Cannot logon to magic triangle mobile account when off network

I'm implementing a magic triangle configuration to allow AD users to log onto the macs in our department and used the OD groups to manage access to an xsan and apply managed perferences as needed. The users mac home folders need to be on the xsan and I don't have enough access to the AD side of things to change what AD specifies as the home folder so I have used augmented records to specify those attributes in the OD. That works fine and users can log on as a network users. Next issue was creating mobile home folders locally for machines that have predominantly one user or laptops that might be used off site and to have those sync back to the xsan when connected. Initially this didn't work, the mobile account would create, but all the folders still refered back to the network share and there was no syncing. To get round this I created a group in OD that had managed preferences that specified allowing the creation of mobile home folders and the importantly, the syncURL back to the xsan share that the created mobile accounts should use. Success, or so I thought. The accounts create and sync correctly (I mananged to get kerberos working with SSO but if not it asked for credentials when syncing) so when on the network, everything is fine. However if the machine is taken off the network (such as a laptop that is also used off site), attempting to log on to a mobile account created like this gives a shaking logon box. Any ideas how I make it store the credentials for the mobile account locally? Any other managed preferences I need to set?