Mobile AD Accounts & files on network home
I am currently creating a new Mac service running on 10.6.4. The service consists of a variety of Mac client machines, authentication via AD & managed prefs through OD directory.
Client machines are bound to AD with mobile accounts, forced local home directories and UNC paths from AD to mount the network home.
All home sync option set to none through WGM
The problem I have is that when a new AD user logs in to a Mac some folders & files (typically Library/Preferences/*.plist files) get created on the network home and the user experience of that first login is of some preferences (such as dock icons) not applying fully. Subsequent logins for that same user are fine, even if the folders are deleted from network home, it just seems to be that first login, almost as if the local home folders are not ready for the login to complete.
The previous 10.5 service didn't give this same behaviour. We have changed the bind process now and are using a workflow within DeployStudio as opposed to our old bespoke Directory joining script, but in essence the configured settings are the same.
My questions then are:
1. Am I seeing expected behaviour
2. If not, is this new to 10.6?
3. Any thoughts or comments?
Mobile accounts are network accounts that have been converted for offline use. That's what the tools (e.g Workgroup Manager) support.
By playing with low-level settings, you might be able to get a local account to sync with a network share, but essentially you will be on your own.
Similar Messages
-
Drop files in Network Home on Server?
I want to add a folder with a file inside to everyone's desktop that has a network home account. Only 25 users but wanted to do it from the server where the network homes are stored. Logged in with Admin credentials but I'm denied access when trying to open the users desktop folder. Is that normal behavior? If it is how can I achieve this?
Hi
+"Logged in with Admin credentials but I'm denied access when trying to open the users desktop folder. Is that normal behavior?"+
Yes.
+"It is how can I achieve this?"+
Log in as root or use terminal as root. To log in as root log out by selecting log out from the Apple Menu. At the login window enter root as the name and use the password you're using or the admin account. Once logged in you should be able to do whatever you want. However use the 'power' of root with caution as once logged in this way you can delete anything you like.
If there's important data on this server try and make sure you have an effective and current backup first - just in case.
Another way of doing this which I think you should consider first is to create a share that is accessible to everyone. Place that folder with the file inside it into that share. Apply a Policy that maps the share as a network drive which mounts on user login. Instruct the users to copy the folder/file to their Desktop. When they're done remove the share as well as the Policy. From your perspective you've achieved maximum effect with minimal effort.
Tony -
Using MobileMe with Network Home and Mobile Account
Hi,
I'm having some issues using MobileMe with a new Network Home, frequently seems that after I setup syncing with the network account, which works fine, after logging off and back on to the network account syncing is disabled. After doing some investigating and speaking to the MobileMe support people I think it's related to a 'lock' folder that seems to hang around in the ~/Library/SyncServices folder for longer than it should do, if I do a successful sync then wait for this lock file to disappear then log off everything seems fine, otherwise the sync is disabled and I get a 'Sync unavailable' dialog saying there is more than one network home syncing, which there isn't.
Also, I'm wondering if the mobile version of the network account should have MobileMe syncing enabled as well or will the Home Sync just sync everything (i.e. Address Book, Contacts, etc.) back when plugged into the network ?
MarkThis definitely sounds like something you might want to take up with Adobe Customer Support. (In case you didn't know, the people here are just other users, like yourself).
If your company bought 300+ licenses, I'm sure they'd be willing to help.
Will they be able to solve the problem? Well, that's a different issue altogether. -
Mobile Users - Sync Files Outside Home Folder?
Hi folks,
Regarding mobile user accounts...
On our server, we have a shared folder as follows:
/Volumes/Server HD/Business/
I want to configure my Mobile User account to sync this folder, but I cannot because it does not reside in my Home folder.
Presumably I could just move the folder to within my Home folder and then recreate the share point from there. But then, a second user would not be able to sync this folder on their Mobile User account.
Is there a workaround to allow syncing outside the Home folder? I tried using a symlink but this didn't work...
Thanks!!Just modify the SHARE POINT setting of your BUSINESS folder. (SA>File Sharing > Share Points > List > Select your BUSINESS mount point folder)
Enable Automount > then tick Use as Home Folder and Group Folder
then go back to your users in WGM, assign the home folder to the newly mounted BUSINESS folder.
hope this helps.
