Unable to deploy user mobility account

Similar Messages

• How do you setup a user mobile account, with the home directory stored locally and not synced to the server?

  I want to be able to setup a user mobile account, with the home directory stored locally and not synced to the server.  What is the best way to do this? I am running Server 10.6 with 10.6 clients.  Open Directory will be used to authenticate and manage preferences.   Also, this one account will be used simultaneosly in a computer lab setting, so files will be stored locally in the client, hence the need to NOT sync to the server.  Any Ideas? 

  currofelix wrote:
  So what does WGM Look like in the Home Tab? afp://servername.domainname/Users? or afp://Users?
  The attached screen shots should help you:
  You will only have to do this step once. Obviously you want to use the user's shortname here.
  Then, you will see this as an option in WGM:

• Unable to create a mobile account on Macbook

  We have a Macbook where during the first login they chose not to create a mobile account with this particular login ID (active directory).
  Now we need to allow this user to have a mobile account on the Macbook but when we try it will not create a home folder etc.
  If we login with a different user it works just fine.
  I notice it does not show the user in the accounts-preferences only when logged in with that ID. It also comes up with network,managed vs. managed,mobile.
  Anybody have any ideas? Is there a way to remove the user ID so we can start over to create a mobile account.
  I did try to create a mobile account using the preferences but it did not work. It still fails and is coming up with the "The home folder is not located etc etc" message.
  Thanks

  Update:
  I finally found a work around in the forums. The command I used was this:
  sudo
  /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileac count
  -n userid -v
  The post was this:
  http://discussions.apple.com/thread.jspa?messageID=7515435&#7515435
  Hope this helps someone else.

• Users unable to create Mobile Accounts

  Good afternoon.
  I have an interesting problem with the creation of Mobile Accounts.
  We have a Computer Group with its Preferences set to allow the creation of Mobile Accounts & Portable Home Directories; with due consideration given to what to synchronise and what not to. The iBooks & Mac Books in this group are all used by one staff member only. They are all running 10.4.7 and have 256 or 512 MB RAM.
  The first two laptops added to the list allowed their users to create Mobile Accounts & PHDs no problem, and they continue to work. But any other machines I add to the group refuse to allow the creation of a Mobile Account. It seems that Workgroup Manager does no pass on their changed Preferences during subsequent logons. I have tested this by renaming a laptop at its entry in the group and seeing if the name is changed on the machine at the next login. It is not, but stepping through the machine’s settings at the logon display does give me a green light for network availability.
  I can create a Mobile Account on a machine by logging on as a user and amending their account Preferences, but this does not provide the same degree of flexibility in configuring synchronisation settings.
  Has anyone else seen this problem please?
  Brian Bowell ICT Support
  [email protected]
  Tel: 07 856 6537
  Fax: 07 856 6588-- -

  The problem was an error in naming the computer group. Renaming it solved the problem.

• Unable to activate mobile account

  Hi, I am in a dead end.
  I am trying to settup mobile account on 10.8 Server, with 10.8 clients.
  So far, I got my Open Directory seted up server.name.private
  I created a new user in the Users tab, named test
  The Home Folder is setted up for my Homes folder, which is on a secondary hard drive.
  This file is shared with File Sharing, and have read/write permission for the group of my user.
  If I check the folder permission in the Finder, it is strange, but I don't know how to clean them. Each group is there two times, and they have Custom privilege
  With Workgroup Manager, I selected my user, went to the Preferences tab, and setted up the Mobility section.
  The options for Account Creation are Manage: Always, Account Expiry are Manage: Never and under Rules, Home Sync, I selected Once.
  On the client side, I activated the mobile account option, and entered the Open Directory adress.
  And when I log in, I put my info test/password, and the message You are unable to log in to the user account "test" at this time. Logging in to the account failed because an error occured.
  And here is the log from the server
  CFPreferences: user home directory for user kCFPreferencesCurrentUser at /var/teamsserver is unavailable. User domains will be volatile
  Does someone have a clue for me?
  Thanks!

  Can you wipe the sytems and migrate the data? With my experience in Mobile Users this will probably be quicker than trying to troubleshoot MObility problems.

