Those pesky local home folders…

[sapridyne]

Okay, I think I have half of the battle won — I can now authenticate OS X against AD. The issue I have NOW is that a local home folder isn’t created on login.

So the question: what can I do to make a local home folder be created with each new login? For example, if I’m juser, and I’ve never logged into that Mac before, how do I get a “juser” folder in /Users after I login?

While we’re at it… is there any way to speed up authentication to AD? It takes about 30 seconds to authenticate — is that normal?

Thanks!

Sapridyne

[sapridyne]

Yeah, I was thinking that 30 seconds wasn’t normal, but I didn’t know where it was hanging… the home folder is a definite possibility.

I’m sort of wanting home folders to act the way they do in Windows 2000/XP… have a folder that everything is stored in (in the Macs case, preferences, documents, desktop items, etc.). When they log out and back in, they can get back to their stuff. If a new person logs in, a new folder is created.

I found the article on Fat of the Lan and used LoginWindow Manager to run a script, but that messed my directory up where I couldn’t even login to the GUI (I could log into Darwin, oddly enough). So a script, yes… but I know next to nothing about shell scripting. I don’t figure what I’m trying to do is so bizarre that no one out that is doing this — can someone maybe pass on their script and any other tips for me?

THANKS!

Sapridyne

[sapridyne]

I don’t think I am going to need synchronized home folders… each person has their own Mac they work on and they keep their files local, saving to the server every so often, but they don’t work directly off the server…

…Hope that is the information you’re looking for 😀

Sapridyne

[jscott]

I’m looking for a way to do this also. I don’t want to use Network Home Directories. I just want authentication and managed prefs. There should be an option under the Home tab in WGM that says use local machine, or somthing like that.

There has to be a way to do this…

[dcrew]

If you turn on Create Mobile Home Folder in the AD plugin and disable the sync – if you’re not looking for that – Then 10.4 will cache the user in NetInfo and Create a homefolder if it doesn’t find one. First logon takes about 10 seconds to authenticate and then a few more to create directory. In 10.3 this was accomplished with the Cache User Last Login and selecting yes to Create Mobile Account on first login. At least that was the GUI way.Nice about both is that if the network is down or not available, ie notebook, the user can still log in.

[TimSnoots]

I have been looking for a similar solution for a while now so I’ll restate it here. Here is the specific and very simple setup what I want and I think some others on this thread want as well:

– I want my Macs to use the AD for authentication
– I do not need to manage them with either AD or OD
– I want them to only have local home folders (no network homes, everything stored locally just as a local account would)
– I don’t want to ever be prompted to “sync” with a network home
– I want them to be able to log on when disconnected from the network

To summarize another way, I simply want my Macs to use the AD for authentication, yet otherwise behave just like non-AD Macs with local user accounts.

So, how do I set up the AD settings in Directory Access to achieve what should be the most basic setup of all? This would seem easy until you try and realize that the dialog prevents the enabling of “Create mobile account at login” and the “Force local home directory on startup” at the same time. Also, I assume that I should disable the “Use UNC path from AD to derive network home location”. And then what exactly does the “Require confirmation before creating a mobile account” do?

With those settings in place (minus the fact that the “Force local home directory on startup” is dimmed), I can successfully bind to the AD, authenticate to the AD, a local home folder is created, and things seem to work as expected.

The things that worry me are the prompts to “Sync” home folder (I am greatly concerned that a user may somehow try to sync with a nonexistent network home and end up blowing away their local home). Because I am not using a network home, why is syncing even an option and how do I tell it to never attempt to sync and never ask?

And lastly, at login, I get a dialog asking if I want to “Enable Workgroup Manager”. Why is it asking this and what affect does a yes or no responce have? Remember, I do not need to manage these Macs via OD or WGM.

Thanks for any assistance in clarifying the AD Directory Access settings required for what should be a very simple use of AD to authenticate users, but nothing more.

Tim

[arekdreyer]

[QUOTE]And lastly, at login, I get a dialog asking if I want to “Enable Workgroup Manager”. Why is it asking this and what affect does a yes or no responce have? Remember, I do not need to manage these Macs via OD or WGM.[/QUOTE]
Do you mean “Enable Workgroup ManageMENT?” Could it be that you are authenticating at the loginwindow with an administrative account? Admins get the choice of being managed. It sounds like loginwindow asks admins if they want management or not, regardless of whether or not there is actually any management going on. That decision makes some sense.

However, many people still insist on logging in locally as an admin user, which is not as necessary as it used to be (for example, in earlier versions of Pro Tools like Final Cut Pro, you had to be an admin).

Does it fit with your org culture for the users to be non-admins?

I acknowledge that the admin account might not be the issue here

[Author]

Posts