Login.keychain and mobile user accounts

Similar Messages

• Aperture 3 and Mobile User Accounts: Don't even think about it

  Hi all.
  This is more a warning to other with a similar setup than anything else.
  I use both a desktop mac and a portable.
  As so, and since I have a Mac Mini Server, my user is what Apple calls a "Mobile User".
  Basically what it does is this: it allows me to have my user on both macs always in sync.
  To be certain that no file would be locked out by an open app, I have it to sync on login and logout only.
  Strangely enough Apple own Aperture 3 doesn't sync.
  It simply shows a generic error and that's it.
  I call tell that I've made some extensive tests regarding the syncing process and no matter what it never works.
  It doesn't matter if Aperture is closed, if the syncing is made on the login or the logout... nothing!
  As a curiosity, not directly related with this specific problem, I can also confirm that the full library package is seen as a single file to the sync agent, so even a simple open and close of the app is enough to make it try to re-sync the entire thing, instead of doing the proper thing and copy only the modified files inside of it.
  That means that even without this error it would be inpratical to work with Aperture 3 since that would mean having a nice library of quite a few gigabytes syncing every time that I tried to log out of my user session.
  I sure hope that Apple can find a way to make their own pro photo app and their server software work together.
  But until there... it's back iPhoto for me.
  Take care all.
  Pedro Fardilha

  I don't have problems syncing other files that are also system packages, like iPhoto ones... although I have a terrible suspicion that again the sync agent only sees a single file, not a bundle.
  I assume that the OS doesn't have any problem with packages since they are used pretty much elsewhere and they are basically a folder with a specific file inside that "forces" the OS to show us as a single file, instead of letting us see directly the content.
  Even the new disk image format that Apple recommends to be used in order to speed up Time Machine backups (.sparcebundle) is based in package (or bundles, whatever you prefer to call them)
  The main issue here might be the folder structure inside.
  If you do a "show package content" and, for instance, check the thumbnails folder, I can easily see some chars that might create some confusion if not properly escaped during the sync, like on this example:
  My Aperture.aplibrary/Thumbnails/%pARYo%fT52I77jmdf8mqQ/AP.Thumbnails
  (Those "%" are so prone to errors if not properly handled)
  Time Machine doesn't have any problem with both packages and those chars, so I truly hope that they use TM tech and improve the way that the syncing agent work.
  Anyways, Aperture seemed a nice app.
  I'm really sad that I can't use it because of this... specially when I'm considering getting a new digital camera.
  I understand that it was recently released so let's hope that Apple can figure out what's happening and release an update (to either Aperture or Mac OS X Server) in the next few months.
  Take care.
  Pedro Fardilha

• Why login keychain and user keychain

  Hi,
  I am trying to dianose a keychain problem my little home network is having and realize I don't quite have the knowledge to get started. My first, very basic question is, why do I have both a login keychain and a "user" keychain. Which is unlocked automatically when I login? What is the point of both of them?
  Thanks!
  Tom

  Hi baltwo, thanks for responding.
  I have a home net with several G4/G5 machines all running 10.4. I "sync" the keychains on the various user accounts via .Mac.
  Keychain Access shows that I have four keychains; tom, login, system and X4509Anchors. In my library/keychain folder I have two files: login.keychain and tom (with out an extension). I did not specifically create the tom keychain.
  I am trying to understand why I have a tom keychain. I am also trying to understand which unlocks automatically.
  The reason I ask this is periodically one of the machines (it varies) on the network will have keychain problems and request that a keychain be unlocked or require manual entry of a password. This normally only happens with Apple's Mail application and on occasion when connnecting to a networked machine.
  Curiously, when I "correct" the problem on one machine (usually by deleting a keychain) the problem will often move (probably whily syncing with .Mac) to another machine.
  Thanks!
  Tom

• Questions about Mobile User accounts

  I'm having some trouble fully grasping Mobile User accounts and hoping someone could clarify whether they would be appropriate in my situation.
  We have some non-"mobile" users that solely use one machine and we would like them to continue to use their local hard drives. Is a "Mobile" account the solution?
  Second, if a user is already using an independent Mac that is not bound to any server..is it possible to bind it, create a mobile account, then sync local with network home folders such that all of the current data in their existing Home folder is added to the Network Home folder? or must the account be started from scratch?
  Lastly, What if we did not want all that data synched to the Network Home because there is simply too much of it. Can we still enjoy the benefits of Network login while certain files are local (I assume this is what the synching prefs are all about?!?) Users use same machine for 99% of their work. only occasionally would it be nice to provide them access to their mail, etc from a different client
  PowerMac G4   Mac OS X (10.4.4)  