• Unable to open user accounts

  Hello All,
  I have a strange problem with few Windows server 2008 x64 SP2 machines, where in we are unable to open 'user accounts' from control panel. On opening 'user accounts', a windows explorer window pops up and disappear in a fraction of second.
  Tried opening with below command lines and behavior is same as above.
  nusrmgr.cpl
  control nusrmgr.cpl
  RunDll32.exe shell32.dll,Control_RunDLL nusrmgr.cpl 
  Could you please assist me in fixing this issue.
  Note - Local users and groups MMC opend fine.

  Hi,
  Before going further, would you please let me confirm some questions? If start computer in
  Safe Mode, can you launch User Account in the safe mode? Meanwhile, please make sure if there are some Group Policy settings that block the user account.
  After confirmation, please logon as administrator (if you didn’t use the admin account) and then check if this issue still exists. Meanwhile, please
  run
  sfc /scannow
  command to scan missing or corrupted system files and repair them.
  In addition, please compare the "System" registry key in the problematic machine with another machine working properly.
  The path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.
  If there are some missing, please export keys from a machine that work properly and import it into the malfunctioning machine.
  Please note: before operations, please backup those registry to avoid unexpected issues.
  Hope this helps.
  Best regards,
  Justin Gu

• Mobile account setup stops syncing and acts like a network user

  Mobile account setup stops syncing and acts like a network user system under ODM
  Setup: Mobile laptop users authenticating against an ODM. Every user has a networked home directory on an Xserve. The whole setup is 10.4 (client and server). All systems run a standard image. Most effected systems have been re-imaged since the onset of the issue.
  Issue: Some of the users are not syncing properly every time. It is as if the system forgets it is a mobile system and reverts to using the User's network home (instead of saving to /Users and syncing). If the user is effected, the system will not even accept cached credentials if they are off network. This forgetfulness does not seem to follow any pattern and does not effect all of our mobile users.
  In mucking about trying to find a cause to this issue I ran across an oddity in all effected systems Netinfo database. The users are each listed twice. Each entry has the same username, short name and UID. Also, In each case one record looks wrong... this varies somewhat from user to user, but in each case there is marked difference in the record's contents. Deleting the incomplete record in Netinfo manager seems to solve the issue (seems, as we are very early in testing this).
  Anyone have a clues as to where this double came from? The only lead so far is that it looks like the users having issues pre-date the use of mobile accounts. At some time they all had local accounts that authenticated against the ODM but never synced or had networked home directories. The pool of users who just got laptops (and thus never had a local account) seem unaffected so far.
  Also, what is the best way to browse the ODM master to find these duplicates?

  I have a similar issue with computers bound to Active Directory. Users occasionally have a problem logging into their computers even though their account is fine. Logging in as Admin and running netinfo manager always shows duplicate user accounts. Deleting the one that says disabled always clears up the issue. I'd like to find a startup script that would delete the disabled account, thus preventing the issue.

• Mobile account users can not log on to the snow leopard server machine?

  Hi all,
  I've setup a network user and designated it as a mobile account. ** OS X 10.6.2 **
  When the user logs out of the snow leopard server machine, home sync tries to sync the local and network home directories. It is never able to connect. The network home directory is automounted and is not the default path /Users. I can see the two home directories on disk.
  Anyone else able to have their mobile users log in to the snow leopard server machine without issues?
  OS X 10.6.2 **

  It was the Sync server was down and did not know it

• Mobile account on laptop will no longer connect for one user

  I have a set of laptops with user accounts set up on them as mobile accounts.  This morning one user stuck in his username and password, and the login panel went away and the "purple stars" came up, but it hung there and didn't continue and log him in.  After about 5 minutes he got tired of waiting and hit the power button on the laptop.  When it rebooted, the usual login panel offering his name, the local administrator account and "other"  was missing his name -- just the admin account and "Other".  Then he came to find me...
  If I go to "Other..." and ldap is green light, and put in his username and password, it shakes it's head like he doesn't exist.  I've tried all of the usual tricks back on the Open Directory server -- turn his account off and back on, change the password save change it back, etc.  I have compared the setup with several other users who work just fine, and I can't see anything different.  I have even logged in with my account (which is not set up for mobility) and it takes the username and password and refuses after a certain point in the login.  When I log in with other mobile accounts, it logs in and gets as far as offering to create a local directory (which I cancel out of.)  So it's just this one user's account.
  When I log in to the local admin account and run system prefs and go to accounts, his account is there and shown as type "mobile".  His directory is there, and an 'ls -l' on it shows that he owns it.  I've run the directory utility, and everything looks great -- and I can log on via ldap with the other accounts.  If I break ldap connectivity by turning off the airport and unplugging the ethernet cable, the light goes red and then the only option on the login panel is the local admin account, not the lodmin plus his account in local mode.
  Anybody know what's broken?  Evidently the mobile accounts don't like to be powered off in the middle of a login!  Anybody know if there is some lock file somewhere that I needs to be deleted?

