converting users from local to network authentication

[Anonymous]

I have about 30 macs using local accounts, with separate logins for our fileserver. I’m looking to migrate them to portable home directories, but want to maintain the local accounts for awhile in case of emergency. Problem is, the shortnames for the local and server accounts are all identical (first initial-last name), and my custom search policy seems to stop when it finds that the password (for the OD account) doesn’t match the one for the local account.

I think I read somewhere that it’s supposed to continue on to search the LDAP directory domain, but I can’t figure out where I saw that. Is that true? Logging in using long names, or adding secondary short names to the server accounts doesn’t circumvent the issue. My server is running 10.4.3 and clients are mixed 10.3.9 and 10.4.3; the problem exists on both kinds of clients though. Any suggestions? TIA

[marcelborsten]

The client will first look in the local NetInfo database to find the user. As you can see in Directory Access, it will always first look local. So when you try an account thats on the server and local, the client finds the account local first, then tries to authenticate and fails with that because its the wrong password. Its will not keep looking on in OD, because it had already found the account in NetInfo.
Try to use different shortnames on the server, or backup and remove the account from the client.

[b_caceres]

Has anyone ever commented on how opaque it is to call these kinds of accounts “mobile”? I’m managing desktops, not laptops; the computers aren’t going anywhere, nor for that matter are the users. For our needs, all the files a user works on should remain on their local drives.

I found the above-linked article far more illuminating than the pounds of documentation I’ve gathered so far. You guys are invaluable.

I just have two further “how does it work” questions to help me make sense of all this:

(1) Once the switch is accomplished, what happens to the user if the server is offline for whatever reason? Can users authenticate locally again to access their local files, or are their desktop machines invalided?

(2) Suppose a user tries to log in from a different computer on the network using a valid login and password. Is authentication tied to the local machine solely?

[Dman]

This is a great thread. Exactly what I’m trying to do with my users. Only something didn’t work when I tested it.

I’m following your method for converting standalone users to mobile OD account. I’m working with one test client I called joeuser. I followed you abbreviated steps and just deleted the netinfo user on the client machine, Chown’d the old folder, then after setting up the OD mobile user and logging in it created the Home. Only it didn’t use the existing joeuser home it created and new Home called 99 that I can’t access. I can however access the old home folder still.

Any ideas on what went wrong?

Damon

[indiekiduk]

[QUOTE][u]Quote by: Dman[/u][p]This is a great thread. Exactly what I’m trying to do with my users. Only something didn’t work when I tested it.

I’m following your method for converting standalone users to mobile OD account. I’m working with one test client I called joeuser. I followed you abbreviated steps and just deleted the netinfo user on the client machine, Chown’d the old folder, then after setting up the OD mobile user and logging in it created the Home. Only it didn’t use the existing joeuser home it created and new Home called 99 that I can’t access. I can however access the old home folder still.

Any ideas on what went wrong?

Damon[/p][/QUOTE]

Yes on the server in Workgroup Manager, choose Accounts, joeuser, Home tab, click the item under (none) should be afp://serverip/Users and choose Create Home Now. If its grey you need to click the pad lock in top right. Then when you log in you won’t get the 99 folder. Delete any 99 folders if you see them afterwards. I think the author didnt mention this step because its always the first thing you normally do when you create a new account on the server.

[Author]

Posts