Augmented Records & Home Sync / Mobile Accounts…

[Tom H]

Hi Guys,

Does anyone have any experience of this ? My augmented records work perfectly, but when i set up mobile accounts the clients create the home folder on the local machine, but there is no sync back up to the network home folder?

Thanks

Tom

[Tom H]

Just changed the AD plugin to use the home folder path supplied by AD and it works, so it does seem that augmented records do not work correctly with mobile accounts. 😥

[Tom H]

I have augmented the home folder record, and unchecked ‘Use UNC path from Active Directory to derive network home location’ to prevent the home folder native attribute in active directory being converted into a standard attribute.

I have augmented the standard attributes HomeDirectory and NFSHomeDirectory which works perfectly.

– if i don’t augment and check the UNC box within the AD plugin then the user gets there windows home folder and when home sync is turned on it syncs properly.

– If i augment the record and uncheck the UNC box within the AD plugin then the user gets there alternative home folder however if i turn on home sync the local home folder is created but it makes no attempt to sync to the alternative home folder location as specified by the augment.

It seems the home sync must read the home folder location to sync to in a different way, as without a augmented record the sync works fine, however with the augmented record there is not even an attempt to sync the home folders..

Shame as the augmentation of a AD users home folder without the sync works perfectly, on a PC they get there regular home folder and on the Macs they get the alternative home folder just a shame i cannot get home sync to work which is crucial in this case due to it being media work.

Thanks Tom

😀

[Jon_c]

Tom,

I am having the same or similar issue:

Following the “Leveraging Active Directory on Mac OS X” documentation I have successfully configured augmented user records to derive an alternative home location, in my case the Users folder on the server – essentially I can log in the local computer with my AD credentials and mount a network home held on my Leopard Server. However, I am unable to apply the mobility settings from the group level (apparently you cannot apply MCX directly to augmented AD users?) successfully and synchronize with the network home. What I am left with is a mobile home that seems to have the home sync MCX settings applied (the home sync menu appears on the finder menu bar, but no sync occurs during login or logout and when I attempt to force a sync nothing happens. Also, the account is listed as a “mobile account” in System Preferences and not a “Managed Mobile Account”. Has anyone successfully implemented mobile homes with synchronization via AD augments?

I have attempted to add additional MCX augments to mirror the OD users – all to no avail.

Any help would be greatly appreciated.

Thanks

[Greg Neagle]

Once you create a mobile account, it is essentially a local account as far as most of the rest of the OS is concerned. This means augmented records will no longer apply, as the augments are used in combination with a specific directory service – in this case, AD. Since your mobile account information is not in AD, the augments don’t apply.

I’m guessing Apple did not take augmented records into account in their mobile account creation: what would have to happen is that the createmobileaccount process would have to create the local account as a synthesis of the primary directory service record + the applicable augment record from the secondary directory service, and then keep everything in sync. It sounds from your description that the mobile account is created using only information from the primary DS.

For your specific case, I’ll bet you can work around the HomeSync issue by using dscl to edit the OriginalHomeDirectory attribute to point to your desired smb: share, similar to this article: http://managingosx.wordpress.com/2009/02/19/leopard-mobileaccounts-and-nfs-homes/

Alternately, you may be able to use the createmobileaccount tool and pass the desired SMB URL via the -u option.

[Jon_c]

Thank you for the recommendations!
I was able to use the -u option with the createmobileaccount tool and specify the afp user home sharepoint where I had previously directed my AD augments ( e.g. sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n username -u afp://server.domain.edu/Users/username ).
After that I logged in with my AD credentials and was prompted with the option to create a portable home directory – synchronization to the network home worked flawlessly and all the mobility settings that I had previously designated for the OD group of with the AD user was a member functioned properly.

The next step is to document everything for my particular environment and see if I can stream line the process for AD users – logon script?.

So lets review…golden triangle (AD/OD)- cylinder of destiny (AD Augments – Network Homes for AD users with no scheme changes) – prism of truth?(AD/OD w/ portable homes).

[Tom H]

Hi All,

I finally got this working fully automated from the server side, with no alterations needed to the client.. i am going to document it and get the details up its fairly simple to implement through MCX.

Thanks

Tom

[Bill-G]

HI Tom,
have you had a chance to write up doing this from the server side?

I’ve got Home Sync working as per Jon but it would be good to not have to allocate a specific machine to a user, regular sync would be more useful

Bill

[Tom H]

Sorry guys i thought i had replied…

As a Managed preference use com.apple.MCX with the following :

Always:
Synchronisation URL / string / afp://server.domain.com/Users/%@

No need for Augmented Records if your just using Sync.

Tom

[samsungcon]

Thanks Tom for helping me out.I was having the similar kind of problem but after going through this tutorial i had my problem solved.It was just a silly mistake made by me in argument set up and was wondering [URL=Http://www.chacha.com/topic/how-can]How Can[/URL] i ake such a mistake but as i gain experience i will learn.thanks a lot buddy.

Regards
Jame
[URL=http://www.webtrends.com/Products/Optimize.aspx]Landing Page Optimization[/URL]

[Tom H]

Thanks

[djfake]

Is it possible to have a user that is both _augmented user records_ and have _portable home folder_ syncing?

[djfake]

[QUOTE][u]Quote by: Jon_c[/u][p]Thank you for the recommendations!
I was able to use the -u option with the createmobileaccount tool and specify the afp user home sharepoint where I had previously directed my AD augments ( e.g. sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n username -u afp://server.domain.edu/Users/username ).

After that I logged in with my AD credentials and was prompted with the option to create a portable home directory – synchronization to the network home worked flawlessly and all the mobility settings that I had previously designated for the OD group of with the AD user was a member functioned properly.

[/p][/QUOTE]

This worked for me on a 10.6 client. Do I still need the MCX setting Tom H talked about?

[drudus]

[QUOTE][u]Quote by: djfake[/u]
[p]This worked for me on a 10.6 client. Do I still need the MCX setting Tom H talked about?[/p][/QUOTE]

I think there are 2 methods being described here both ‘fix’ the lack of syncing with augmented user home folders.

1.
gneagle’s method. Run…
/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n username -u afp://server.domain.edu/Users/username
…on the client to generate the required settings to make the sync work. This can be managed via a login script pushed out to a computer group via MCX on the server. It requires a bit of setup on the clients to allow the login script to be managed on the server.

2.
Tom H’s method…
Manage an extra key for the com.apple.MCX record for the managed group…
Synchronisation URL / string / afp://server.domain.com/Users/%@

djfake, they both solve the same issue, you only need one. I’d suggest that 2 is most convenient to manage since it requires no client changes. It does require all members of the group to be using the same AFP home folder location.

[Tom H]

[QUOTE][u]Quote by: djfake[/u][p][QUOTE][u]Quote by: Jon_c[/u][p]Thank you for the recommendations!
I was able to use the -u option with the createmobileaccount tool and specify the afp user home sharepoint where I had previously directed my AD augments ( e.g. sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n username -u afp://server.domain.edu/Users/username ).

After that I logged in with my AD credentials and was prompted with the option to create a portable home directory – synchronization to the network home worked flawlessly and all the mobility settings that I had previously designated for the OD group of with the AD user was a member functioned properly.

[/p][/QUOTE]

This worked for me on a 10.6 client. Do I still need the MCX setting Tom H talked about?[/p][/QUOTE]

Depends how many people you have to do this for ? Would be a pain to do that for every user… im lazy so like a centralised approach

[Author]

Posts