hope I can help some admins with this. It was not easy to figure this out...
1. The share
- For security reasons remove the "User" group from the disks ACL, if you don´t do this every MAC User could see the other shares.
- Use a root folder for the share like D:\MACProfiles.
- Create the share "\\APPLEFS01\MACProfiles"
- On "Advanced Sharing", "Permissions" give Everyone FULL CONTROL.
- Give Browsing rights on the share folder for Authenticated Users or a special AD group.
- After this go to "Share and Storage Management", right-click on the created share and click on "Advanced". Select the "Caching" tab and select "No files or programs from the share are available offline".
2. SMB Server Settings
- Cause MAC OS X Mavericks has problems if SMB V2 or V3 is used on the server, you have to force SMB V1 on the Windows Server. Find attached the Powershell commands to do this.
For WS 2008
Set-SmbServerConfiguration -EnableSMB2Protocol $false
Set-SmbServerConfiguration -EnableSMB1Protocol $true
Restart the server.
For WS 2012
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB2 -Type DWORD -Value 0 -Force
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 1 -Force
3. AD User object profile path for MAC User.
- For MAC Profiles you have to select the home folder, not the profile path in ADUC. I used the IP address cause we are having a mixed domain environment, so its working faster with the profile sync. The path should be like \\10.0.0.10\MACProfiles\MACUser1.
- User should not save APPS on there profile, because the directory depth inside the APPS is very long and this will cause a long sync/check time.
- If a user logoff, he should restart or shutdown the MAC, cause this will close all opened sessions to the server.
- Ports must be opened between the client LAN and the Servers.