Dock coming up empty with mobile account

Similar Messages

• Cannot login with mobile account when server is switched off

  Hello all,
  First of all, my condolences to the Jobs family. 
  OK.  On with my problem.  I apologise in advance if this has been answered before.  I've trawlled through various boards and I can't seem to find an answer.
  I'll try to keep it brief.
  I've set up a mac mini with lion server.  Done all necessary updates.
  I have a lion macbook which is the client.
  On server, created an Open Directory etc..
  I created 2 mobile network accounts on the server.  Set preferences etc..  Added both to workgroup.
  Added the client to the domain in system prefs login options.
  Logged into the 2 accounts on the client.  All working well.  Can see my mounts.  Mobile accounts created successfully and syncing working.
  So, the problem I have is, when I shutdown the server, my mobile accounts on the client disappear.  Also, the login screen states, 'Network accounts are unavailable.'
  I've been looking at this for a week now and it's driving me mad.  I must have missed something - can anyone shed any light on this please?
  With thanks, Paul.

  oh well - gave up and reinstalled lion server.
  GROAN!

• ICal Problem with Mobile Account/Home and where are the calendars stored

  I am using MacMinis in an office with my MacPro SnowLeopard Server running LDAP with NetworkHome accounts. Almost everything works except this ical is driving me nuts.
  The problem is iCals don't sync with the NetworkHome. When I look in usr/library/calendars a new calendar appears there but it won't sync on to a different machine.
  What is even more frusterating, if I disconnect the server so I am just logging in locally, I can delete all the calanders in usr/library/calendars, but when I log back in the calendars just re-appear. So where else is ical storing calendar information?
  thanks
  jake

  where else is ical storing calendar information?
  in a folder in usr/library/syncservices/local. You will have to look in the clientname.txt file in each of the folders to find which one is for iCal.
  AK

• AD mobile account with local home directory

  I basically have the same question as this post:
  http://discussions.apple.com/message.jspa?messageID=696367
  I have set up Tiger workstations to authenticate to AD, I am forcing a local home dir. Everything works great. I want to do the same thing for Tiger laptop users with mobile accounts. The problem is that OS X creates a second home directory outside of /Users based on attributes from my AD schema. Just like with the non-mobile users, I want to ignore all home dir attributes from AD and just use the user's home dir that is in /Users. So the question is, how can you use a mobile account and force a local home dir with Apple's AD plugin??????

  Yes, I know how to click buttons in the gui, that does not fix the issue. The issue is that the Active Directory schema at my company includes extended attributes from the RFC 2307 schema. Apple's AD plugin does not know how to handle this extended schema especially when using mobile accounts.
  Apple's AD plugin reads these unix attributes from AD and thinks it knows what to do but ends up causing more problems then if there were no unix attributes at all.
  Since this post, I have opened a ticket with Apple. They were able to recreate the problem in their lab with their AD server. The only work around is to create a custom ActiveDirectory.plist file that forces the Mac to ignore what AD is telling it.
  This solution works unless the ActiveDirectory.plist file is deleted or corrupted. This problem will only become worse once Microsoft includes all of the RFC 2307 schema in their next service pack of Win 2003 server.

• Mobile accounts: Only sync with specific computers?

  Is it possible to have a mobile account sync with the local computers only on selected machines?
  Most of my users have a computer in their own offices, and I want those to be synched (and it works well with mobile accounts).
  But when they go the labs, I don't want all their data (possibly a lot) to be copied, and if they could then behave as network accounts it would perfect.
  Is it possible?

  if you configure mobile prefs to popup a dialog to confirm creating a mobile account on new machines, train them to choose "no," and they'll login with network homes on other machines.

• Best way to handle mobile accounts with large itunes/photo libraries

  What is the best way to handle mobile accounts, but not syncing itunes/photos libraries?
  I have a time capsule so I can move itunes and photos libraries for each user if need be.
  Thanks!