  Hi @TSimo,
  Welcome to the HP Forums!
  I wasn't able to find much on a Photosmart 7420, did you perhaps mean Photosmart 7520?
  If that is correct, this may just be a case of needing to reconnect the printer to the wireless network again due to the upgraded router and extender
  To do this, please restore the network defaults on the printer (press the wrench on the printer's touch screen, select Wireless, then select Restore Network Defaults, should be the last option) and once that completes go back to the same Wireless menu on the printer and run the Wireless Setup Wizard on the printer. This will update the connection on the printer itself.
  After this completes you will need to remove the driver and re-add it on the computer. How this is done depends on the operating system, so if you're not sure how to remove the driver and re-add it, please let me know which operating system you use and I will get you some instructions
  Hope to hear from you soon!
  Please click “Accept as Solution ” if you feel my post resolved your issue, as it will help others find the solution faster
  Click the “Kudos Thumbs Up" on the right to say “Thanks” for helping!
  **MissTeriLynn**
  I work on behalf of HP

• Active Directory user passwords on mobile account with File Vault

  Hi all,
  I enabled file vault when I moved to my MacBook Pro. I joined the computer to the domain (after enabling file vault), and logged in with my domain account, creating a managed, mobile account so that I could use the computer when not connected to the domain.
  Active Directory has forced a change in my password for the domain account but I cannot get the password on the Mac to change the password and sync with the domain.
  My account (the one with the changed network password) on the Mac is a standard user account. When I open system preferences, go to Security & Preferences, General, click on the lock to unlock and allow change and then click Change Password  ..., I receive the following error message after going through the steps to change the password:
  The password for the account "user" was not changed. There was a problem with your password. It's possible your system administrator doesn't allow you to change your password. Contact your system administrator for help.
  For Old Password, I used the old network password, the one that I use to log into the Mac. For New Password, I used my new, current password.
  The same result happens when I attempt to change the password from the Users & Groups section of the System Preferences.
  I have logged out and logged in with the user account that is identified as the admin and get a similar (same ?) error when attempting to change the password.
  Any suggestions? How do I get the passwords to be one so that I can forget the old password?

  Thanks for your insights.
  The Tech Tool report happened after AppleJack, and never showed up before that. Restarting again just now, it showed up again.
  I had not emptied the trash, but did now, and the 'get info' on my hard drive still shows that I have used nearly all of my 160 GB.
  Re Disk Warrior: I do have it and just ran it. I emptied trash again and checked to see available disk space: I have 2.47 GB, so the problem still exists.
  Here is the disk warrior report for the first part of its tests:
  DiskWarrior has successfully built a new optimized directory for the disk named "Hildegarde." The new directory is
  ready to replace the original directory.
  There is not enough contiguous free space for a fail-safe replacement of the directory. It is highly recommended that
  you create 204 MB of contiguous free space before replacing the original directory.
  All file and folder data was easily located.
  Comparison of the original and replacement directories indicates that there will be changes to the number, the
  contents and/or the attributes of the files and folders. It is recommended that you preview the replacement
  directory and examine the items listed below. All files and folders were compared and a total of 14,627,488
  comparison tests were performed.
  • Errors, if any, in the directory structure such as tree depth, header node, map nodes, node size, node counts, node
  links, indexes and more have been repaired.
  • 1 folder had a directory entry with an incorrect custom icon flag that was repaired.
  Disk Information:
  Files: 552,652
  Folders: 131,014
  Free Space: 2.47 GB
  Format: Mac OS Extended
  Block Size: 4 K
  Disk Sectors: 321,410,736
  Media: HDT722516DLAT80
  Time: 11/28/08 6:54:19 PM
  DiskWarrior Version: 4.1

• Mobile Accounts:  Computer or User?

