Mobile account with FileVault

Similar Messages

• Deleted items reappear on mobile account with syncing?

  On a mobile account with syncing, deleted items will reappear after syncing. One can manually do a full sync. Then delete stuff. Then do a full manual sync again and the deleted items are back.
  This is on Leopard 10.5.6 client and Leopard 10.5.6 server.
  Open to ideas one what I ought to look at.
  Best Wishes,
  Paul

  Paul,
  I'm happy I'm not alone (sorry..)
  I have exactly the same problem, although I'm using Linux server, not OSX.
  It all worked nicely until 10.5.6 upgrade, after that I'm having lots of home sync problems, including:
  1. locally deleted items re-appear after sync
  2. a lot of sync conflicts, specially when sync cannot resolve latest file or directory version between mobile and network copy (and mobile copy will be always the latest one)
  3. huge syncs even if no data has been modified, ie:
  I'm syncing all on login and logout, background sync is disabled.
  I do login then straight away logout, so practically no data has been modified, but the sync may show me tens of GB being transferred.
  Now, this is weird: I've done tests on a freshly created mobile account, with approx 50MB of data. Basically I've logged in and out repeatedly, sometimes modifying small files. Some of the syncs showed me transfer of 60MB!!! That's 10MB more than the size of the home directory!
  I've looked through release notes for 10.5.6 and some sync issues were 'fixed'. I'm wondering if other ones were introduced...
  As I've said, it all worked perfectly until the latest update - I have many machines behaving in the same, bad way.
  Perhaps someone has a solution?
  Thanks,
  Pawel

• Best practice converting local laptop accounts to Mobile Accounts with PHD

  Hi,
  what is the best practice to convert local laptop users (with different UIDs than their network account) to mobile accounts? Especially when the local dir should not be synced in whole (just Documents, Library). Client and server are 10.5, network accounts are on NFS.
  I tried creating the mobile account with a minimal network directory (Library etc. ) and then move the original folders into place, but this didn't work out (the sync info was overwritte somewhere ..)
  Christian

  I think your best bet is to copy the home folder off the laptop to the user share on the server. Then with WGM create the same user and the apply all permissions of the network user to the copied folder.
  Once you have that create your settings for the PHD and then go to the laptop. There you will setup the laptop and bind it to the directory, have that user login (might want to do this on a lan, not airport) and then it will move all the data across to that laptop, and since the network user (same as the local) owns that folder everything should work. If the password is the same then OS X should fix the login and keychain password, so saved forms or email password would show up.
  I did this same thing for 20 OS 10.4 client laptops. Took me a while to get all of this in place but will spare you the running around...
  hope that helps

• How do you setup a user mobile account, with the home directory stored locally and not synced to the server?

  I want to be able to setup a user mobile account, with the home directory stored locally and not synced to the server.  What is the best way to do this? I am running Server 10.6 with 10.6 clients.  Open Directory will be used to authenticate and manage preferences.   Also, this one account will be used simultaneosly in a computer lab setting, so files will be stored locally in the client, hence the need to NOT sync to the server.  Any Ideas? 

  currofelix wrote:
  So what does WGM Look like in the Home Tab? afp://servername.domainname/Users? or afp://Users?
  The attached screen shots should help you:
  You will only have to do this step once. Obviously you want to use the user's shortname here.
  Then, you will see this as an option in WGM:

• AD mobile account with local home directory

  I basically have the same question as this post:
  http://discussions.apple.com/message.jspa?messageID=696367
  I have set up Tiger workstations to authenticate to AD, I am forcing a local home dir. Everything works great. I want to do the same thing for Tiger laptop users with mobile accounts. The problem is that OS X creates a second home directory outside of /Users based on attributes from my AD schema. Just like with the non-mobile users, I want to ignore all home dir attributes from AD and just use the user's home dir that is in /Users. So the question is, how can you use a mobile account and force a local home dir with Apple's AD plugin??????

  Yes, I know how to click buttons in the gui, that does not fix the issue. The issue is that the Active Directory schema at my company includes extended attributes from the RFC 2307 schema. Apple's AD plugin does not know how to handle this extended schema especially when using mobile accounts.
  Apple's AD plugin reads these unix attributes from AD and thinks it knows what to do but ends up causing more problems then if there were no unix attributes at all.
  Since this post, I have opened a ticket with Apple. They were able to recreate the problem in their lab with their AD server. The only work around is to create a custom ActiveDirectory.plist file that forces the Mac to ignore what AD is telling it.
  This solution works unless the ActiveDirectory.plist file is deleted or corrupted. This problem will only become worse once Microsoft includes all of the RFC 2307 schema in their next service pack of Win 2003 server.

