Skip navigation

Portable Home Directories in 10.8 Server?

25196 Views 36 Replies Latest reply: Jan 10, 2014 7:04 PM by PleaseandThankYou RSS
  • Kirk Carver Calculating status...
    Currently Being Moderated
    Aug 19, 2012 11:51 AM (in response to Eric.)

    Eric/Gerben

     

    Thanks again for taking the time to post and explain my options.  I think I'm beginning to comprehend how to move forward (though my Unix command line skills are fairly rusty!)  I will read through your posts several times to ensure I comprehend heach section.

     

    Aside: It may serve me well (no pun intended) to buy a larger internal HD for my second drive to avoid having to maintain external mounting through the etc/fstab or the sudo y'all mentioned

     

    Kirk. 

  • Kirk Carver Level 1 Level 1 (5 points)
    Currently Being Moderated
    Aug 19, 2012 12:06 PM (in response to Gerben Wierda)

    Gerben Wierda wrote:

     

    Or: you create the users anew in the network directory, you replace their home directories with the content of what is on the MacBook (TDM is your friend) and do the chmod. Easier still.

    I was unaware of Target Disk Mode (TDM) until you made your post!  Interesting.  I assume that this is the procedure:

    http://support.apple.com/kb/HT1661?viewlocale=en_US&locale=en_US

     

    From what you are writing, I create "blank" User directories on the server using the Server App.  I then connect up the MacBook with FireWire, copy over all the files, then change the directory permissions to match what is on the server.  Suppose I can start at /Users/Kirk, act like I'm altering the persmissions, then apply to all subfolders and this should correct things.

     

    Kirk

  • Sellers Calculating status...
    Currently Being Moderated
    Sep 22, 2012 1:59 PM (in response to Gerben Wierda)

    /etc/fstab is deprecated and should not be used in MacOSX. 

     

     

    dhcpclient9:~$ cat /etc/fstab.hd

    IGNORE THIS FILE.

    This file does nothing, contains no useful data, and might go away in

    future releases.  Do not depend on this file or its contents.

  • mille1j Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 23, 2012 4:03 PM (in response to Gerben Wierda)

    Gerben,

    I've been struggling for several days to move 5 different local accounts over to server 10.8.  I've actually tried hiring two different local apple certified engineers, and neither of them had experience setting up server, so I fired them after they fumbled around for a day each.

     

    I just don't understand terminal well enough to be able to follow the instructions people have given.  Part of the problem, i think, is that I wanted to put all the server's sharepoints on its 2nd internal drive, so my network users are supposed to go into Data/Network/Users/ 

     

    The server runs from a volume called Server

     

    So i've never been able to follow the terminal commands to move the files over and get them to end up in the correct folder.

     

    Can this be done with carbon copy cloner or some other tool that i can understand?

  • Eric. Level 6 Level 6 (12,260 points)
    Currently Being Moderated
    Sep 24, 2012 2:49 AM (in response to mille1j)

    mille1j wrote:

     

    I just don't understand terminal well enough to be able to follow the instructions people have given.  Part of the problem, i think, is that I wanted to put all the server's sharepoints on its 2nd internal drive, so my network users are supposed to go into Data/Network/Users/ 

     

    The server runs from a volume called Server

     

    So i've never been able to follow the terminal commands to move the files over and get them to end up in the correct folder.

     

    Can this be done with carbon copy cloner or some other tool that i can understand?

     

    That's pretty much my setup, HD n.1 has the OS, HD n.2 holds the Network Home directories.

     

    When I moved data over, I just use that handy tool called the Finder. The original Homes, backup files I had cloned to an external HD -- on the external HD, I just set it to ignore permissions.

     

    Carbon Copy Cloner will let you do "selective" cloning, i.e. cloning only certain folders/files. In fact I used that to clone to the external HD. I didn't clone back however the server's 2d HD -- I was doing some manual "pruning".

     

    The thing to be careful of when using something like Carbon Copy Cloner to migrate the original data to the new location on the Server's 2d HD are the permissions, particularly the owner. CCC might actually clone with the old permissions/owner to the new location. Post-clone, you usually have to change that to the new owner. Although you might have the visibile name "mille" in both the old and new setup, the underlying code (UUID) for each user is different, requiring a correction to of the owner -- I just used "chown".

  • Kirk Carver Level 1 Level 1 (5 points)
    Currently Being Moderated
    Sep 24, 2012 6:54 PM (in response to Gerben Wierda)

    Gerben/Eric

    Been very busy at my real job, and just had the chance last week to install the server app on the Mac Mini. I also upgraded my Macbook Pro to Mt Lion.

     

    I engaged File Sharing and Open Directory on the Server.  Set the settings for the "Users" share to share with AFP and SMB (I have a Windows machine I wanted to test), share with iOS devices (I have a few, so again, to test), and "make available for home directories over: AFP"

     

    I have not added any Users yet to the server, but I thought I would try to get the Macbook Pro to  "see" the server before progressing.  After rummaging around the KB's and discussions, I got a bit confused over the difference between:

     

    • Open Directory
    • Active Directory
    • Portable Home Directory
    • Mobile User Accounts
    • Mobility Settings.