Marlon -
Hi all
once again I have questions
I have a network account called Mark.
On my MBP I log into the network account- everything is good.
I log out and then go to another mac. everyhting is good. When here, I save a document called test.
Then I go to my MBP, go to the Documents folder for the user and test doc isnt there. How can I set up network accounts so my students can move computers and still have there docs linked to their network account?If I'm understanding your question correctly, simply saving a document in a user's home folder on a local machine does not transfer it between machines. Open Directory is only going to authenticate your user's credentials and grant them access to the machine.
You can, however, setup preference and file syncing with Workgroup Manager. You can download it here: http://support.apple.com/kb/DL1567
Once installed, configure it to connect to your server with your diradmin account. Once authenticated, you can setup file syncing to sync an entire home directory or just folders within it, preference syncing, etc. You can also manage preference for users and groups and enforce company policies regarding security or whatever else you may need to. It can also automatically mount the user's network home folder when they login.
Once you set this up, whenever a user logs into their account on a managed machine, it will run the preference and file sync settings you created.
I hope this answers your question. Or at least gets you steered in the right direction.
Taylor -
IMovie temporary files; importing fails on network home directory
Hi all,
I work in a laboratory and manage a bunch of Macs. We have a 2x2.5GHZ G5 with 4G of memory and iMovie 6. The mac has two 300 GB disks that are in a concatenated raid group, so the system has about 450GB of free disk.
The mac is bound to an Open Directory server and users have network home directories. (The network file system happens to be AFS, which is probably unusual)
The problem I am having is that whenever I am importing a clip from any external source (in this case I have tried a Sony GL-2 and an external DV deck), after about 13 minutes of importing, imovie stops importing, and iMovie displays the blue screen that you get when a video source is connected but not playing... but, the camera is clearly still playing, if I look in the viewfinder. this failure mode is completely reproducible, and always fails at the exact same place. (but works fine on another mac, see below)
I have tried saving the iMovie project onto both local disk and into the networked home directory, with the same results in either case.
I've tried the same setup on an identical mac that is not using networked home directories (local only), which works fine. I suspect that the problem has to do with the way the network file system caches/buffers, but I have no idea where iMovie keeps its housekeeping/temporary files. I was under the impression that it is all kept in the project directory, wherever you happen to create it. Are there some files that get written to the home directory no matter where you save the project?
mjp
2x 2.5 GHz G5 PowerMac 4GB RAM Mac OS X (10.4.6)iMovie doesn't have temporary files. All files are kept in the project folder (or "package").
iMovie: How to Save Projects to Another Hard Disk
http://docs.info.apple.com/article.html?artnum=93296
See "Important Considerations" at the bottom. -
Where can I find log files for users logging into network homes?
We're running an open directory master and are using AFP on another server to host our network homes. I was asked to find a log of users logged into their network homes on a specific date and I'm starting to wonder if that's actually a log that exists. I've checked the OD logs and in one of the password logs I can see users have authenticated but it doesn't say specifically to what (so it just lists they logged into something). The AFP logs just show specific files being accessed without usernames. So what am I missing? What log would I check?
Thanks for your help!!File Zilla is a dedicated ftp client that you use to upload your published web site to your server.
I would suggest that you perhaps consider using Cyberduck instead as this might be easier. Cyberduck is a dedicated ftp client in the same way that File Zilla is.
To be able to upload what you need is your published website. Open iWeb and select the site that you want to publish and then select publish to a local folder and your site will then be published to your desktop. You then upload this to your server using Cyberduck or File Zilla. -
I had files in my mobil me account that I did not tranfer before I upgraded to cloud. Is there anyway I can get them? They were my travel photos
The migration process is likely to have signed you out in System Preferences>MobileMe and you will need to sign in again. Then you can mount your iDisk on the Desktop (command-shift-i). Or you can access your files at http://me.com/idisk.
-
Lion Network Accounts files association is always reverted
Hi,
I want to change file associations for all types, like opening all .avi with vlc instead of QuickTime.
The Workstations run Lion 10.7.2 and Have Network Homes hosted on a Lion Server 10.7.2. Whenever the user changes the file association (Get Info, dialogue...) this change is reverted after a reboot. Strangely enough the new association is still in place if the user just logs out and back again. There is no such problem with local users on the machines.
