Implementing home folders on a server cluster
The optimal way to use a server cluster to house home folders is to use the "Share sub-directories" or dynamic shares feature. The basic principal behind dynamic file shares is that a single cluster file share resource is created, yet an independent file share is created for every user folder. For example:
- Create a cluster file share resource for each user. In this case, a cluster resource is defined five times for each user under the Z:\Users folder.
- Set NTFS Permissions on the Z:\Users\Username folder to allow only the intended user access the folder.
- Every time a user is created, go to the Z:\Users folder and create the proper folder with permissions. Then use Cluster Administrator to create a file share resource.
- Create a single cluster file share resource to the Z:\Users root folder.
- Give the Everyone group Full Control share-level permissions in Cluster Administrator.
- Using the Parameters tab for the root cluster file share resource, click to select the Share all sub-directories check box.
- Set NTFS permissions on the Z:\Users\Username folder to allow the intended user to access the folder. The Cluster Service account needs to have at least Read permissions. At this point, all folders under Z:\users are automatically shared with the same network permissions as the root share. To add a user when you are using dynamic shares, create a folder under Z:\Users and assign proper NTFS permissions (see step 4). The Cluster service automatically shares the folder.
NOTE: When you perform the following step, you do not hide the directories under a share, only the shares themselves.
- To make the user shares hidden, use the Parameters Tab for the root cluster file share resource, and then click to select the Hide subdirectory shares check box. This action appends "$" to the end of the shares located under Z:\Users\<Username>.
If the sub-directories are shared in a Clustered file share, and there are more than one file share groups within the cluster that use environment variables by username, the following behavior may occur when the groups are brought online on the same physical node. For example, you have drives in each group that have the following folders:
- \\<virtual_server1>\users Drive U: |-- users |-- user1 |-- user2
- \\<virtual_server2>\data Drive Z: |-- data |-- user1 |-- user2
- "net use * \\<virtual_server1>\%username%"
- "net use * \\<virtual_server2>\%username%"
WARN File Share <Data>: SmbpCheckAndBringSubSharesOnline: NetShareAdd failed for subshare <user1>$ Error: 2118.
WARN File Share <Data>: SmbpCheckAndBringSubSharesOnline: NetShareAdd failed for subshare <user2>$ Error: 2118.
C:\err>err 2118 # for decimal 2118 / hex 0x846 NERR_DuplicateShare lmerr.h # /* The name has already been shared. */
- Rename all subfolders under the original share locations to something different so that they will never match
- Do not share sub-directories, and map everything to \\<virtual_server1>\users or to \\<virtual_server2>\data or to both. Then, use NTFS permissions so that the users can only access their own share.
Article ID: 256926 - Last Review: 10/26/2007 18:37:17 - Revision: 3.2
- kbproductlink kbclustering kbenv kbinfo KB256926