  I'll take some broad swipes at this and let the smarter people come fill in the details.
  We have a true 1:1 setup in our office and have moved to PHDs as a means of protecting against downtime. The thinking is that we will have a spare machine lying around with our base installation ready to go. If a user's machine fails we'll replace it with the spare machine, let it sync the user directory from the server, and we're back in business. It's no substitute for a real backup system, but it potentially avoids having to run a restore from your backups. It also reduces network traffic compared to plain networked homes, and still lets your users work if the server goes down, but provides the benefits of centralized management. John DeTroye wrote a nice article about this.
  If you've already got data on your "client" Mac you will need to move it onto the server. PHDs will download data from the server to the client on the first sync, but will not upload a complete home directory from the client to an empty directory on the server. You'll find some posts in this forum discussing how people have gone about migrating data prior to that first sync.
  WGM allows you to establish exclusions for stuff you don't want to sync.
  One thing to watch out for in the scenario you describe is the so-called "rabbit effect." Assume Bob uses Mac1 as his primary machine. If one day he logs into Mac2 his home directory will be downloaded to Mac2. Once he returns to Mac1 he'll still be cluttering up Mac2 with his data. If he logs into Mac3 the next day and Tom and Sue are also periodically logging into different machines, you can see how you'll end up with a mess pretty quickly.
  Hope this helps.

• How to copy Configurator keychain items to user accounts

  I'm managing a lab of iPads in an education environment.  And have set up a "base" image for the iPads under an administrative account with Configurator.  The Macbook is bound to the domain and I can authenticate with a number of users no problem, but if I go to try and manage the iPads, i get a "private/public key" error.
  I've determined that the issue is with the Key items found under the keychain.  If I copy the administrative keychain to the users profile and log in (forcing the login keychain update) it will work fine under the users account.  but this is not something I want to do as it requires me to give out an administrative password. And if I delete the login keychain from the user template, the user generates new keys causing the error above.
  So... does any one have any ideas how to copy keychain items from one user to the template user?

  Move your itunes to library to a centralized folder.  For instance directly on your hard drive.  Then set your itunes library to that folder where all itunes media is kept, or only the items you wish to "share" between user accounts.

• Migrating current mobile user accounts from one OS X Server to another

  I have not been able to find ANY answers to my situlaton. 
  I have a small office that currently has a Mac Server 10.4.11 server running that has many "mobile user" accounts setup.  This was done because we have so many mobile users coming in and out of the office.  When the user comes back they sync their home directory witht th server here.  Works great.
  We recently purchased a new Mac Server running 10.7.4.  Set it up as the Open Directory Master.  I unbind from the old server and bind to the new server.  Everything seems to be working just fine except when I go and add a current mobile user to the new server it creates a new user account on the client device (MacBooks) as if the previous user settings didn't exsist.  Since they need to be mobile users and not just network users I haven't been able to find a solution to this problem any where.
  Is there a way on the client to tell it to use the old user account stored on the MacBook to use with new mobile user connected to the new server?
  Or is there an easier way of doing this that I don't know about?
  Thanks,
  TK