The com.apple.LaunchServices.plist where these settings are stored reflects changes made in the GetInfo dialogue. Upon reboot, the Finder seems to ignore this settings file although it stays unchanged!
Any help would be greatly appreciated.I seem to have isolated the issue.
I was using wireless for both server and client, so I switched both to ethernet to eliminate any possible issues there. No change.
Then after some more experimenting I realized my original statement
if I am logged in via any user on the client (network or local), using fast user switching to go to the login screen ALWAYS shows the network users.
was incorrect. It turns out I have to be logged in with a local user for the network users to show up. So I went back and experimented with the Login Window options I configured in Profile Manager. Here is how I had my client configured.
If I enable "Show computer's administrators", or if I disabled "Show local users", the problem goes away. The problem only exists when I have one or the other, but not both, options enabled. So it seems there is a bug on the client, or there is a bug in the profile that Profile Manager is pushing to the client.
Another interesting tid bit. I temporarily changed the local user on the client to an administrator. That left the client with two administrators and no standard users. The problem went away. Turning that user back into a standard user, and the problem came back.
So there's one combination of options here that isn't working. In the long run I won't have any local users anyway, so it won't matter. This only affects me now while I'm migrating things. -
I have set up a scratch mountain lion server with open directory. copied over old user account directories and added my users that match the directory ids. Currently if a networked user logs into a networked computer, instead of mounting the network home directory, its creating a local home directory. suggestions?
thanks,
DaveAdditional info: it appears that certificates are not working either: setting up ical: "the certificate for this server was signed by an unknown certifying authority."...
-
HT202233 If I made the mobile account for a network user, can this user unlock the FileVault2-disk?
My Mac is connected to Microsoft Active Directory. Every time I schould unlock the disk with the local admin, then login as network user.
If I made the mobile account for a network user, can this user unlock the FileVault2-disk?
Thanks.Yes, but the FileVault password won't be updated automatically if the login password changes.
-
In our AD, all users have a network home that is set (smb://home for example). For some of our Mac users using AD for authentication, there is a 1-2 minute delay between entering their credentials and the OS being presented. The OS does not present itself until the user dismisses the alert: "There was a problem connecting to server home".Local users on the same machines do not have that problem.
It remains in the dock as User's Network Home as a ? that I am unable to remove, and there is also a 'Unknown' in the log-in items for the user as well (that I am also unable to remove).
Is there anyway to disable this share? Or to stop the Mac from trying to connect to it before loading the OS?In our AD, all users have a network home that is set (smb://home for example). For some of our Mac users using AD for authentication, there is a 1-2 minute delay between entering their credentials and the OS being presented. The OS does not present itself until the user dismisses the alert: "There was a problem connecting to server home".Local users on the same machines do not have that problem.
It remains in the dock as User's Network Home as a ? that I am unable to remove, and there is also a 'Unknown' in the log-in items for the user as well (that I am also unable to remove).
Is there anyway to disable this share? Or to stop the Mac from trying to connect to it before loading the OS? -
More than one network home directory? (newbie question)
I have a brand new shiny XServer for a small school. They wanted their Macs managed and secured so I eagerly started moving ahead with it. Now, because of the specific file sharing requirements of the school (teachers want access to student accounts and files for homework and such) I created a standard, by-the-book Network Home folder. Then I thought about it, and I shared another directory as a Network User Home folder. And now none of my networked user accounts can log in. They all give me "can't log in, there is an error".
Is what I did possible? Allowed? Recommended? Discouraged? Can you actually define two separate Network User Home folders on the same server, and then assign different users to different home folders? My server crapped out and now I may have to wipe/reinstall the whole thing to fix it.
Does anybody have any experience with home folders like that?
Any information would be dearly appreciated,
Thanks.Each user can have one and only one home directory, network or local. (Yes, even if you use Mobile Accounts or Portable Homes each account still has one home directory. You just have multiple copies of the user account and each copy has one home.)
You can have multiple share points that serve as home directory share points. In other words, not all of your users' homes need to be stored in the same place. By "network home directory share point," we mean a shared folder (share point) that has a corresponding dynamic automount record in the directory domain. The share point mounts at /Network/Servers/servername/path/to/sharepoint, and users defined in the directory domain can have their network homes defined there.
