Network accounts with local home folders

Similar Messages

• How to set up Open Directory Users with local home folders?

  Hi folks,
  i set up a Mac mini Server with the services DNS, DHCP, AFP and OpenDirectory running. Everything is working fine so far but i want my OpenDirectory Users to have their home folders locally on the clients harddisk. My Leopard clients are already bound to the directory but everytime i try to login the login window is shaking even when i use the Directory Administrator account. What am i doing wrong?
  Thanks.

  (Did you read my other reply? You need to make it a portable account for the caching of login credentials.)
  With network homes and portable account enabled on a machine you always run from the locally stored homefolder on that machine.
  This homefolder syncs with the server network home folder for that account.
  If either of these folders get corrupt or unintentionally altered files (permission problems) somehow, there is risk of losing files, syncing problems and more (can take long time to sync at login/out, during even without corruption - I prefer gigabit cable to WiFi for this for obvious reasons).
  You at least need to monitor storage space in both places. You don't want either to fill up the disk (worse on server because several users can have their folders corrupted at the same time). Working quota settings / account is probably a good thing.
  And you probably need to decide what is synced : all folders or just some (and when / how often).
  You either do this form the server (you decide) or let the user have some say or a mix of these two.
  You might want to leave out the user's personal files (music, movies and such) and also depending on emaIl client used, maybe not sync email if the client saves it like Entourage does it, in big ever changing database files. Might be better to just backup the mailserver if IMAP based.
  If a user puts other large files in their homefolder (often on the Desktop) they can fill up the server fast. DVD-projects anyone?
  Mixing different versions server/client might not work too good either.
  So having said that, when syncing works it can be really good and you can restore a machine/account fast with pretty recent data. You can if in a hurry even log in from another machine using the account network home folder, getting access to the synced folders/files.
  Using Time Machine it's a one way "sync" (more like "duplicate changed and new files" - which I like) and you have to manually set TM settings on the client for what is going to be backed up and when. I do atleast don't know how to do it from/on the server. This "less intervention by the server" can be a good thing but if your users don't "behave" you might want to be in the drivers seat "saving them from themselves".
  TM backups can grow fast and probably demands more user interaction when storage space is used up.
  As with all "backup" configurations you probably want some rotating media backup of both network homes and/or TM backups so you can do a restore. Of these two, network homes are the more important one to backup "further".

• Home Sharing, Network accounts with Portable Home Directories, iTunes 10

  I am using OS X Server an on that server is my account. I am also using a MBA with that same account using portable home directories (PHD). The MBA home directory does not contain my iTunes music, that is somewhere in /Users/Shared, because I do not want the added burden of encryption (the home dir is FileVault protected on the MBA, but not on the server)
  Thusfar, I worked on the MBA with iTunes and used rsync to sync with the server. There are reasons I want to stop that route (which are not important for the question)
  I have just upgraded to iTunes 10 before trying the following:
  1. Enable home sharing on the server
  2. Look for shared libraries on the MBA
  And found out that my account on the server needs to be logged in permanently and iTunes running to use Home Sharing that way. That stops the ordinary syncing of PHD so that is not a solution. Besides, I do not want to have an account logged in all the time.
  So, given the scenario that I want full two-way syncing of my iTunes library between my computers and that I prefer not to have an account logged in on the server, is there a solution?

  I ended up creating a dedicated local account for iTunes serving on my mini server.

• AD mobile account with local home directory

  I basically have the same question as this post:
  http://discussions.apple.com/message.jspa?messageID=696367
  I have set up Tiger workstations to authenticate to AD, I am forcing a local home dir. Everything works great. I want to do the same thing for Tiger laptop users with mobile accounts. The problem is that OS X creates a second home directory outside of /Users based on attributes from my AD schema. Just like with the non-mobile users, I want to ignore all home dir attributes from AD and just use the user's home dir that is in /Users. So the question is, how can you use a mobile account and force a local home dir with Apple's AD plugin??????

  Yes, I know how to click buttons in the gui, that does not fix the issue. The issue is that the Active Directory schema at my company includes extended attributes from the RFC 2307 schema. Apple's AD plugin does not know how to handle this extended schema especially when using mobile accounts.
  Apple's AD plugin reads these unix attributes from AD and thinks it knows what to do but ends up causing more problems then if there were no unix attributes at all.
  Since this post, I have opened a ticket with Apple. They were able to recreate the problem in their lab with their AD server. The only work around is to create a custom ActiveDirectory.plist file that forces the Mac to ignore what AD is telling it.
  This solution works unless the ActiveDirectory.plist file is deleted or corrupted. This problem will only become worse once Microsoft includes all of the RFC 2307 schema in their next service pack of Win 2003 server.