• Active Directory user passwords on mobile account with File Vault

  Hi all,
  I enabled file vault when I moved to my MacBook Pro. I joined the computer to the domain (after enabling file vault), and logged in with my domain account, creating a managed, mobile account so that I could use the computer when not connected to the domain.
  Active Directory has forced a change in my password for the domain account but I cannot get the password on the Mac to change the password and sync with the domain.
  My account (the one with the changed network password) on the Mac is a standard user account. When I open system preferences, go to Security & Preferences, General, click on the lock to unlock and allow change and then click Change Password  ..., I receive the following error message after going through the steps to change the password:
  The password for the account "user" was not changed. There was a problem with your password. It's possible your system administrator doesn't allow you to change your password. Contact your system administrator for help.
  For Old Password, I used the old network password, the one that I use to log into the Mac. For New Password, I used my new, current password.
  The same result happens when I attempt to change the password from the Users & Groups section of the System Preferences.
  I have logged out and logged in with the user account that is identified as the admin and get a similar (same ?) error when attempting to change the password.
  Any suggestions? How do I get the passwords to be one so that I can forget the old password?

  Thanks for your insights.
  The Tech Tool report happened after AppleJack, and never showed up before that. Restarting again just now, it showed up again.
  I had not emptied the trash, but did now, and the 'get info' on my hard drive still shows that I have used nearly all of my 160 GB.
  Re Disk Warrior: I do have it and just ran it. I emptied trash again and checked to see available disk space: I have 2.47 GB, so the problem still exists.
  Here is the disk warrior report for the first part of its tests:
  DiskWarrior has successfully built a new optimized directory for the disk named "Hildegarde." The new directory is
  ready to replace the original directory.
  There is not enough contiguous free space for a fail-safe replacement of the directory. It is highly recommended that
  you create 204 MB of contiguous free space before replacing the original directory.
  All file and folder data was easily located.
  Comparison of the original and replacement directories indicates that there will be changes to the number, the
  contents and/or the attributes of the files and folders. It is recommended that you preview the replacement
  directory and examine the items listed below. All files and folders were compared and a total of 14,627,488
  comparison tests were performed.
  • Errors, if any, in the directory structure such as tree depth, header node, map nodes, node size, node counts, node
  links, indexes and more have been repaired.
  • 1 folder had a directory entry with an incorrect custom icon flag that was repaired.
  Disk Information:
  Files: 552,652
  Folders: 131,014
  Free Space: 2.47 GB
  Format: Mac OS Extended
  Block Size: 4 K
  Disk Sectors: 321,410,736
  Media: HDT722516DLAT80
  Time: 11/28/08 6:54:19 PM
  DiskWarrior Version: 4.1

• Best way to handle mobile accounts with large itunes/photo libraries

  What is the best way to handle mobile accounts, but not syncing itunes/photos libraries?
  I have a time capsule so I can move itunes and photos libraries for each user if need be.
  Thanks!

  Hi,
  I've done a great deal of work with mobile accounts in Snow Leopard and I'm now having a "play" with Lion. To be honest you have to sit down and think about why you need mobile accounts.
  If your user only uses one computer then your safer having a local account backed up by a network Time Machine, this avoids the many many woes that the Servers FileSyncAgent brings to the table.
  If your users are going to be accessing multiple computers on the network and leaving the network then a mobile account is good for providing a uniform user experience and access to files etc. However, your users will have to make a choice as to whether they want their iPhoto libraries on one Local machine (backed up by Time Machine) or whether they want their library to be hosted on the server and not part of the Mobile Home Sync schedule (adding ~/Pictures to the excluded items on the home sync settings).
  With the latter, users will be able to access their iPhoto libraries on any computer when they are within the network (as it's accessed from the users server home folder).
  With the first option the user would have their iPhoto library on one computer (say the laptop they used the most) but then would not be able to access it from other computers they log on to.
  iPhoto libraries are a pain, and I'm working hard to come up with a workaround. If your users moved over to using Apeture then you could include the aperture library as part of the home sync thanks to Deeport (http://deepport.net/archives/os-x-portable-home-directories-and-syncing-flaw-wit h-bundles/)
  He does suggest that the same would work with IPhoto libraries - but it doesn't for a number of mysterious reasons regarding how the OS recognizes thie iPhoto bundle (it does so differently compared to Apeture).
  Hope this helps...

• Make mobile account with admin permissions without administrator INFO...