  I finally figured out how to set up my DNS/LDAPv3/server on my LAN.  But, playing around with setting up Users and Computers is still confusing.  I had unsucessfully set up a mobile account (multiple times), with a user directory (by accident), but was not sucessful in getting them to sync.  My scenario is this:  I have (1) MBP that I have an existing user account (my account) which also  happens to be the administrator account.  My goal is the get my home folder in my MBP to sync to the server I set up.  Eventually, I'll set up another laptop so I can use either and use the same home folder, or just log in as that user (myself) on the server directly.  So, a few specific questions so I can get started...
  1.  Using Workgroup Manager, should I be setting up a new "User" or new "Computer" on the server?
  2.  When I set up either for experimental purposes, Under Accounts>Basic, there is no Home Directory.  When I click the Home, then click + to add one, I don't know what I'm supposed to type (i.e.,  Mac OS X Server/Share Point URL, Path to Home Folder, or Full Path).  Ideally, it would be nice to have my network home folder of my PHD on my external RAID, but anywhere would work for the time being. 
  3.  Can this be done for an existing user on my MBP, or is this only for new users or computers?  Should I reinstall the SL client on my MBP and dedicate the Administrator as just that, then create a new user on the server and clone my existing home folder to it (with my applications and preferences on my MBP or course)?
  I've read through the user manual a few times.  But, I just don't have enough server knowledge to pick up on whatever Apple is explaining.

  From what I have done and learned with Mobile Users, these are few tips;
  First, you need to have a Mobile User in your server so you an sync it. You can not sync the user from your MBP just like that, the User needs to exist on the server to be able to get synced.
  Second, you need to create Sharepoints with AFP or witch ever service you wish to use, (I recommend AFP for mac user homes), Add AFP service in Server Admin and open it, create folder somewhere what you wish to use for sharing the data ( in the raid drive perhaps), and then click Share, and select use for User home folders. When you do this, this sharepoint will show in Workgroup Manager in User / Home tab, and you can just click it from there, and hit Create Home Now, then remember to Save.
  I believe there is a way you can transfer your user and home folder&files to your server, I remember reading about that somewhere in here, but I dont have spesific instructions for you I'm afraid. You need to search this forum.
  Hope this gives you some direction

• Setting Up Mobile Accounts to For Users Who Already Exist

  Hi there,
  I work for a company with about 10 Macs, all laptops, all are on 10.5.
  They have never had a server and have asked me to set one up for them. I am in the process of setting up a server here with a new copy of OS X Server 10.5. Here's my question.
  The people here are half-wits and any kind of backup which involves them, you know, actually doing anything is never going to happen.
  My thought was to set up Mobile accounts for all of them s this provides seamless syncing and no issues if they leave their office, The problem seems to be to set up a mobile account seems to require a new user where all the people here already have home folders/stuff on their personal laptops (we don't share computers). The user I create on Open Directory seem, even if i give them the same details of the current user on their laptops, to be different. Is there a way to make this work or should I just make them all Time Machine backups to the server instead?
  Thanks,
  Ben

  So create a csv file with the following headers and data
  UserID, Alias
  UserID should be the user SamAccountName, and the Alias is the Mailbox Alias that you want to set. Supposing that the csv file is named users.csv and located under C:\ , open the Exchange Management Console and run:
  $users = Import-Csv c:\users.csv
  Foreach ($user in $users) {
  Enable-Mailbox -Identity $user.UserID -alias $user.alias -database 'DB1'
  Set-Mailbox -Identity $user.UserID -IssueWarningQuota 1.5gb -ProhibitSendQuota 2gb 
  Please Mark As Answer if this helps
  ammarhasayen

• Mobile account disabled unable to re-enable

  First some background. We have an Open Directory Master setup on Snow Leopard Server 10.6.2. I have a default password policy of 5 attempts and the user account is locked out. I am in the process of binding Snow Leopard clients to Open Directory. All of my users are on laptops so I was setting them up with mobile accounts. First I would bind the machine to Open Directory, then I would have the user login with their network user account. Next using System Preferences I would convert the currently logged in network user account to a mobile account. I assumed I needed to do this so the user would be able to login to their machine while the server was unavailable.
  My issue is that the using a second machine the user locked out their account. I re-enabled the account in WGM, but the user cannot get into their laptop. I use WGM to view the local directory and it show the local cached account as disabled. Unfortunately there is no way using the GUI to re-enable the cached local account. Also using dscl I see that AuthenticationAuthority has ;DisabledUser; as the first value before LocalCachedUser.
  It seems I don't fully understand how mobile accounts work. I assumed that a cached version of the account would be created on the client machine for use when the Directory Server was unavailable. I thought that when the Directory Server was available that it would take precedence over the cached copy. Is this not how it works?
  Also my attempts do edit the user account using dscl to remove the ;DisabledUser; value were not successful. Is there an easy way to re-enable this account?

