I already told you how to change that, albeit rather tersely. In the Univention Management Console edit one of the shares you want to use. Go to the “Options” tab and enable “Export for NFS clients”. Next go to the newly-appearing “NFS” tab and configure it how you want it.
However, that will most likely not help you:
Not entirely correct, but close: the Samba4 LDAP (that’s the Active Directory part you’re talking about) simply doesn’t contain that information. The home directory information is only present in the OpenLDAP part. You can see the difference by running
univention-ldapsearch uid=nfstest (which you already showed me above; this queries the OpenLDAP portion) and
univention-s4search cn=nfstest (this queries the Samba4 LDAP/Active Directory). There’s no easy way to make that information available in the Active Directory as you would have to extend the AD schema first, then tell the S4 Connector (the component synchronizing content between the OpenLDAP and the Samba4 LDAP) how to copy the data etc.
As the information isn’t present, your mac probably generates it automatically from default values (e.g. it simply concatenates the fixed
/home/ with the user’s login name).
Then let’s try to figure out why binding to the OpenLDAP doesn’t work instead because that’s where all the information you need is actually available.
When trying to bind against UCS OpenLDAP you have to keep the following points in mind:
- The OpenLDAP server runs on the non-standard ports 7389 and 7636. 7389 is unencrypted by default but supports encryption via StartTLS. 7636 is always encrypted.
- By default the OpenLDAP server requires authentication before any search can be run. You can turn this off via the UCR variable
ldap/acl/read/anonymous, but I advise against changing it.
- When binding against OpenLDAP, you have to use the full DN of an LDAP object as the user name. We usually have one user account dedicated for binding; I often call it
ldapsearch. It’s full DN might be
uid=ldapsearch,cn=users,dc=mbu-test,dc=intranet, and that’s exactly what I use as the login when configuring a service to connect to an OpenLDAP server.
- The general advice regarding TLS/SSL apply here, too. These are:
- The client (your mac) has to trust the certificate authority (CA) that signed the server’s certificate. UCS (just like Windows-based ADs) has its own CA it uses for signing all server certificates. Therefore you have to tell your mac to trust that CA. You can get the CA certificate from different places, e.g. the UCS Master in
- The host name you configure your client to connect to is checked against the host name contained in the server certificate, and it doesn’t allow for any kind of mistakes. Therefore you really must tell your client to connect to the full-qualified domain name of your LDAP server, e.g.
As you seem to have connection against the Samba4 LDAP working, I assume that you do not have problems with TLS/SSL (meaning step 4 is likely fine already).
If that information isn’t enough for you to figure out how to bind against OpenLDAP, then please show some screenshots of the configuration you’ve tried and corresponding error messages and we’ll try to figure out what’s wrong.