[bango]

thanks for your reply Allister…
yes… thats how i do it
i dont know what im missing… i boot into the USB, open Disk Utility and do my thing with copying the DMG to the HD.. thats works fine, reboot into HD [using Option key] but it always boots into this lion recovery partition [ the Mac OS X Utilities screen] for some strange reason…. like a loop.

[bango]

ok…
when i tweaked that file in /etc dir – thats when i had the account lock out issue.
i then reimaged the mac….
modified the file (so it generates a KDC ticket straight away) but i get the home sync issue and no lock out issue anymore? weird.
the msg i get is :

Home sync failed. Continue without a synced home?
If you continue, sync your home as soon as possible.
If you cancel, your home will not be created

Note: I’ve enabled Mobility for all network accounts.

I can click [Continue] and perform a manual sync and logout (does another sync) and then when I log back in, the syncing works from that point on. The problem is the initial login. In WGM – Home sync, I’ve set “Suppress Initial Sync Errors” to True, but this doesn’t take affect.

I’ve checked the Console logs and it shows the following 2 errors that stand out:

Sender[PID]: /System/Library/CoreServices/ManagedClient.app/Contents/Resources/HomeSync.app/Contents/MacOS/HomeSync
Message: smb_mount: mount failed to server.test.com.au/userdata$ ” syserr = Authentication error

Sender[PID]: HomeSync
Message: HomeSync.doHomeSyncLoginLogout: Unable to mount server URL at ‘smb://server.test.com/userdata$’ (80). No sync will occur.

i hope you can assist?

thanks

[bango]

i dont use OCS/Messenger – these apps aren’t open at all.
my problem still exists where by i need to login the 2nd time for the login sync to be successful.
really weird.

[bango]

no… i dont use OCS /Messenger.
i believe the org i work for use these tools.
why?

[bango]

ok i re-tweaked that file – following apple’s KB article: http://support.apple.com/kb/ht4100

after a reboot, the initial home sync issue i was experiencing went away but now…. the account gets locked out and the user cant perform a logout sync. i then have to unlock the account in AD.
this is really weird…
whilst logged in, the account must be hitting / clogging the DC or something… to cause a “lock out ” issue.
console logs dont really state anything helpful – as always.

anyone ????

[bango]

i should also mention i have tweaked the /etc/authorization file, following steps from http://www.techrepublic.com/blog/mac/configure-os-x-for-kerberos-single-sign-on-authentication/208
and still no go.

[bango]

are people still having this issue?… cause its still happening in our environment.
– need to login twice before ticket is generated and is causing issues with new users logging in and having the initial Home sync failing on them.
info:
authenticating to Windows AD / DC
the client is running 10.6.7

thanks

[bango]

understand that. thank you so much! 🙂

[bango]

hi Allister
thanks for your reply.
i have read the firstboot article on the osxdeployment site – thats where i got the pdmoc sample from.

in my postflight script, i configure a few OS settings (that cant be done in WGM), bind to AD, assign a computer name….
here is a little snippet of code (that ive put at the end) in my postflight.sh file:

[i]#!/bin/sh
#############
###
sudo diskutil repairPermissions /
#
reboot 10
# Destroy this script!
srm “$0″[/i]

when the image is being created, and gets to the firstboot pkg file (found in one of the catalog files), it installs/configures what i tell it too and it when it gets to the reboot line, it does that.. When the mac rebooted, i didnt know if i had to re-run the image process again?
do i need to take out the “reboot 10” command from the script?
hope im making sense?? 🙂

[bango]

awesome! all good now. thanks a lot Allister 🙂

[bango]

thanks for pointing the site out – i had seen it before but forgot about it – there are some helpful scripts in the pkg files.
my issue is that we dont have a server therefore workgroup manager – everything will be done using commands, e.g. dscl
i just dont know the syntax to “get into” the non-default local dir to apply the settings to the computer, .e.g /Local/MCX . [i]sudo dscl . -mcxset [b]/Local/MCX[/b]??? com.apple.Safari …[/i].
thanks again

[bango]

thanks for your feedback..

i created a new local dscl space named /Local/MCX and added it to the search policy in directory services. rebooted the mac…i don’t know the correct syntax to use to apply a pref, e.g [i]sudo dscl . -mcxset /Local/MCX com.apple.dock no-glass always -boolean true[/i]
when i run this command i get an error -14987 message.

[Author]

Posts