If you want to grant a group of teachers (let's call it teachers for simplicity) read/write access to student home directories, I'd suggest the following strategy:
1. Create two network home directory share points - one to house the students' homes and one to house the teachers' homes. For this example, let's say that the student home directory share point is located at /Volumes/Disk1/StudentHomes.
2. Create home directories for each student as you normally would.
3. Then add an ACL that allows members of the teachers group to read/write within the student home directory share point. For our example:
sudo chmod -R +ai "group:teachers allow readattr,readextattr,readsecurity,list,search,\
read,execute,writeattr,writeextattr,delete,deletechild,add_file,addsubdirectory,\
write,append,fileinherit,directoryinherit" /Volumes/Disk1/StudentHomes.
4. Now teachers simply navigate to /Network/Servers/yourservername/path.../StudentHomes/student's name and dig around to find what they want. (The teachers have read/write control of all student home directories now.)
5. When your teachers find it a little inconvenient to dig around in each student's home, suggest the following alternative: Simply create a share point to which students have read-only access and teachers can read/write. Within that share point, create "turn-in" folders for each teacher or class, and give students write-only (drop box) permission to the sub-folder. You could get more granular than this simple example where all students can turn anything into any teacher's "turn-in" folder, though.
--Gerrit -
Network Users with network homes not really working for me
I have with great pain setup a OS X Lion server on a Mac Mini that was supposed to be my central server to have 4 network users accounts and all the users data is stored on an external disk array with mounted network homes to the 2 iMacs and 2 Macbooks I have in my home.
I have gotten it all working and all my Macs are joined to the Open Directory and each User can login as a network users on any of the Macs and get their files via mounted home directory from the server. The home directories on the server are backed up with Time Machine.
I have found the following items that do not work proberly:
1) Desktop backgrounds settings are just lost sometimes for whatever reason. Desktop background goes to default and you need to manually set back to the one you have selected. This happen mostly if users have their own desktop pictures.
2) Keychain get's screwed up. The user often get the "Keychain doesn't exist to store ..." message and need to select to reset the keychain. Anything I have tried from "Keychain First Aid" to removing and have a new one created doesn't fix the problem. It keeps on coming back.
3) iTunes Storage and AppStore are getting confused about authorized computers. This is because a user logs in from another computer and then iTunes store would tell the user this computer hasn't been authorized to play the purchase music. Same happens with iPhone apps from the AppStore. Apparently those two stores are not setup to hanlde network users proberly.
4) Permission issues happen sometimes in Application like iPhoto where it would complain not being able to see photos or cannot add new photos to the library. Need to run a permission repair on the Iphoto Library to fix this.
5) One critical one is that it's not really possible to restore files from Time Machine. The Time Machine backup is done on the server by an administrator account directly backing up the user directories. When you go into Time Machine on the server even the admin can drill down into the user directories so no restore possible. The individual users have no idea that there was ever a Time Machine backup done as Time Machine is not setup in their accounts on the individual Macs. This prevents any possible restore.
I reckon that many of the problems are related to having only one location for ~/Library as the individual Macs are writing their user related settings into this directory in a central location. So what happens is when something on iMac 1 and then I log in on iMac 2 that might not exactly match this Macs config and it get's confused throwing one of the above erors.
Trouble is witth central network home directory the way they mounted i can't exclude the ~/Library folder. The only option I can see is mobile account because I have seen in the preferences that when they sync the handle Library items differently.
Does anybody have any experience out there with this sort of thing and can advise what's the best way forward?
If i can't resolve this I'll go back to have network users with local home directories on each Mac and just setup for each user a network share to which they copy files if they want them available on other Macs. Not as nice but at least it works!
As a said note I did this to make things easier but it has up to now cost me trouble then i had before!Haven't heard anything from anybody so probably to daunting a topic ...
I have now moved on to try Portable Home Directories (PHD) and syncing ... what a disaster!
First it took me ages to get this right as the way the home directores are mounted on the clients from the server it's just weired which has to do with how AFP mounts are implemented. Since one AFP mount can't be mounted by several users on the same system they use a workaround of mounting it to a temp directory and then linking it back to where it should be. Of course this causes major problems.
