Local homes, dual directory, logins

Similar Messages

• Network user can't see local home directory

  Hi there,
  I have a Mac Mini running Lion Server with Directory Services turned on. I've been using this to allow network users to log into Lion clients, as well as set up mobile accounts. This has been working fine.
  Now I've just created a new network user for use with a Mountain Lion client and have experienced some strangeness with this new user's home directory. The binding to the directory was fine, and the credentials for the network user were fine. However, when logged in, this new user has his home drive mapped to /Network/Servers/<servername>/Users/<username> rather than the expected /Users/<username>. This has bad side-effects. For instance, Chrome tries to save downloads to the server instead of locally.
  What I can't work out is why the home directory isn't pointing to a local location. The other users (on Lion) have the same home directories defined in their Open  Directory profiles. The only difference is the new user is on Mountain Lion, but I don't think this has any bearing to the problem.
  Can anyone offer some advice?
  Benjamin

  So I took my Mac Mini running OS X 10.8 Server, along with two client laptops: one exhibiting the problem I described, and the other where network logins and home directories worked as intended.
  Long story short, the guys at the Bar couldn't figure it out. The user definitions in Open Directory seemed ok, but they still couldn't work out why no local home directories were being created. Not sure if this helps, but in trouble-shooting, we also discovered that trying to login with a network user on the problematic laptop didn't work when the server wasn't on the network. It's as if the server is required to be present.
  Anyway, the case has been referred to the business team, which is supposed to have more expertise with OS X Server.

• LDAP with local home directory?

  Greetings.
  I'm trying to configure the Macs to authenticate based off of the LDAP server. I'm pretty sure I've got that part working, but I'm running into difficulty figuring out how to specify using a local home directory template rather than an NFS / AFP portable home directory. All the guides on the internet out there seem to want to use NFS, which we don't have setup (and don't intend to).
  Based on instructions of various texts, manuals, and blogs, I've created a user account called "labuser", and a group called "users", and then given any member of the group "users" write-access to the folder /Users/labuser. This way they login to a default home directory (at least for now). What information do i specify for LDAP's "apple-user-homeDirectory" entry to make it look for this /Users/labuser folder rather than an NFS share?

  So basically I should add C:\Documents and Settings instead of /Users for windows accounts?
  Because if I don't specify anything it creates a roaming profile on the windows machine, and puts the user directory both on the windows machine and a copy on the server under /Users/Profiles. Or at least is what is doing now... so I manually have to change the profile to local on the windows machine and delete the folder on the server...

• AD mobile account with local home directory

  I basically have the same question as this post:
  http://discussions.apple.com/message.jspa?messageID=696367
  I have set up Tiger workstations to authenticate to AD, I am forcing a local home dir. Everything works great. I want to do the same thing for Tiger laptop users with mobile accounts. The problem is that OS X creates a second home directory outside of /Users based on attributes from my AD schema. Just like with the non-mobile users, I want to ignore all home dir attributes from AD and just use the user's home dir that is in /Users. So the question is, how can you use a mobile account and force a local home dir with Apple's AD plugin??????

  Yes, I know how to click buttons in the gui, that does not fix the issue. The issue is that the Active Directory schema at my company includes extended attributes from the RFC 2307 schema. Apple's AD plugin does not know how to handle this extended schema especially when using mobile accounts.
  Apple's AD plugin reads these unix attributes from AD and thinks it knows what to do but ends up causing more problems then if there were no unix attributes at all.
  Since this post, I have opened a ticket with Apple. They were able to recreate the problem in their lab with their AD server. The only work around is to create a custom ActiveDirectory.plist file that forces the Mac to ignore what AD is telling it.
  This solution works unless the ActiveDirectory.plist file is deleted or corrupted. This problem will only become worse once Microsoft includes all of the RFC 2307 schema in their next service pack of Win 2003 server.