  Mr Beardsley wrote:
  I think what happens, at least in our office is that after the 24 hour period for Kerberos people will have to enter their password again for things like iCal, iChat, etc. If they mistype their password, and save it in keychain, I think it can rapid fire try to authenticate many times without any visual feedback and lock out the account. Reactivating in workgroup manager handles the account in OD, but unfortunately the local copy of mobile user account doesn't see or honor that the account has been reactivated on the server.
  I was doing the same thing as you deleting the mobile user account on the system, but that was getting to be a pain as I would have to remake the mobile user account and the user would lose their picture every time. After I discovered the pwpolicy command I have tested it several times and deleting the user account is no longer necessary. Just re-enable the account in OD, then run the command I put above to re-enable on the client.
  What I would love to see happen is that the client machine check with OD to see if the account is enabled/disabled then update itself to be in the some condition. Until then it's running a command on the client to get the account working again.
  Mr. B,
  I think you're right about all of this. I'm experiencing this too with only one mobile user. This user is in a different office all week. Then on Fridays he's here at our HQ. His laptop is set to sync every 3 hours. For some reason it is at this syncing stage that his account becomes disabled. I think the HomeSync function may be requesting a password that the user is entering incorrectly because they get confused as to what password to enter. I'm not sure if they are entering incorrectly once, 3 times, 10 times or what. They are frustrated and so am I.
  However, the pwpolicy command you provided DOES re-enable their local mobile account and it is available after restarting. So thanks for that!
  We have several different passwords that for any given user (SLS network account, file-server, email, plus their keychain password).
  Anyone have a tried & tested "user-friendly solution" to keeping these all in sync after our 2-month password expiration?

• Lion Server Mobile accounts for Macbook users

  Hi All,
  I'm looking for a 'Best Practice' when setting up mobile accounts for Macbook users who just want to be able to use their machine away from the office.
  We DON'T want to sync anything, just create a mobile account on the Mac (a bit like a domain profile on a PC).
  I understand that this can be configured through workgroup manager in preferences for either the machine or the user account.
  What should the mobility settings be set to? Obviously the Account creation box is ticked but what should the 'Create home using' settings be ?
  Thanks Trappers

  I figured out how to delete the user from the command line.
  I used Remote Desktop to send as Root: dscl . -delete /Users/userID
  Where userID is the user's shortname.
  You could also log in locally and use the terminal to send:
  sudo dscl . -delete /Users/userID

• Unable to create a specific Active Directory mobile Account

  Dear Community,
  I do have a problem with one workstation when I want to login with a specific Active Directory mobile user account. The login window will shake and refuse login due to invalid credentials... but this is not true, on other workstations the same account works without any problem. And also the Active Directory settings are verified and correct and other mobile account also work.
  So I tried to create the mobile account manually via Terminal :
  sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobilea ccount -n username
  sudo createhomedir -c -u username
  But this command results in an error that the account already exists, trying to delete, again an error null, etc... so no way.
  So I tried to start up in Single-User-Mode and get into dscl to finally delete this mysterious account daemon... but again I'm resulting in an error:
  dscl . -delete /Users/{username}
  <dscl_cmd> DS Error: -14009 (eDSUnknownNodeName)
  Anyone any idea how to get this base cleaned so I can make this specific operator work on this specific Mac ? Help greatly appreciated. Thanks
  Cheers

  Could it be DNS cache?
  http://old.nabble.com/%3Cdscl_cmd%3E-DS-Error%3A--14009-%28eDSUnknownNodeName%29 -td30706666.html
  The LSAP DB?
  http://old.nabble.com/Bad-Users!-td19172901.html
  Or even this?
  https://discussions.apple.com/thread/1448801?start=0&tstart=0