cancel
Showing results for 
Search instead for 
Did you mean: 

User's home directory

danr_
New Contributor

User's home directory

I have a windows access file policy to populate a directory for users to connect to shares on our network. I am having a problem with the policy for user's personal share directory using Active Directory (Native mode): \\server\home\username

I need a variable for the username so the authenticated user will have access to their own directory.

I tried this: \\server\home\<user> but it does not work because the domain is included with the username. The user log shows:

\\server\home\domain\username\ which is not correct.

Is this only possible to come up with the correct variable using LDAP authentication? OR is there a variable that returns only the username for AD?

Thanks,

21 REPLIES 21
muttbarker_
Valued Contributor

Re: User's home directory

Dan - when using AD the value <user> returns both domain/user - if you use the value <username> it will return user only and should also work just fine with LDAP.

This should do it - let me know if it does not. If it works please flag this as solved so others can learn!

Thanks

gamer004_
Contributor

Re: User's home directory

You should use the <Homedir> variable from the user settings in your AD. Setup an LDAP type AD server as an autorisation server.Match your <user> string to the samAccountname e.g. John or to userPrincipalName e.g. john@mynet.local

Use \\<userAttr.homeDirectory>\ in your role under file access.

So, when John's account in AD states his homedir is on \\server001\users\john the IVE will publish exactly this variable.

Frank

imtravis_
Contributor

Re: User's home directory

We've setup our User directories with the following path, and it seems to work:

\\dfsdomain\DFS\Root\User\<USERNAME>

This is assigned to all users, and they'll end up with a link to their "User" drive. This has been working for us since 3.x days of IVEOS.

SonicBoom_
Regular Contributor

Re: User's home directory

im having a similar issue and am wondering if the <Homedir> value described by gamer004 would work best when groups of users have their home directories on several different servers
rdit_
Regular Contributor

Re: User's home directory

is it possible to use variables when not connection via LDAP?

for example my userhome is like that: \\server\home\Jason

but I connect to the IVE via the user Jason@token.

when I use a variable <user> in this bookmark, the access-log shows me that he tries to open \\server\home\Jason@token, which does not exist.

any possibility to cut that "@token" away or something like that to get that running?

regards

123go_
Contributor

Re: User's home directory

To see what variables are available you can run a policy tracing with:

Pre-Authentication Authentication Role Mapping

It will show all the variables name/values pair that you can use in Resource Profiles, Resource Policies, Role Maping...

For example (using AD auth):

Variable user = "MYDOMAIN\user1"

Variable userName = "user1"

Variable ntdomain = "MYDOMAIN"

Variable ntuser = "user1"

etc...

Available variables will depend on the authentication type (Radius, LDAP, AD, Certificate). You will just get a lot more choices of variables if you do LDAP or Radius (userAttr.xxx) for authentication or authorisation.

To use the variable, include the variable name between <> like this: <userName> and it will be replaced by its value when evaluating the policy.

It is not possible to perform any manipulation on variable values (like truncating after the @ sign).

rdit_
Regular Contributor

Re: User's home directory

hmm well then i cant solve this problem and need to make a bookmark with the root folder \\server\home\ where anyone has to browse for his userhome-directory.

cause i do not allow ldap authentication from external, only rsa with token.

muttbarker_
Valued Contributor

Re: User's home directory

I understand that you have a need for authentication via RSA but why not seperate out the "authorization" side. Do your authentication via AD and then do your authorization via LDAP.

rdit_
Regular Contributor

Re: User's home directory

you mean by using multiple authentication-servers? or how would you do this?