• Script to remove local home directory after sync

  Does anyone have a good script to clear (periodically) the local home folders created by mobile accounts for sync ?
  There is one mentioned in John DeTroye's overview of Tiger server v12.1, by Steve Hayman, but I'm having trouble running it via ARD.
  Thanks

  I'm doing this for 2 reasons:
  - as a scripting exercise
  - because the local repo is a shared wordpress mess and people forget to make commits so I'd like a local backup that includes all changes that may not be in github (sadly).
  Anyhow, thanks for the input about trap, I'm definitely confused by it's use at this point but have reworked the script without it.
  #!/bin/sh
  set -e #Exit on any error.
  TIME=`date +"%m.%d.%Y@%H:%M:%S"` # Define the TIME variable as today's date and time.
  MONTH=`date +"%b"` # Define MONTH as today's month.
  FILENAME="backup-$TIME.tar.gz" # Define the filename structure.
  SRCDIR="/stuff" # Define folder to backup.
  DESDIR="/Backup/$MONTH/" # Define the backup folder location.
  LOGFILE="$DESDIR/backup-$TIME.log" # Store the output in a log.
  REMOTE=$(git ls-remote -h origin master | awk '{print $1}') # Get commit hash from head of remote master repo (github)
  LOCAL=$(git rev-parse HEAD) # Get commit hash from head of server repo (dev/test)
  if [[ $LOCAL == $REMOTE ]]; then # If the hashes match
  echo "No update required." >> $LOGFILE # Then no pull is needed
  else # If the hashes don't match then prepare to run our backup
  mkdir -p $DESDIR # Create our directory if it doesn't exist.
  echo "Backup started for "$TIME >> $LOGFILE # Make it log what it's doing.
  tar -cpzf $DESDIR/$FILENAME $SRCDIR >> $LOGFILE 2>&1 # Perform the backup.
  echo "Backup Finished for "$TIME >> $LOGFILE # Log that it's finished.
  echo "Preparing for git pull " >> $LOGFILE #Log what we're doing.
  cd /stuff >> $LOGFILE 2>&1 # Make sure we're in our repo directory
  git pull >> $LOGFILE 2>&1
  echo "Git pull completed successfully. " >> $LOGFILE
  mail -s "Backup log `date`" [email protected] < $LOGFILE # Email the output to me.
  fi

• 10.4.x and Active Directory Logins - mobile accounts

  Managing 10.4.x workstations and trying to get AD logins to work using OS X AD plugin set to "create mobile home" and "Force local home directory".
  AD user accounts get stuck at the login window. The user name and password field are greyed out and the computer sits like that for a long time. Computer responds when pressing the power button to restart, shutdown, sleep, or cancel.
  Console reads: automount 174: can't mount server name .... invalid argument (22) over and over
  tried setting automount in /etc/hostconfig to NO and that just keeps returning the "unable to login as user .... afp/smb error"
  If the AD plug in is cofigured with out the "create mobile home" and "force local home directory" checked, the AD user can log in with a true network home directory.
  Seems like the login doesn't work when it's set to create a mobile home and mount the users network folder in the dock.
  Clients are Mac 10.4.9 + / WIndows/Active Directory 2003 / OS 10.4 server for management purposes.
  any ideas?

  my apologies.... posted this question in the wrong forum. will repost.

• Active Directory logins - mobile accounts

  Managing 10.4.x workstations and trying to get AD logins to work using OS X AD plugin set to "create mobile home" and "Force local home directory".
  AD user accounts get stuck at the login window. The user name and password field are greyed out and the computer sits like that for a long time. Computer responds when pressing the power button to restart, shutdown, sleep, or cancel.
  Console reads: automount 174: can't mount server name .... invalid argument (22) over and over
  tried setting automount in /etc/hostconfig to NO and that just keeps returning the "unable to login as user .... afp/smb error"
  If the AD plug in is cofigured with out the "create mobile home" and "force local home directory" checked, the AD user can log in with a true network home directory.
  Seems like the login doesn't work when it's set to create a mobile home and mount the users network folder in the dock.
  Clients are Mac 10.4.9 + / WIndows/Active Directory 2003 / OS 10.4 server for management purposes.
  any ideas?

  my apologies.... posted this question in the wrong forum. will repost.