  If I understand what you wrote, no.  The reason is this.  If memory serves...  In 10.4.11 accounts were assigned a UID.  In 10.7.x, accounts are assigned a UID and a GUID.  Most everything relies on the GUID at this point.  So, what you have is an account named marysue on the workstation and it is assigned a UID like 1045.  Now you created marysue on the Lion server, but you likely did not recreate the UID to match the old server.  And thus, the UID value is different but more importantly you now have a GUID value like EC0F9357-8EF2-4D3B-B6F3-2E3016400114, that is associated with the account.  So, the user, despite having the same shortname, is different. 
  In addition, you are working with two different directory systems.  10.4 still used NetInfo (ah, I miss you so).  10.5 and above use DS local flat files, even when bound to an LDAP system.
  So, probably the easiest way to do this, provided I understand what you are seeing is the following.  Let's assume the following:
  You have a mobile account on a workstation for the user maryjoe with a UID of 1034 that came from the 10.4.11 system.  You have this account cached.  You have a home folder in /Users/maryjoe.  You have now bound to the new server which contains a user named maryjoe likely with a UID of something other than 1034 and with a GUID value that likely did not exist in the old directory system, also with the shortname of maryjoe and a home path of /Users/maryjoe.
  So when you log in, you are likely being pathed to /Users/maryjoe, but you are seeing a default Dock and no documents because of permissions.  My guess is that if you used Terminal to view the Users directory you would see something like this (open Terminal and issue the command ls -l /Users/:
  drwxrwxrwt   4 root       wheel  136 Apr 18 21:35 Shared
  drwxr-xr-x+ 14 locadmin  staff  476 Jan 21 7:42 locadmin
  drwxr-xr-x+ 14 1034  staff  476 Mar 21 10:42 maryjoe
  Note the folder maryjoe is not owned by maryjoe, it is owned by the UID of maryjoe from the old server.
  Ok, so long story short (sorry for the log explanation, especially if you are experiencing something else that I did not get from the post), all you need to do is update the permissions of the home folder.  Do this:
  1:  Log in as the local admin
  2:  Open Terminal
  3:  Issue this command:
       sudo chown -R maryjoe /Users/maryjoe
  Even with a lot of data in the home folder, this should not take more than a few minutes to complete.
  When the command completes, run this command again:  ls -l /Users/
  You should now see
  drwxrwxrwt   4 root       wheel  136 Apr 18 21:35 Shared
  drwxr-xr-x+ 14 locadmin  staff  476 Jan 21 7:42 locadmin
  drwxr-xr-x+ 14 maryjoe  staff  476 Mar 21 10:42 maryjoe
  Now try logging in as the user.  With a little luck I divined the issue and this will have you up and running.  Now, I normally will also purge the cached account in /var/db/dslocal/nodes/Default/users/ but that might be a bit daunting.  So let's start with the simple process first of ensuring home folder permissions are correct.

• Login keychain and Error getting license

  I am working with students using Digital Editions and have heard of 2 main issues/error messages.  The first says "unable to download, Error getting License" (the book has already been fulfilled by another user) and the second issue is "Adobe Digital Editions 2.0 wants to use the "Login" keychain" and it asks for a keychain password.

  Each book 'instance' can only be used on a single Adobe ID.
  The .acsm file is a token for the book, and is not initially specific to any particular ID.
  Once it has been used to download a DRM .epub file, both the .acsm and the .epub are locked to that ID.
  Attempts to use the same .acsm for a user on a different id will quite correctly give a '(the book has already been fulfilled by another user)' message.
  The ID can be shared by up to 6 devices at a time.
  Once used, the .acsm/.epub can never be transferred to a different ID.
  ~~
  I am not at all sure about the login keychain.

• Difference between ACS Administrator account and ACS user account?

  Does an ACS administrator by default have full rights to every device it manages?
  I thought ACS administator accounts and user accounts were different.
  I have an acs admin account called admin_1. then i created another user account called admin_1 (for switch/router access)
  when i set the password for admin_1(user accounts), when i tried to login into the switch it wouldn't take. It would only take the password set for the ACS admin account.
  Is this by design?

  My understanding was that this is not the case, Ive just tested my installation again to make double sure and the user accounts and the admin accounts are clearly seperated
  The RADIUS server does not make use of the Admin user database.

• Forms Authentication Error: User '' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed

  I created a custom security extension following the steps listed in the Readme_Security Extension Sample. It works fine if I login as the user that is specified AdminConfiguration section of the rsreportserver.config file but if I
  log in as another user, I get this error: User '' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed.  I've added the user to both System Administrator
  and System User roles to try to get it to work but still no luck.
  Does anyone know how to fix this?
  Thanks.

  Hi MetronM,
  The issue is due to that user have no permission to access the report server. In report manager, Reporting Services includes predefined roles that we can assign to users and groups to provide immediate access to a report server. Each role defines a collection
  of related tasks.
  You can refer to the following steps to assign corresponding role to the user.
  Open report manager.
  Click “Folder Setting” button. 
  Click “New Role Assignment” icon.
  Type the user name and select the corresponding role.
  There is an article about Granting Permissions on a Native Mode Report Server, you can refer to it.
  http://technet.microsoft.com/en-us/library/ms156014.aspx
  Regards,
  Alisa Tang
  Alisa Tang
  TechNet Community Support

• How to change the Default login script and the USER login script in Netware3.12

  I need to cut down the disk map from Neware 3.12 in Win98 client's PC.
  please tell me
  how to change the Default login script and the USER login script in
  Netware3.12 ?
  Or is there any other ways to do this thing?
  Thanks a lot!

  On 4/6/2006 [email protected] wrote:
  > how to change the Default login script and the USER login script in
  > Netware3.12 ?
  Please repost in the discontinued.forums.
  Edison Ortiz
  Novell Product Support Forum SysOp
  (No Email Support, Thanks !)

• Difference Between Database Schema and Database User Account ??