  Hi,
  I've done a great deal of work with mobile accounts in Snow Leopard and I'm now having a "play" with Lion. To be honest you have to sit down and think about why you need mobile accounts.
  If your user only uses one computer then your safer having a local account backed up by a network Time Machine, this avoids the many many woes that the Servers FileSyncAgent brings to the table.
  If your users are going to be accessing multiple computers on the network and leaving the network then a mobile account is good for providing a uniform user experience and access to files etc. However, your users will have to make a choice as to whether they want their iPhoto libraries on one Local machine (backed up by Time Machine) or whether they want their library to be hosted on the server and not part of the Mobile Home Sync schedule (adding ~/Pictures to the excluded items on the home sync settings).
  With the latter, users will be able to access their iPhoto libraries on any computer when they are within the network (as it's accessed from the users server home folder).
  With the first option the user would have their iPhoto library on one computer (say the laptop they used the most) but then would not be able to access it from other computers they log on to.
  iPhoto libraries are a pain, and I'm working hard to come up with a workaround. If your users moved over to using Apeture then you could include the aperture library as part of the home sync thanks to Deeport (http://deepport.net/archives/os-x-portable-home-directories-and-syncing-flaw-wit h-bundles/)
  He does suggest that the same would work with IPhoto libraries - but it doesn't for a number of mysterious reasons regarding how the OS recognizes thie iPhoto bundle (it does so differently compared to Apeture).
  Hope this helps...

• Make mobile account with admin permissions without administrator INFO...

  How do you bypass the admin permissions with mobile account? How do you make mobile account unlock things? You do you do the secret and rare system administrator login screen, where it says up on the top System Administrator, where nothing would be there? How to force your computer to go to single user mode, not command s or apple s, because that doesn't work for me? How do enable isight -camera without no admin password, no terminal? Is there extension for mac so that it will run and unlock things or open programs without administrator permissions? I need something that will UNLOCK MY macbook, please help. Where can I download password reset.APP for free that comes in the mac os x leopard disc? Thanks for the help...

  Why don't you just use your OS X install disc? It has a password reset utility on it.

• Mobile account rules are still being ignored!

  We've been running Tiger server for a couple years in combination with mobile accounts for some years now, mostly without significant problems. Since the introduction with Leopard it started giving problems: all rules in the WGM mobile account setup are ignored, it simply syncs the COMPLETE home folder of all Leopard clients. We are a 'music for picture' company, clients have large iTunes libraries and their /Movie folders are also pretty filled up, so data management became really problematic.
  I figured that upgrading to Leopard server would solve this problem, so I bought a copy and started testing on a spare Mini Mac. And to my surprise the problem is still there! Syncing a mobile account from a Tiger client is fine, all rules are followed but with Leopard clients the problem still remains.
  So what does a proper system administrator do? It starts collecting information from the internet and asks colleagues in the field what their experience is. It comes down (after a few days of research and testing) that I can't find the solution!
  My test system:
  Mini Mac with Leopard server 10.5.6
  Macbook with Leopard client 10.5.6 as a test machine
  iMac with Tiger 10.4.11 as test machine
  - I create a user in WGM
  - I create a group in WGM and give it the proper preferences for syncing
  - I assign the user to the group
  - I make myself a cup of tea and take a deep breath
  - login as the new user and start testing
  What I've tried so far to solve it:
  - turned around the 'what-to-sync': instead of syncing the home folder (~/) and make rules, I setup exactly what it should sync and no rules. Didn't work, still syncs complete home folder
  - delete sync prefs on client machine (/Library/Managed Preferences and .FileSync in home/network folder) restart and login again
  - instead of Full Path rules, I've tried to use 'Name' and others. Same problem.
  - went to WGM --> Group --> Preferences --> Details and added System/Library/CoreServices/ManagedClient. Edited the com.apple.homeSync so it should work. It didn't.
  - started all over again, didn't work.
  It still syncs the complete home folder and does not listen to any rule whatsoever. Is there anyone that has any idea what can solve this? Where about to upgrade to a new server with Leopard and I need the mobile accounts for my clients.
  Thnx!
  Aux

  I usually enable this on Computer Groups or the Guest Computer account rather than via workgroups. I don't know if that somehow makes a difference. May be worth switching to this to see if the problems miraculously go away.
  Have you enabled the server-side tracking feature in Leopard Server?
  You can run the following command for diagnostic purposes:
  mcxquery -o <path to where you want it to go>/mcx_export.txt -format xml -user <username> -group <groupname>
  You can look at that to see if the Server is doing its job of delivering the MCX correctly to the client for the user and group.