• Network users w/ local home folders

  Hi,
  I have a basic question that I can't find a clear answer to. How do I create a network user account (through open directory) and specify a home folder to be created on the local machine (users are nearly all at stationary workstations)?
  The documentation all says that it is possible but not exactly how. Maybe I'm missing something obvious?
  Thanks,
  Sb

  Hi
  Clients should be bound to Open Directory and be using the OD Master for their DNS. Launch WorkGroup Manager and authenticate to the LDAP node. If you have only a few Users you can do it at that Level if hundreds do it at Group Level. Select Preferences > Mobility. It's fairly obvious thereafter.
  After the home folder has been created you can make that account a local administrator if you wish.
  This assumes the Server has been configured as Advanced. Please don't take this advice if you've used anything else.
  Tony

• Change Network Home Folder to Local Home Folders

  Hello and Thanks in advance for your help.
  I created a mac network in our school this year. This is used for a video editing lab of 14 iMac's. I used a Mac Xserver with Server 10.5.7 on it and my clients are also 10.5.7. I upgraded my server hard drives to three 1TB hard drives in RAID 0 array. I created my users and decided to use true network homes so the students could use any mac in the lab at any given time. The Server has two Gigabit connections to it. This setup works great until you get more than 5 users at one time importing and editing videos. I believe the servers Hard Drives could not keep up with the data streams for multiple users and video editing.
  What is the easiest way to switch the students network home folders to local home folders on the iMacs? I tried it with a dummy account that I've been using from the beginning but when I try to change the mobility preferences in WGM to create a mobile account at login and use default syncing I get 2 different error messages.
  Either error while saving 14006 Or Error while saving 14084
  Sometimes an error about DSutil.cp line 712 comes up as well.
  Is it possible to have the students current Network Home folders sync to a local iMac and then switch them to use local home folders only? I'm trying to keep the students from losing the last few weeks of work.
  Should I try to use the create mobile account on the actual iMac instead of in WGM on the server?
  Thanks again,
  Mitch

  Thanks for the info Tony.
  Just for other people who are looking for answers to this problem I'll give my specifics.
  14 iMac workstations
  1 XServe server upgraded w/ 3 1TB WD Caviar Black drives RAID 0
  All networked using 1 Cisco Gigabit switch
  1 GB to each iMac
  (2) 1 GB connections to the Server
  The original true network home folders worked out okay for Final Cut Pro users. About 6 could work at the same time, capturing and editing their work. For iMovie HD only about 3 could use it at the same time.
  I could not get iMovie '09 v 8.0.5 to import to the network homes. Something about video library errors if I remember correctly. So I went back and they have been using iMovie HD with no problems.
  There was a lot of dropped frames and time wasted on importing with time code brakes.
  This is where I decided to create mobile accounts for each student on a specific computer set by the teacher. As stated about it will take about 3 minutes per GB of data to copy from the server to the local computer. Near the end of the student list (about 70) it would copy the data fairly quickly and then would sit at 100% for about 7+ minutes before It would finally complete and log off.
  The login sync still only takes about 1 full minute and the logout usually takes 1 minute but can sometimes take up to 3 depending on how much capturing they have done.
  After about 2 full weeks of use, this solution still seems very viable. There have been no complaints about dropped frames or lag while capturing. There is also no lag while using iMovie HD (which was very problematic before) during editing and playback. This is still great because at the end of the day they still have a mobile account and can access their data from any mac, besides the one they have a mobile account setup on. Also, if something happens to the server they can still login to the computer with their mobile account and still accomplish work and when the server is back up it will automatically sync on the next login.
  I'm not sure if it was the network or hard drive speed causing the lag. My server will only hold 3 SATA drives and they had to be configured for 1.5 instead of 3.0. The RAID was also setup w/ apple software and was not a hardware card.

• How do you setup a user mobile account, with the home directory stored locally and not synced to the server?

  I want to be able to setup a user mobile account, with the home directory stored locally and not synced to the server.  What is the best way to do this? I am running Server 10.6 with 10.6 clients.  Open Directory will be used to authenticate and manage preferences.   Also, this one account will be used simultaneosly in a computer lab setting, so files will be stored locally in the client, hence the need to NOT sync to the server.  Any Ideas? 

  currofelix wrote:
  So what does WGM Look like in the Home Tab? afp://servername.domainname/Users? or afp://Users?
  The attached screen shots should help you:
  You will only have to do this step once. Obviously you want to use the user's shortname here.
  Then, you will see this as an option in WGM:

• Mobile Accounts not copying home folders to local machine

  Having recently upgraded my MacBook to 10.5 (and having a 10.5 server) I have noticed an error with mobile accounts. My account has not synced for a couple of weeks and I have checked all the directory settings and cannot see any errors.
  I've removed all directory services and rebooted, put them back and it will create a mobile account but nothing is being copied to the local hdd. So basically it is functioning like a network account rather than a mobile one.
  This works fine on our 10.4 clients but having tried different users on my 10.5 system it does the same....creates the account, mounts the server but does nothing else.
  This means when you sync it says its complete but does nothing...its like its lost permissions to the folder on the server but that seems very odd.
  Anyone else had issues with 10.5? We have an AD server with our users and a 10.5 server with OD replicating AD and holding the home folders.

