom
zotero/storage
~/Dropbox
~/Desktop
~/Documents
~/Downloads
~/Pictures
~/Music
~/Sites
~/Public
~/Movies
~/Library/Preferences/ByHost
.DS_Store
~/Library/Preferences/com.apple.scheduler.plist
~/Library/Preferences/com.apple.bluetooth.plist
~/Library/Preferences/com.apple.spotlight.plis
~/Library/Preferences/com.apple.systemuiserver.plist
~/Library/Preferences/loginwindow.plist
[/DDET]
We made this change right before the term started, and so far, things have gone well. Programs run MUCH faster, load on the server has been minimal even with 80+ users logged in at once (since they only are connected to the AFP server during syncing). The only problem we’ve really seen, is a bug that seems to exist in 10.6.4 (at least). 10.5.8 works fine, and removes the accounts after the specified 1 hour. So… we’ll see…
Basically, we have things set to remove the user account from the client machine 1 hour after logout. Thing is, this never happens. After filing a bug with Apple (#8499630), I received the response that this may be a known issue, and to check the user account state file (“/var/db/shadow/hash/
Regardless, I’m pretty darn happy with PHDs. Server load has gone down, user accounts are tiny (all but a couple are less than 20MB, so 850 user accounts take less than 7GB). Before with NHDs, quotas were 4GB, and accounts averaged around 2GB in size. And most importantly, the incidence of spinning beach balls have gone to almost zero. As an added benefit, users get a “status” of their login (the syncing window).
So, if you’re using NHDs… may I suggest looking into PHDs. Some people have had a horrible time with them, but I’m starting to wonder if those having issues are syncing a lot more, syncing files they should be excluding. Or using SMB from some non-HFS volume. =/ But, we use Xsan for storage and haven’t had any issue. So, I don’t know. =/
UPDATE: this code properly sets the LastLoginDate to the current date, and results in proper account removal later: /usr/libexec/PlistBuddy -c "Set :LastLoginDate $(date)" /var/db/shadow/hash/$(dscl /Local/Default -read /Users/testaccount GeneratedUID | cut -f2 -d" ").state
UPDATE 2: The following can be installed as a logout hook, and it will properly fix the LastLoginDate.
/usr/libexec/PlistBuddy -c "Set :LastLoginDate $(date)" /var/db/shadow/hash/$(dscl /Local/Default -read /Users/$1 GeneratedUID | cut -f2 -d" ").state