• Mobile Accounts not copying home folders to local machine

  Having recently upgraded my MacBook to 10.5 (and having a 10.5 server) I have noticed an error with mobile accounts. My account has not synced for a couple of weeks and I have checked all the directory settings and cannot see any errors.
  I've removed all directory services and rebooted, put them back and it will create a mobile account but nothing is being copied to the local hdd. So basically it is functioning like a network account rather than a mobile one.
  This works fine on our 10.4 clients but having tried different users on my 10.5 system it does the same....creates the account, mounts the server but does nothing else.
  This means when you sync it says its complete but does nothing...its like its lost permissions to the folder on the server but that seems very odd.
  Anyone else had issues with 10.5? We have an AD server with our users and a 10.5 server with OD replicating AD and holding the home folders.

  Are you still ahving this issue?
  Would you do like geekinit in this thread and post some partial screen grabs (although is problem included Windows server Active Directory and profile Manager which I will get up to soon.)
  Unable to deploy home folder mobility settings through an Apple MDM server
  Did you create a fileshare for Local Network accounts to put their stuff
  If so where is OS X server?
  Did you tell the user in OD to use that fileshare?
  Here's a screen grab example
  Francois.

• Mobile Account Sync inherently broken?

  Hey guys I've got a setup with 2008 R2 servers running active directory domain services and distributed file system. I've got all of my macs bound to the directory for network authentication and local user login with mobile accounts being created on login. We've been having some really poor performance with the sync, it will simply stop syncing and provide no warning to the user. I've also noticed files becoming "hidden". Anyone else experience this or have a better way to set up?

  also, check ~/Library/Logs/FileSync/FileSyncAgent-Verbose.log and logs in ~/Library/Logs/FileSyncAgent/ on the client and/or server homedir.

• Mobile account disabled unable to re-enable

  First some background. We have an Open Directory Master setup on Snow Leopard Server 10.6.2. I have a default password policy of 5 attempts and the user account is locked out. I am in the process of binding Snow Leopard clients to Open Directory. All of my users are on laptops so I was setting them up with mobile accounts. First I would bind the machine to Open Directory, then I would have the user login with their network user account. Next using System Preferences I would convert the currently logged in network user account to a mobile account. I assumed I needed to do this so the user would be able to login to their machine while the server was unavailable.
  My issue is that the using a second machine the user locked out their account. I re-enabled the account in WGM, but the user cannot get into their laptop. I use WGM to view the local directory and it show the local cached account as disabled. Unfortunately there is no way using the GUI to re-enable the cached local account. Also using dscl I see that AuthenticationAuthority has ;DisabledUser; as the first value before LocalCachedUser.
  It seems I don't fully understand how mobile accounts work. I assumed that a cached version of the account would be created on the client machine for use when the Directory Server was unavailable. I thought that when the Directory Server was available that it would take precedence over the cached copy. Is this not how it works?
  Also my attempts do edit the user account using dscl to remove the ;DisabledUser; value were not successful. Is there an easy way to re-enable this account?