  Are you still ahving this issue?
  Would you do like geekinit in this thread and post some partial screen grabs (although is problem included Windows server Active Directory and profile Manager which I will get up to soon.)
  Unable to deploy home folder mobility settings through an Apple MDM server
  Did you create a fileshare for Local Network accounts to put their stuff
  If so where is OS X server?
  Did you tell the user in OD to use that fileshare?
  Here's a screen grab example
  Francois.

• Local Network User with Local Only or Services Only Home Folder Setting

  Hi all,
  According to the OS X Server Advanced Administration Guide, under the "Choose a user’s home folder location" section, "If you choose Local Only, the user won’t have a home folder on the server and can’t log in using the account information stored on the server."  However, when I create a Local Network User account with a "Local Only" home folder, Server.app creates a home folder in that user's name in the User's directory of the Server itself.  According to the documentation that shouldn't happen, right?
  The documentation gives no mention to the "None - Services Only" setting for the Home Folder.  I will only be giving users access to DNS, File Sharing, NetInstall, Software Update and Profile Manager.  I believe all I need are "Local Network User" accounts.  However, the documentation confuses me on whether the Home Folder setting should be set to "Local Only" or "None - Services Only".  Can someone clarify this for me?
  Many Thanks!

  The idea is that a local home folder will get created, but the home folder will not be available to the outside world via services (e.g. Portable Home Directory). I don't believe anything in the services you provided requires a home folder. So, you should be able to get by with "None - Services Only".

• How to move iMovie 11 project from network account to local HD ?

  Users have their home folders on the network.
  iMovie 11 doesn't seem to like (!?!) network drives so I'd like to reassign the default (project) location on the local HD while having network identity.
  Help.

  Copy the iMovie projec file, xxxxxx.iMovieProject to the other Mac and put it in the Movies folder.  Open it with iMovie, use the Share ➙ Media Browser menu option to get it out of iMovie so iDVD and import it from it's Media/Movies pane.
  Follow this workflow to help ensure the best quality video DVD:
  Once you have the project as you want it save it as a disk image via the  File ➙ Save as Disk Image  menu option.  This will separate the encoding process from the burn process. 
  To check the encoding mount the disk image and launch DVD Player and play it.  If it plays OK with DVD Player the encoding was good.
  Then burn to disk with Disk Utility or Toast at the slowest speed available (2x-4x) to assure the best burn quality.  Always use top quality media:  Verbatim, Maxell or Taiyo Yuden DVD-R are the most recommended in these forums.
  OT

• How do I make a network account a local admin?

  I'm using Admitmac to get on a windows domain and every time I try to change the current logged in network account to be an admin the setting never stays, just reverts back to a network account. What do I need to do?

  In ADmitMac v3.2.2, there is a configuration setting to allow a user or group of users local administrator privileges.
  Please follow these steps:
  - Open Directory Access (/Applications/Utilities/) and unlock if necessary
  - Double-click ADmitMac
  - Double-click the domain name
  - Click the Admin tab
  - Check the "Map admin group to:" checkbox, and click "Browse..."
  - In the "Name" field, enter part of a group name or a domain user's account name, and click "Find"
  For example, "Domain Users", "Domain Admins", or "[email protected]"
  - From the given list, select the desired name and click "Add"
  - Click "Done", quit Directory Access, and Log Out
  To verify this setting:
  - Log in with a domain account
  - Open System Preferences and click the Accounts pane
  - The account listed under "My Account" will be the domain account
  - The item "Allow user to administer this computer" should be checked
  NOTE: In Mac OS X v10.3.x, this option is under the "Security" tab.

• Two networked macs with identical user folders...

  Situation: my wife and I each own our own Mac, but 2 isn't always enough. Often a friend will come over and snarf one up for extended periods of time. When this happens, one of us can't access our own account (we have a guest account on each) on our computer.
  Solution: Is there a program that will completely and safely synchonize our users folders across both macs? It would be great for us to be able to sit down at either machine, anytime, with all of our preferences/bookmarks/documents instead of having "his" and "her" macs.
  Anybody have a suggestion? There's a myrid of backup/sync software out there, and I've tried many, but thus far none have fit the bill. BTW, we have mostly all the same software/apps installed, and in the App. folder vs. our home folders if this helps at all...
  TIA!
  24" iMac, Dual 2.0 G5   Mac OS X (10.4.9)  

  Off the top of my head I'm thinking of this solution:
  create the same account on each mac.
  Start sharing on each mac
  create an applescript that will see if the other mac is available, and if so connect to the home folder on the other mac
  have another script or workflow that will check for changed files on logoff and synch those files to the other mac.
  There are also links out there on how to use flash drives as portable home directories. That might work for you.