  How do you bypass the admin permissions with mobile account? How do you make mobile account unlock things? You do you do the secret and rare system administrator login screen, where it says up on the top System Administrator, where nothing would be there? How to force your computer to go to single user mode, not command s or apple s, because that doesn't work for me? How do enable isight -camera without no admin password, no terminal? Is there extension for mac so that it will run and unlock things or open programs without administrator permissions? I need something that will UNLOCK MY macbook, please help. Where can I download password reset.APP for free that comes in the mac os x leopard disc? Thanks for the help...

  Why don't you just use your OS X install disc? It has a password reset utility on it.

• Mobile Account Preferences visible on Menubar for Network Accounts

  On Mobile Accounts (setup with Profile Manager), acting as network account (home folder in server), the mobile account preferences are shown on the menubar. In addion, it says "last home sync" incomplete. Both are wrong according to my understanding.
  However it makes sense - and it if the case - if the account is really working as mobile account with local home folder on a e.g. macbook.
  Does anyone has the same issue?

  I have the same issue. No fix yet.
  One of my machines has joined the network and seems to be ok in almost every way...clearly with the exception of this way.
  I will post if / when I find a solution.
  W

• Mobile-accounts FULL PATH badboy

  Our goal is to get Mobile Accounts with Portable Home Directories working. The home folders are stored on an external hard drive on Mac OS X Server 10.6.3. It's more or less working... but not quite ARGHH! HELP!!
  The short question is: What value do I use for the 'full path'
  The obvious answer, causes problems.
  THE GORY DETAILS (+aka. 'argh!!'+):
  Since all the files for user1 are stored on macsrv1 in /Volumes/team1/users/user1 I believe that in WGM I should have:
  Share Point URL: afp://macsrv1.disney.ch/users
  path to home: user1
  full path: /Volumes/team1/users/user1
  but when I try to log onto user1 on mac1, for the first time, it fails.
  In /var/log/secure.log I read +"user1 not known"+.
  And +"Could not get the user record for 'user1' from Directory Services"+
  (see *error1 at the bottom of this msg)
  IF I CHANGE the full path to:
  full path: /Network/Servers/macsrv1.disney.ch/users/user1
  THE LOGIN WORKS (I'm asked if I want to create a mobile account and when I say yes, a local folder is created on mac1, and any syncing does indeed cause files to appear on macsrv1 in /Volumes/team1/users/user1
  HOWEVER (+aka. Oh no!+):
  When the user does an ssh into macsrv1, his home directory (cd ~ or echo $HOME) is /Network/servers/macsrv1.disney.ch/users/user1 which is really just /users/users1 which is a virgin/template-like folder.. certainy not /Volumes/team1/users/user1
  BUT (goodnews here)
  If I now set the full path back...
  full path: /Volumes/team1/users/user1
  Everything works. Loggging into mac1 ok. SSHing into macsrv1 ok.
  But logging into mac2 fails (until I switch out the full path again)
  *a. WHAT SHOULD BE THE CORRECT VALUE FOR FULL PATH?*
  b. If it should be /Volumes/team1/users/user1 then how can I convince the client macs to create the mobile account?
  2. I have a 2nd question concerning the automount re-mounting the drive... causing a double mount! I've described the problem here: http://discussions.apple.com/thread.jspa?threadID=2461695&stqc=true
  I've hunted through the forums, where appartently the answer lies, without success. Please help!
  /shawn
  THANKS FOR ANY INSIGHT/help.
  Helpers get free beer if they come to Switzerland.
  p.s. I might add that the afp Share point on macsrv1 for /Volumes/team1/users is called 'users' (configured via WGM). Does that help? Maybe there is some weird conflict between there existing a /Users in root, and there being a mount called 'users'?
  *error1:
  After the login window, the user is informed that "Zou are unable to log into the user account. An error has occurred". In system.log on mac1 I read +"edu.mit.Kerberos.CCacheServer[927]: launchctl start error: No such process"+
  +edu.mit.Kerberos.CCacheServer[927]: launchctl start error: No such process+
  Message was edited by: DrKdev

  Other observations:
  *1. from /Library/Logs/DirectoryService/DirectoryService.error.log*
  2010-06-18 14:04:11 CEST - T[0xB0185000] - Misconfiguration detected in hash 'Global UID':
  2010-06-18 14:04:11 CEST - T[0xB0185000] - User 'user1' (/LDAPv3/macsrv1.disney.ch) - ID 1035 - UUID 80699B6C-A90E-4D2F-9B07-FB78F72E9709 - SID S-1-5-21-4063190502-2217233148-2094676766-3070
  *2. user IS showing up in the login window.*
  If I configure the login window to show all users (including network users), then user1 does indeed show up.
  *3. Logging into user1 via ssh works.*
  *4. dscl on macsrv1*
  dscl /LDAPv3/127.0.0.1 -list /Users
  does indeed show user1 (and any other user I create)
  So why can't I login/create user1 on the client mac without toggling the FULL PATH to /Network/Servers/macsrv1.disney.ch/users/user1 first? arghh!

