MCX settings not always applied

[HendersonD]

We are using the Magic Triangle with Mac clients authenticating to AD and OD. Our managed preferences are not consistently being applied upon login.

– Xserve bound to AD
– One Group made under OD on the Xserve. AD groups are then made members of this OD Group. The AD group is made up of students
– Managed preferences are applied to the OD group
– Mac client bound to AD with the “Create mobile account at login” checkbox checked
– Mac client LDAPv3 settings list my Xserve with LDAP Mapping set to “From server”
– The authentication search order is AD before LDAP(OD)
– I login on the client as a student the first time and managed preferences are applied
– I restart the machine and login as the same student, managed preferences are not applied. I then login as a different student who has never logged in before and I get managed preferences.
– Every time I get my home directory via profile set in AD

The Xserve and Mac clients are running 10.4.10.
Any ideas?

[HendersonD]

I just solved this problem, I am hoping others can benefit.

I have a student who has an account in AD with name HouseM
HouseM is a member of an AD group called $2008 which is his graduating class
I have an AD group called HS Students which is made up of AD groups $2008,
$2009, $2010, and $2010
I have an OD group called Students. I made the AD group HS Students a member
of this OD group

The problem is things are nested too deep. In other words it looks like this:

Students(OD Group)–HS Students(AD Group)–$2008(AD Group)–HouseM(AD User)

It seems that upon first login it can apply managed prefs by following this
entire chain but after that it has problems. I changed my path to this and
now it works consistently:

Students(OD Group)–$2008(AD Group)–HouseM(AD User)

[dom9inic]

Glad that solved your problem, however I have a similar issue. Magic Triangle setup but only one level of nesting going on. MCX is applied, but every now and again, and it does seem random, MCX will just not take and the user logs in to an unconfigured wide open Desktop. I have the cache in WGM set to 17 days.

Any ideas what may be causing this, or how to go about finding out what happens on those unssuccessful logins?

[dom9inic]

I now seem to have a previously unexperienced MCX problem.

For 2 years my Macs have used the following setup. Magic Triangle sans Windows Home Folders as it wasn’t working, instead custom local home folders. Today, our students cam back and some existing users on some machines were getting some MCX prefs but with an added standard suite of applications in the dock.

My only clue to this (and it could be coincidence) is that 3 days earlier I got our Windows Admin to check the “can read logon information” on a user profile on the AD server for a test student account. I tested it on a couple of machines to see if we could get WIndows Home Folders. We could, but it wasn’t playing well with my current system described above. It did, however, add all the standard application suite icons to the dock.

Flushing the machine cache and deleting the user account restored normal behaviour in some cases. But I’m still uncertain as to what to expect tomorrow.I wish there was more information on MCX cacher, as it seems to be a toxic combo that’s screwing with things here.

Any ideas on how to proceed would be welcomed.

[Author]

Posts