• Building new server with old home folders

  I have a dying 10.5.5 server with OD that is in dire need of a rebuild. I am going to install 10.5.8 unlimited on a new machine and create all the same user accounts(names) in WGM, I then want to re-link all the old home folders to the new accounts.
  Is this as simple as naming the new accounts identically as the old ones and then making the home folder location the same as the old?
  Will I need to do anything regarding permissions on the old home folders etc??

  Hi,
  I have had to do the same thing many times what with server upgrades, crashes etc and I have found the most effective way is as follows:
  1. Create the OD on the new machine and create the accounts making sure that the shortnames are the same so that the home folder names match in the new location.
  2 as root user (type su - in terminal and put in the root password)use rsync in the terminal to copy the old folders to the new location eg:
  rsync -av --progress [email protected]:/Volumes/userdata/homefolders/ /Volumes/userdata/homefolders/
  That could take some time but it is better than using a gui as it can tend to corrupt a few things.
  NOW, you will find that there are permissions issues if the user ID's have changed accross servers so I always run a little script to correct this. I will explain how to do it in the terminal in case you may be baffled by the terminal, my apologies if you already know this but it may help someone else.
  open terminal and type: vi permissions.sh
  you will then be in a vi editing window. Press I (thats an Eye not an Ell)to start editing and type in the following (adjust for your own environment)
  for i in /Volumes/userdata/homefolders/*
  do
  u=`echo $i | cut -d/ -f5`
  chown -R $u /Volumes/userdata/homefolders/$u
  done
  Now press ESC to get out of editing mode and type : x (without the space in between, edited to remove smiley) and hit return to exit and save.
  back in the terminal window type chmod 777 permissions.sh (this makes the script executable)
  Now you should be ready to run the script which will effectively take the name of each folder and change the ownership of everything in said folder to the new user and rectify any permissions issues.
  type: ./permissions.sh
  You should be sorted now.
  Alternatively you can try Passenger. http://macinmind.com/?pid=2&progid=1&subpid=1 which can do all of the above but I find it quicker to do it manually.
  I do use passenger for bulk account creation though, admins best friend.
  Hope I never lost the plot there and that it helps someone on their way
  Message was edited by: PsyMan2009 to rectify smileys at vital parts LOL

• Account Creation and home folders

  Ok. I am more than frustrated at this point so any hep would be appreciated. I work in a school environment that uses Windows server to manage accounts and files. I am setting up a colleagues room which uses iMacs and a PowerMac running Snow Leopard server; the clients use Snow Leopard. I have set-up the new server and bound it to the AD. I have also set-up one of the new iMacs with all programs installed and installed the server tools, ie WG manager, Server Admin, etc., to manage the privileges for the accounts.
  My problem is this. When the students log into the clients, i want their home folders to be located on the server and not on the client machine. This way, they have their files no matter what computer they log into. I am tried many different ways to do this, none of which has worked. Any help would be appreciated.

  Hi rhahn and welcome to Apple Discussions!
  I think you may be confused on one point. PowerMacs (that is a Macintosh with a PowerPC processor) will not run Snow Leopard Server. It requires an Intel processor. Perhaps you have a Mac Pro?
  Best of luck.

• Network Account as Local Admin

  Hopefully an easy question, is there a way to specify a network account in WGM that will act as an administrator account on a local machine? Ideally I'd like to have network account that I could log into that would give me administrator access to the machines on the network (that I've joined to that directory.

  Unfortunately, I think the answer is no. There is a way of doing it, but it's a bit roundabout.
  The account that you want to have local admin rights will have to be set up in WGM as a Mobile Account (in WGM select the relevant user, select Preferences, Mobility, Account creation/Creation tabs set to "Create mobile account......." = Always).
  Sorry if I'm saying stuff you already know, but always best to start from the basics.
  Mobile Accounts means the user account is copied from the server to the local machine and stored locally. It is then updated to and from the server at regular intervals. Once the account exists on the local machine, you can then go into System Preferences/Accounts, authenticate as the current local admin and select the "Allow user to administer this computer" check box.
  The trouble is that you then have to do this for every computer you intend to manage, which is a bit of a pain.
  So in summary, yes, it can be done, but probably considering the amount of work involved (depends to a certain extent on the number of machines you are administrating), it's almost easier to have a standard local account on each machine, which is the way I do it on my network.
  You never know, there may be another way of doing it like you want, but I've never come across it or heard of it being done. If anyone out there knows any different, please feel free to enlighten us both, lol.
  Message was edited by: MattLucas1505