• ARD and Directory logins

  I have configured the systems on the our floor to use directory logins with my Open Directory server. They are showing up in the Remote Desktop Admin program as "Access Denied" when I use any OD account that is part of the ard_admin group however I have no issues connecting to the end stations with Control or Observe.
  The only way to see the Current Status, Current User, Current Application etc is if I use the local admin account.
  This poses a big problem, as I can not push down Unix commands, copy commands or even chat as the main admin program thinks that I don't have access.
  Has anyone run into a issue such as this?
  I enabled the Directory Login feature via Work Group Manager & via the kickstart command.
  My end stations are 10.6.1 with ARD version 3.3.1
  My ARD Admin tool is 3.3 (451.15)

  I don't have any experience with ARD 3 yet, but I found this on Google. See the section on "How Remote Desktop Relies on User Accounts"
  http://www.informit.com/articles/article.asp?p=602974&seqNum=2&rl=1

• Disabling local home directories breaks the software update

  Hello,
  I have my mac authenticating to a win2003 server and have disabled the local home directories but now the software update gives an error when it tries to download to the networked home directory library...etc....I have checked and rechecked the permissions... has anyone else had this problem?
  All suggestions welcome.
  Thanks
  Lori

  Well, after several hours on the phone, I'm convinced that somehow my ISP is blocking the Software Update address. Soft. Update works when I connect to other networks.
  I asked Apple for the address that Software Update is trying to connect to, but they wouldn't give it to me. Privacy and Security issues for them, apparently. Consequently, I don't have a web address to Ping. That was a good idea , though. My ISP couldn't seem to help me. So, at this point I'm not sure what else I can do except...
  In a month, my satellite internet provider is sending a stand alone sat-modem that I'm going to use instead of the set up I have now: involving a USB modem and sharing the internet connection through a specific computer that always has to be on and connected. (the satellite internet is a "one way" system that uses dial-up for the uplink and comes high-speed back down through the satellite) This new modem will serve as the dial up modem and also has two ethernet connections so I can send one directly to my router and the other to my wired desktop. I hope by taking the host computer out of the equation I'll also solve this issue. Who knows.
  Anyway, thanks for the info. I appreciate your feedback and if you have any other ideas, I'd love to see them.
  ben kaufmann

• Local home directories vs network home directories?

  We have an existing linux server which handles web, ftp, dhcp and email for our design group. I am planning the integration of a new mac os x server to handle shared work folders, client archives, shared resources (stock images etc) with eSATA raids as a fail over back up. I have been doing a lot of reading and research, but have not arrived at a best solution for local vs network homes. Our users never connect from another mac workstation, and so utilize a number of iLife content mgmt apps. They all have large personal photo libraries, music libraries etc on their workstations. In addition, many of our projects involve working on extremely large photoshop files, video files etc. I am leaning towards leaving these users as local homes as there is concern over performance on the network. Pros? Cons? am open to any input before establishing final plans for osx server services.
  Network is cat 5e ethernet with 3 gigabit switches (one on each floor of a 3 storey building with an uplink between ea floor)
  more macs than I can list   Mac OS X (10.4.8)  

  Is the local home with synchronization of
  selected folders a variant of mobile home? or mobile
  user? (newbie osx server admin, still digesting the
  apple manuals!!
  Ok what I believe your asking is can you sync your portable home directory ~/shortname to the Server /HomeDir/shortname and ignore the lets say ~/shortname/Pictures or Music Directory? Since you only want Work related files on the Server and only have to backup 1 big user directory with only work related file on the server? Well the answers is a big YES .
  What is required takes a bit to setup. Heres a quick list of things to do and that need to be in place for it to all work smooth.
  1. OS X Server Software with OD/LDAP setup 10.4.3 or higher!
  2. All Client 10.4.3 or higher and binded to the OD/LDAP Server.
  3. Setup Workgroup Admin/Preferences Management. You can set rules for a Group or individual Users. Groups being the preferred way. In here you can set the Path to the Files & Folders to ignore during the Sync. You can do lots of other MCX Managed client settings here and if your OD/bind is good it works great.
  4. You'd have to move stuff around on the Local units i.e. ~/oldfiles to New ~/shortname which will be created. There a few way to do this and hold Permissions and all that just read about Mobile homes more. Think of it as a Laptop connecting for the first time to a binded OD server. Lots of folks have different ways.
  My clients also work with Large files (PS, ID, ai) and a network home was a bit of a pain. To be honest it's not the large files that get you it was the BS cache files that slow it all down. There are now work arounds for the performance hit but took time for the community to figure it all out. I had them in 10.3 working on files in the /Users/Shared/ directory and moving finished work back to the server after.
  10.4 has been the saviour of my sanity with mobile homes. Servers Fast Clients Fast, I have full control of clients (<--admin god complex), and all lived happily ever after... for the most part.