  Mr Beardsley wrote:
  I think what happens, at least in our office is that after the 24 hour period for Kerberos people will have to enter their password again for things like iCal, iChat, etc. If they mistype their password, and save it in keychain, I think it can rapid fire try to authenticate many times without any visual feedback and lock out the account. Reactivating in workgroup manager handles the account in OD, but unfortunately the local copy of mobile user account doesn't see or honor that the account has been reactivated on the server.
  I was doing the same thing as you deleting the mobile user account on the system, but that was getting to be a pain as I would have to remake the mobile user account and the user would lose their picture every time. After I discovered the pwpolicy command I have tested it several times and deleting the user account is no longer necessary. Just re-enable the account in OD, then run the command I put above to re-enable on the client.
  What I would love to see happen is that the client machine check with OD to see if the account is enabled/disabled then update itself to be in the some condition. Until then it's running a command on the client to get the account working again.
  Mr. B,
  I think you're right about all of this. I'm experiencing this too with only one mobile user. This user is in a different office all week. Then on Fridays he's here at our HQ. His laptop is set to sync every 3 hours. For some reason it is at this syncing stage that his account becomes disabled. I think the HomeSync function may be requesting a password that the user is entering incorrectly because they get confused as to what password to enter. I'm not sure if they are entering incorrectly once, 3 times, 10 times or what. They are frustrated and so am I.
  However, the pwpolicy command you provided DOES re-enable their local mobile account and it is available after restarting. So thanks for that!
  We have several different passwords that for any given user (SLS network account, file-server, email, plus their keychain password).
  Anyone have a tried & tested "user-friendly solution" to keeping these all in sync after our 2-month password expiration?

• Mixing mobile account and network account.

  Is it possible to have mobile account on some computers and network account on others and having the same user logging in (only one login at a time) without sync issues ?
  I have tested it with account preferences set on computers and it is working nice until I have been logged in on a computer with networked account, then I experience sync issues. Every time I log in mobile account I got a dialog window asking me to select "Sync Later" , "Mobile" or "Networked". It does not matter what I select, the dialog comes back everytime I log off and on with the mobile account. I have only managed get rid of it by deleting mobile account and sync it again.
  Message was edited by: kenguru

  Again, thanks for taking your time explaining this for me.
  After been reading the User Management documentation from apple about Managing Portable Computers (Chapter 8), I got the opposite impression about running Mobile Account on multiple computers. From this text, as I read it, it is a common thing to do, as long as we are aware of sync issues that might occur and know how we shall deal with it.
  So I'm a little confused about this topics, as it seem to make sense what you are saying, but the documentation says something different.
  I have tried setting sync preferences on the user instead, so that every login is made with a mobile account on every computer. That seems to work ok. Off course sync issues may arise, but here the the file sync can be fixed through the dialogs windows that pops up. Unlike under the mix of network logins and mobile account logins where it doesn't matter which location I set to be the place containing the most recent files. This only occurs after a network account login. If I have been logged on another computer set up with mobile account everything syncs nicely. I think
  So for now, I think I will stick with setting up users with mobile account preferences and skip the networked account.
  Does this make any sense or am I still mistaking here?
  Ok, thanks for all you help.
  Bernt

• Mobile account no longer syncs since 10.6.7 client update ??

  My mobile account no longer connects and syncs to our network samba store since upgrading to 10.6.7 (client)
  This is no fun
  29/03/2011 09:59:33 com.apple.coreservicesd[73] NOTE: Using non-mach-based version of client -> server communication, via direct function calls.
  29/03/2011 09:59:33 com.apple.coreservicesd[73] NOTE: Using non-mach-based version of client -> server communication, via direct function calls.
  29/03/2011 09:59:33 /usr/libexec/mount_url[3787] smb_mount: mount failed to myserver.com/myusername : syserr = Authentication error
  29/03/2011 09:59:34 /System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthAgent[3788] smb_mount: mount failed to myserver.com/myusername : syserr = Authentication error
  29/03/2011 09:59:34 /System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthAgent[3788] smb_mount: mount failed to myserver.com/myusername : syserr = Authentication error