Okay it kind of worked so let's move on to syncing PHD. First of all on initial creation it only sync a small portion of the directory that should be okay but on some of my accounts it never went passed this stage. It said it's all synced but it only had synced the first 10% or so of the data. I wasn't able to make it sync anymore.
On other accounts it correctly synced all the data down, or so I thought. Apparently a few sync session back and forth and 50-60% of the data was gone. On further investigation it turned out to be iTunes and iPhoto libraries. Turns out does don't sync probably via Home Sync!!!
Apple product is not able to probably syncing Apple specific library files!!!!
So here my warning to everybody: DO NOT USE PHD and HOME SYNC to sync your data as you will lose stuff if you have iTunes and/or iPhoto libraries with Lion OS X Server!!!
The whole Lion Server experience has been a disaster for me. Now I have a server that does file sharing and time machine backup sharing. I can do the same thing with a standard Mac using those services. What's the point of Lion Sever for Home if nothing works proberly? -
Questions about Mobile User accounts
I'm having some trouble fully grasping Mobile User accounts and hoping someone could clarify whether they would be appropriate in my situation.
We have some non-"mobile" users that solely use one machine and we would like them to continue to use their local hard drives. Is a "Mobile" account the solution?
Second, if a user is already using an independent Mac that is not bound to any server..is it possible to bind it, create a mobile account, then sync local with network home folders such that all of the current data in their existing Home folder is added to the Network Home folder? or must the account be started from scratch?
Lastly, What if we did not want all that data synched to the Network Home because there is simply too much of it. Can we still enjoy the benefits of Network login while certain files are local (I assume this is what the synching prefs are all about?!?) Users use same machine for 99% of their work. only occasionally would it be nice to provide them access to their mail, etc from a different client
PowerMac G4 Mac OS X (10.4.4)I'll take some broad swipes at this and let the smarter people come fill in the details.
We have a true 1:1 setup in our office and have moved to PHDs as a means of protecting against downtime. The thinking is that we will have a spare machine lying around with our base installation ready to go. If a user's machine fails we'll replace it with the spare machine, let it sync the user directory from the server, and we're back in business. It's no substitute for a real backup system, but it potentially avoids having to run a restore from your backups. It also reduces network traffic compared to plain networked homes, and still lets your users work if the server goes down, but provides the benefits of centralized management. John DeTroye wrote a nice article about this.
If you've already got data on your "client" Mac you will need to move it onto the server. PHDs will download data from the server to the client on the first sync, but will not upload a complete home directory from the client to an empty directory on the server. You'll find some posts in this forum discussing how people have gone about migrating data prior to that first sync.
WGM allows you to establish exclusions for stuff you don't want to sync.
One thing to watch out for in the scenario you describe is the so-called "rabbit effect." Assume Bob uses Mac1 as his primary machine. If one day he logs into Mac2 his home directory will be downloaded to Mac2. Once he returns to Mac1 he'll still be cluttering up Mac2 with his data. If he logs into Mac3 the next day and Tom and Sue are also periodically logging into different machines, you can see how you'll end up with a mess pretty quickly.
Hope this helps.
Maybe you are looking for
-
How to Map the Unit field in case of DSO and INFOCUBE
Dear Experts, I have a issue ,Please help me to solve this I have DSO as provider , And, i have to map transformations btw the Datasource and DSO. In generic Data source, i have unit fields like BASME,MEINS (Quantity units) & STWAE (currency field)
-
Transfer a license from one workstation to another
We purchased some new laptops for certain users, and the old laptops are to be decommissioned. The old laptop for one user has his Acrobat Pro on it. I need to transfer the license from the old system to the new. How may I accomplish this? Adobe's he
-
How do I copy photos taken with my iPhone 3GS to my computer??? I am familiar with syncing, which I do every other day, and I can see pics from my computer on my I phone, but I cannot see my iPhone pics on my computer. Please help!!
-
Lost an e-mail I was working on. Where can I find it?
Tried to save a mail and the mail disappeared. Nowhere to be found in any of the directories of Thunderbird. I definitely didn't delete it!
-
Field not displaying on output
Hi, I have an issue in BIP when i do substring of a field. I have used incontext group variable: <?variable@incontext:G1;current-group()?> I need to substring a field but it is not getting the field value from the xml file. <ROW_Group> <ERP> <Test1>H