• Portable Home Directories and Login Hooks

  We recently switched from Network Home Directories to Portable Home Directories. We used to use login hooks to do all kinds of nifty things to a user's home folder at login, but now it's complicated. I can't figure out at what point in the login+sync process the login hook executes.
  If the login hook executes before syncing, then I need to modify the network copy of the home folder, i.e. Network/Servers/servername/.../username. If the login hook executes after syncing, then I need to modify the local copy of the home folder, i.e. /Users/username. Unless I'm mistaken, you can't just use the tilde (~) in the script to denote the path the home folder, so you have to list the path explicitly.
  My testing seemed to result in inconsistent behavior. Can anyone give me some guidance?
  (Keywords: Loginhook Logouthook Login Script Logout Script Mobility Mobile PHD)

  Thank you for the advice, Syth, but I'm already aware of the basics of writing and implementing login and logout hooks. I wrote a lot of them when we were using Network Home Directories. The root of my question has to do with Portable Home Directories and login hooks.
  This is a computer lab environment where every user has their own account, network home folder, and "Mobility" preferences set in Workgroup Manager. When a user logs into a lab computer, syncing kicks in and they work from a local copy of their home folder which then syncs to the server at login and logout.
  So the core question is: Do login and logout hooks execute before or after login/logout home syncing occurs?
  For example, if a user with a brand new network account, i.e. who doesn't even have a network home yet, logs into a computer, what's the order of events? I would hope it would be:
  1) server creates network home
  2) computer creates local home, i.e. syncs
  3) login hook executes
  But my testing has been inconsistent. Anyone have any experience or insights to share?

• Network accounts with local home folders

  First of all sorry for my bad english.
  I want to obtain network accounts with local home folders.
  I have found this post very interesting to solve my problem.
  http://discussions.apple.com/message.jspa?messageID=2140595#2140595
  Following this indications I have obtained it but I dont see the Public folder of any home folder from the network.
  How I can solve this? I must share the Public folders manually? How? I have proven with SharePoints 3.5.4 and I have not obtained it.
  Thanks
  iMac Intel Core Duo   Mac OS X (10.4.6)  

  Hi
  Clients should be bound to Open Directory and be using the OD Master for their DNS. Launch WorkGroup Manager and authenticate to the LDAP node. If you have only a few Users you can do it at that Level if hundreds do it at Group Level. Select Preferences > Mobility. It's fairly obvious thereafter.
  After the home folder has been created you can make that account a local administrator if you wish.
  This assumes the Server has been configured as Advanced. Please don't take this advice if you've used anything else.
  Tony

• Change Network Home Folder to Local Home Folders

  Hello and Thanks in advance for your help.
  I created a mac network in our school this year. This is used for a video editing lab of 14 iMac's. I used a Mac Xserver with Server 10.5.7 on it and my clients are also 10.5.7. I upgraded my server hard drives to three 1TB hard drives in RAID 0 array. I created my users and decided to use true network homes so the students could use any mac in the lab at any given time. The Server has two Gigabit connections to it. This setup works great until you get more than 5 users at one time importing and editing videos. I believe the servers Hard Drives could not keep up with the data streams for multiple users and video editing.
  What is the easiest way to switch the students network home folders to local home folders on the iMacs? I tried it with a dummy account that I've been using from the beginning but when I try to change the mobility preferences in WGM to create a mobile account at login and use default syncing I get 2 different error messages.
  Either error while saving 14006 Or Error while saving 14084
  Sometimes an error about DSutil.cp line 712 comes up as well.
  Is it possible to have the students current Network Home folders sync to a local iMac and then switch them to use local home folders only? I'm trying to keep the students from losing the last few weeks of work.
  Should I try to use the create mobile account on the actual iMac instead of in WGM on the server?
  Thanks again,
  Mitch