  First i would like to know what an Oracle Database schema exactly is ?
  And what is it for and also What is it's use ?
  Later the exact "Difference Between Database Schema and Database User Account".
  I googled about it but i'm unable to find out it's The difference,
  Please try to explain in a simple manner........
  Thank you very Much in Advance..........

  user13655582 wrote:
  Greate example. but i would like add one more point..
  a user is a schema and schema is a user. but when this applies to the user that he become a schema, only if he has got some objects. so we can say while creating the user which dosent contain any objects called simple user account but afterwords when he has got an objects then we can say its a schema as the above user has shown you through the exampleIt is just word-play. There is nothing in like a 'status' indicator to say "USER_A is just a user but USER_B has become a schema". Many people use the terms "user" and "schema" interchangeably, and some very good DBAs will insist this is correct. I don't disagree with them even though I usually try to make the distinction.
  In a typical application, all of the objects (tables, procedures, etc) that implement the app will be owned by a "application schema owner" - a user which exists for the sole purpose of owning the schema. Said user will have no privileges at all .. especially not CREATE SESSION. Except for possible maintenance activity no one ever actually connects as this user. User accounts are then given to actual humans who connect with their own accounts. The accounts have the necessary system and object privileges granted to them - via a role. One could also create a special account (let's call it APP_ADMIN) that is used for maintenance and batch operations within the application.

• I used this command and my user account is hidden sudo mv /Users/ed /Users/.ernestotaricone .

  i used this command and my user account is hidden and my account name ED
  sudo mv /Users/ed /Users/.ernestotaricone
  Please help me retrieve this Ed account back. Will there be any luck?
  When i checked the size of Users account the same gigabyte space is there but cannot see my user account ED

  This is the report the system gave me: CFPreferences: user home directory at file://localhost/Users/ernestotaricone/ is unavailable. User domains will be volatile.
  What of if i create another account say User account say good, can i transfer it back there?
  Seth

• I have two libraries on the same computer but different logins, there is my user account for the computer and then there is my grandma's, how do i get my music without having to resync on both libraries?

  this computer has two logins, my grandma's (which is the administrator) and mine, itunes is on both logins but on my login i have some music there and hers i have my other music.. i want to be able to redownload my music on my ipod touch with out having to resync back and forth between libraries.. how do i combine the libraries because if i go with one or the other i lose my music i have purchased, on both libaries the music belongs to me not my grandma,
  Also, a few weeks ago, I loaned the IPOD to somebody and they told me that evidently the IPOD had been hacked and that it had lost all the music.  When I got it back, I re-synced it and got some of the music back.  After talking to other people, I now suspect that my "friend" tried to do something he wasn't suppose to to and the IPOD shut down or that he was trying to create an Apple ID of his own without paying for it.  Now that I have it back, I just want to get the music back that I paid for that is already associated with my ID and that is in my two libraries.  I can see them in there (on the computer), I just can't access them to download  them on the IPOD.  Can you help?

  There are actually a few methods for using more than one iPod on a single computer: How To Use Multiple iPods with One Computer
  Just to summarise what's in the link above:
  Method one is to have two Mac or Windows user accounts which by definition would give you two completely separate libraries.
  Method two is to set your preferences so that either one or both iPods get updated with only certain playlists within one library. If you've had no success with this you can have a look through the guide on this page: Loading songs onto iPod automatically
  Another option when using a single library is to set one or both of the iPods to manual update: Managing content manually on iPod
  You can read about Windows user accounts here: Using Windows XP User Accounts

• Why are deleted user accounts showing up in login window and fast user switching menu?

  There are several old user accounts, just test accounts when I was studying for ACSA that I deleted, which continue to show up in the login window and the fast user switcher menu. I deleted them before upgrading to Lion (I think it was before). The accounts do not exsist in the /Users folder, nor even the /Users/Deleated Users folder. Additionally they do not show up in the list of users in System Preferences. Can anyone give some advice on how to remove these "ghost" accounts from the login window and drop down menu?
  Thanks
  dc

  Hi. Thanks for the link. Sorry it took me a while to get to this, the problem is not a show stopper, so to speak, so tried your advice when I had the time. Unfortunatly it did not work. Any other suggestions? Thanks.

• My login widow shows both user account and system administrator account . how do i not show the root account on my MBP i have upgraded to mountain lion

  my log in window shows btoh my user account and the system administrator (root) acount. how do i not show the system accout on the log in window?

  I think you need to disable the root user assuming you have it enabled.
  Navigate thus;
  /Applications/Utilities/Directory Utility
  ...and then.....
  Edit>Disable Root User