• Changing home direcotry location breaks mobile account sync

  Dear all, hope you could help me with the follow problem:
  I recently transferred my users' home directories to a new NAS.
  The old home location was e.g. afp://192.168.1.7/homes/user1 (old nas)
  I moved them to afp://192.168.1.9/homes/user1 (new nas)
  For all networked accounts things work fine.
  I have a 1 mobile account user (i.e. user1). When logging in, or when performing home sync, the client keeps on searching for the old nas (i.e. 192.168.1.7), although in workgroup manager I removed all references to the old nas, and updates the home location to the new nas.
  What's wrong? Is there a file locally on the client that stores information about the home location that is not updated? Can I change or delete that file???
  Thx for any help,
  Best regards,
  Stefan.

  you can change this on the client side by modifying the OriginalHomeDirectory and OriginalNFSHomeDirectory attributes in the user's account config.
  check the current config with dscl . -read /users/username on the client side.
  alternatively, you could create a new mobile account with /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobilea ccount (run without options for usage details).

• Unable to create a mobile account on Macbook

  We have a Macbook where during the first login they chose not to create a mobile account with this particular login ID (active directory).
  Now we need to allow this user to have a mobile account on the Macbook but when we try it will not create a home folder etc.
  If we login with a different user it works just fine.
  I notice it does not show the user in the accounts-preferences only when logged in with that ID. It also comes up with network,managed vs. managed,mobile.
  Anybody have any ideas? Is there a way to remove the user ID so we can start over to create a mobile account.
  I did try to create a mobile account using the preferences but it did not work. It still fails and is coming up with the "The home folder is not located etc etc" message.
  Thanks

  Update:
  I finally found a work around in the forums. The command I used was this:
  sudo
  /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileac count
  -n userid -v
  The post was this:
  http://discussions.apple.com/thread.jspa?messageID=7515435&#7515435
  Hope this helps someone else.

• Slow login with Domain Mobile Account in 10.9.1

  I've tried searching, although I may have missed something. I saw that this was possibly resolved in 10.7, but I'm having the issue with 10.9.1...so...but, if this has been solved and I did miss it when searching, please be gentle. =)
  Got a new MBP for work and it's joined to the domain and set up with a mobile account. When I log in from home, I select my account so that FileVault can decrypt the drive, and after the inital spinning wheel, it sits for about 60 seconds before telling me:
  "There was a problem connecting to the server "[server name]".
  The server may not exist or it is unavailable at this time. Check the server name or IP address, check your network connection, and then try again."
  Thoughts? Questions that I can try to answer?
  Thanks in advance.

  here's a picture of the message I get on login, if it helps.

• I want to use Softcard on my Note 4 but I signed up for it with T-mobile first. How do i get to log in with the same account with my Verizon phone?

  I signed up for Softcard while i was with T-mobile but now have left and want to use the same account with my Verizon account but i get some Error message. Cant MNO or something

  It is a bit annoying     when Verizon , ATT and T mobile are all using the same service with Softcard.  But if Google wallet is working for you keep it. 

• Cannot login with mobile account when server is switched off

  Hello all,
  First of all, my condolences to the Jobs family. 
  OK.  On with my problem.  I apologise in advance if this has been answered before.  I've trawlled through various boards and I can't seem to find an answer.
  I'll try to keep it brief.
  I've set up a mac mini with lion server.  Done all necessary updates.
  I have a lion macbook which is the client.
  On server, created an Open Directory etc..
  I created 2 mobile network accounts on the server.  Set preferences etc..  Added both to workgroup.
  Added the client to the domain in system prefs login options.
  Logged into the 2 accounts on the client.  All working well.  Can see my mounts.  Mobile accounts created successfully and syncing working.
  So, the problem I have is, when I shutdown the server, my mobile accounts on the client disappear.  Also, the login screen states, 'Network accounts are unavailable.'
  I've been looking at this for a week now and it's driving me mad.  I must have missed something - can anyone shed any light on this please?
  With thanks, Paul.

  oh well - gave up and reinstalled lion server.
  GROAN!