  Hi welly
  I just got a similar issue and possibly found a (really ugly) workaround.
  My Mobile Clients do their initial sync fine, also background sync worked as expected. I ran into troubles as soon as I tried to sync manually. And the logout syncs didn't work at all. The issue only occured on third party smb servers, afp currently works fine for me with the same configuration.
  Additionally the poor clients desperately try to connect to the network home again and again and again and thus cause a lot of very ugly traffic on the network.
  I kind of "solved" this as I realized that other shares from the same server are mounted on the machines as well. I unmounted them with the Finder and suddenly all the syncs worked like a charm..
  I'm really curious if this is a newly introduced bug with 10.6.7 or 10.6.6, I had machines with 10.6.5 (or was it 10.6.4?) properly running with mobile accounts in the same setup.
  Here are my error messages from system.log
  Jun 21 15:02:36 machinename gssd-agent[403]: Error returned by svc_mach_gss_init_sec_context:
  Jun 21 15:02:36 machinename gssd-agent[403]:           Major error = 851968: Unspecified GSS failure.  Minor code may provide more information
  Jun 21 15:02:36 machinename gssd-agent[403]:           Minor error = 100005:
  Jun 21 15:02:36 machinename /System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthAgent[402]: smb_mount: mount failed to serverfqdn/home$ : syserr = Authentication error
  Jun 21 15:02:36 machinename gssd-agent[403]: Error returned by svc_mach_gss_init_sec_context:
  Jun 21 15:02:36 machinename gssd-agent[403]:           Major error = 851968: Unspecified GSS failure.  Minor code may provide more information
  Jun 21 15:02:36 machinename gssd-agent[403]:           Minor error = 100005:
  Cheers
  See

• Mobile account folders failing to sync

  Hello All,
  Having a strange problem with syncing mobile folders on our Mac clients.
  We are running an OSX server with Mountain Lion that has open directory on it and this essentially just validates with our Windows domain controller that is using active directory. All of our Mac clients are running Snow Leopard and everything seems to be operating swimmingly except for one issue…
  We have mobile accounts set up, so that users can gain access to their Windows based ‘my documents’, ‘my music’ and ‘my pictures’ folders. Everything seems to sync fine except that sometimes when users try to log off, or try to sync their data manually, the process fails. It will either claim that username/password details could not be validated then hang, or it will say that the user’s password has expired and lock them out of their accounts (which we then need to unlock in Active Directory). 
  After checking the logs on the client machines there are a couple of noteworthy errors:
  SMB_Mount – Mount failed to SMB://Storageserver.co.uk/staff$ - syserr = Authentication error
  And
  SMB_Mount – Mount failed to SMB://Storageserver.co.uk/staff$ - syserr = Unknown Error -5999
  It seems to be very random and inconsistent as users can go a week or so without the problem occurring, and then have it happen twice in an hour. Has anyone experienced any issues with mobile accounts syncing?

  Address sync with google inly works with 10.6

• Mobile Account Newbie, Small issue

  Hi all,
  Apologies if this isn't the right place to post this but i'll explain a little about my issue. If there is somewhere better i should post these style issues please advise.
  I have several iMac's in an Active Directory Environment with mobile accounts, i set this up myself
  now my problem is my home folder for the mac's is shared with my Active Directory Home Folder. This basically means that my windows desktop has all the things on my mac desktop and vice versa.
  When i log into a windows box all is well, when i log into a mac box i get two annoying windows files that i know i shouldn't delete but want to so bad, is there a way i can make them hidden, or another way of setting it up so they don't appear
  the two files are desktop.ini and the folder $RECYCLE.BIN
  i am a complete novice, i know when i was at uni they didn't appear, i also don't have an osx server (wish i did) and i know uni did, maybe thats the prob
  anyway thats enough of me rambling, any help greatly appreciated
  cheers in advance guys+gals
  Tim

  Have you tried using the SetFile terminal command?
  You may have to install the Dev tools on a box, and pull it out from the /bin directory (I think), and copy it to your /bin directory
  SetFile -a V <filefullpath>
  Should do the trick (Set file "attribute" "Visible") toggles it on and off in the finder view, but doesn't get rid of it.
  Just a thought
  Philip J Doll III
  Information Processing Consultant
  UWSMPH - Pediatrics