  Thanks for the info Tony.
  Just for other people who are looking for answers to this problem I'll give my specifics.
  14 iMac workstations
  1 XServe server upgraded w/ 3 1TB WD Caviar Black drives RAID 0
  All networked using 1 Cisco Gigabit switch
  1 GB to each iMac
  (2) 1 GB connections to the Server
  The original true network home folders worked out okay for Final Cut Pro users. About 6 could work at the same time, capturing and editing their work. For iMovie HD only about 3 could use it at the same time.
  I could not get iMovie '09 v 8.0.5 to import to the network homes. Something about video library errors if I remember correctly. So I went back and they have been using iMovie HD with no problems.
  There was a lot of dropped frames and time wasted on importing with time code brakes.
  This is where I decided to create mobile accounts for each student on a specific computer set by the teacher. As stated about it will take about 3 minutes per GB of data to copy from the server to the local computer. Near the end of the student list (about 70) it would copy the data fairly quickly and then would sit at 100% for about 7+ minutes before It would finally complete and log off.
  The login sync still only takes about 1 full minute and the logout usually takes 1 minute but can sometimes take up to 3 depending on how much capturing they have done.
  After about 2 full weeks of use, this solution still seems very viable. There have been no complaints about dropped frames or lag while capturing. There is also no lag while using iMovie HD (which was very problematic before) during editing and playback. This is still great because at the end of the day they still have a mobile account and can access their data from any mac, besides the one they have a mobile account setup on. Also, if something happens to the server they can still login to the computer with their mobile account and still accomplish work and when the server is back up it will automatically sync on the next login.
  I'm not sure if it was the network or hard drive speed causing the lag. My server will only hold 3 SATA drives and they had to be configured for 1.5 instead of 3.0. The RAID was also setup w/ apple software and was not a hardware card.

• Time Machine does not backup home/user directory (on separate drive)

  I recently installed a SSD into my Mini. Due to size restrictions, my home/user directory has to be kept on another drive. I retained the stock 1TB drive that came with the Mini for this.
  Ok, installed the SSD, restored a Time Machine backups (sans user data). Used a different admin user and configured my user to use the 1TB drive for it's home directory (/Volumes/1TB/home/<user>). Restart, log in as my user, all is good. All data, settings, etc is there. Everything looks normal.
  Time Machine REFUSES to backup this directory. It will backup the 1TB drive and anyting else I create in it, but not the home directory. I tried every permission trick I could think of or found online. I even tested it further by formatting the 1TB drive fresh, adding a new user, configuring the user to use the 1TB for their home directory and it still won't back it up (this was a test of permissions the OS set, to make sure I didn't change my data perms somewhere along the way). Time Machine would not backup the new user's home directory on the 1TB drive.
  Any thoughts? I can't be the first person to have their home directory on a non-OS drive.
  If I were to create a folder/file in /Volumes/1TB/<test file> ... Time Machine gets it perfect. It just will NOT touch /Volumes/1TB/home/<anything here>
  Thanks!

  Open the Time Machine preference pane and unlock the settings, if necessary. Click the Options button. If there is one particular folder with items that are not being backed up reliably, add it to the list of excluded items. If there are many such folders, add your home folder to the list, or add a whole volume (i.e., what Apple calls a "disk.") Save the changes.
  Start a backup, or wait for one to happen automatically. When it's done, open the preference pane again and remove the exclusion(s) you made earlier. Back up again and see whether there's a change.

• Only CreateException allowed for create in local home?

  I tried to deploy a simple application in Weblogic Server 8.1. During verification I got the message: "Method create(int) on the local home interface must not throw java.rmi.RemoteException" and sometimes "create(int) must throw CreateException".
  The signature of my local home for that stateless session bean looked like this:
  create(int aNumber) throws CreateException, IOException {...
  the according method of the bean was:
  ejbCreate(int aNumber)throws CreateException, IOException {...
  After several tries i deleted the IOException from both signatures and the .ear file could be deployed.
  I looked up ejb 2.0 and 2.1 specification and there are examples throwing more than CreateException in local home interfaces of session beans (e.g. chapter 6.3.1).
  Did someone experience this behavior as well? Can there be a bug in my code and this "workaround" works only by accident?

  Here is the log massge
  [Sun Sep 16 14:26:47 2012] [error] [client ::1] File does not exist: /home/lucas/www/favicon.ico
  [Sun Sep 16 14:26:47 2012] [error] [client ::1] client denied by server configuration: /home/lucas/www/test/application/captcha/1347816281.8856.jpg