     

    I found one thread that led me to believe that you can set up the home directories automatically by using the Users and Groups on my Macbook.  When I opened that section of Preferences, I could see my server (so at least "something" is working!)

    usergroups.jpg

     

    I read some of the KB articles which seem to imply that to allow a user to login and create a portable directory, you had to change the "user experience" you can get to through the "Edit" button above:

     

    DirUtil.jpg

    I picked "Active Directory" and it showed me the following (when I selected the edit/pencil icon):

     

    UserExperience.jpg

     

    When I try to set it, it complains that it can't connect to a server. 

     

    I know I'm confusing some concepts here, and probably attacking this from the wrong angle.  Can either of you get me back on the right track? 

     

    Kirk

  • Sellers Level 1 Level 1 (10 points)
    Currently Being Moderated
    Sep 25, 2012 5:11 AM (in response to Kirk Carver)

    Kirk - you are a bit confused from what I can gather from your posting.   Open Directory, LDAP, Active Directory are all similar directory services solutions.   While they can interact with each other - typically they are stand alone in a company or enterprise.   Most people at home would not run a directory service (although you can and some do as I ). 

     

    If you have created an Open Directory server, then you could use that to "join" your macbook to that directory to share user account information and support kerberos authentication for auto mounting of file shares.   If you are familiar with Windows servers this is a concept you should understand. 

     

    Portable Home Directories is a concept where your /Users home directory would not be mounted from that file server, but rather ported to your laptop for use when you are on a plane, at a remote site, or anywhere away from home.   When you arrive home, MacOSX will try to sync. your directory with that on the file server for backup sake.  If you had edited your resume on the plane, it will then update the file server with your resume version.

     

     

    Your "Mobiliity" settings are a part of the Active Directory lingo and a function of Microsoft's services - unless you have Active Directory - you should have not chosen that and need not worry about it. 

  • Eric. Level 6 Level 6 (12,260 points)
    Currently Being Moderated
    Sep 25, 2012 7:19 AM (in response to Sellers)

    Sellers wrote:

     

    Your "Mobiliity" settings are a part of the Active Directory lingo and a function of Microsoft's services - unless you have Active Directory - you should have not chosen that and need not worry about it. 

     

    I agree with what Sellers wrote, aside from that last bit.

     

    "Mobility" isn't just an Active Directory term.

     

    "Mobilty" is actually the term used in Server's "Profile Manager" (and I think in 10.8 version of Workgroup Manager as well) when you want to allow a Network User to create a Mobile User Account on their Mac, and Mobile User Account have a....portable home directory.

     

    Kirk, a "pure" network user account has a network home stored on the designated "home share" on the server (you used /Users). On client Macs that have joined the Network Account Server (joined the OD server), a network user can login and use the home stored in the "home share". The network user never "exists" the client Mac nor is any info in his home directory -- it's all on the server. So if the client Mac can't connect to the server, a user can't login or have access to their data in their Home directory.

     

    At the other extreme, is what you're used to on your (client) Mac; that is, a local user account that exists only that particular Mac, and whose home is also stored there.

     

    The hybrid or fusion of these two extremes would be this. You have a Network User Account that also exists on a client Mac (Mobility User Account or Mobilty Account) with a home directory that exists not only on the client Mac (Portable Home Directory) but is also sync'ed with a copy of the home directory on the server. The Mobility Settings determine what (which folders) and how often (login, logout, every x minutes) the sync takes place.

     

    The reason "Create Mobility Account at login" button isn't working for you is because all of your user accounts on the Mac are local accounts (you've got only "Admin" and "Standard"). The only users who can have a Mobility Account are Network Users. A Mobility Account will say "Mobile" under the user's name. I'm not sure that whether that button will work on it's own, even if you have a Network account. It *might* require setup in Profile Manager first, but I don't know for user. I setup "Mobility" in Profile Manager first, then created Mobility Accounts on my Macs. I never used that button it may be there in case a user later needs to create a Mobility Account, having originally decided not to (be it on purpose or by accident).

     

     

    ----

    Unless you're working with Windows Server, you can set aside the info about Active Directory. It's Microsoft's product, which if you will is a competing product to Open Directory (which is what OS X Server uses).

  • Kirk Carver Level 1 Level 1 (5 points)
    Currently Being Moderated
    Sep 29, 2012 2:37 PM (in response to Eric.)

    Sellers/Eric

     

    Thank you for trying to set me straight.  Selecting "edit" for my server from the User & Groups pane on my client MacBook Pro, I see the following:

    Fig 1

    UserGroupEditServer.jpg

     

    I then selected "Open Directory Utility".  From your comments, and reading http://en.wikipedia.org/wiki/Apple_Open_Directory I deduce that the "LDAP" listed below is in fact the Open Directory service that should be provided by my Mac Mini Server syrinx. Is that correct?

     

    Fig 2

    DirUtilLDAP.jpg

    Editing the LDAPv3 selection, I get the following pane:

     

    Fig 3

    DirUtilLDAPEdit.jpg

    And when "Edit" is selected here, I see this pane:

     

    Fig 4

    DirUtilLDAPEditEdit.jpg

    Is there a need to "bind" the server to initiate a connection that I can then create the Mobility Accounts?

     

    Thanks

    Kirk

  • Kirk Carver Level 1 Level 1 (5 points)
    Currently Being Moderated
    Sep 29, 2012 2:44 PM (in response to Eric.)

    Eric

    By the way, I'm trying to set up the "hybrid" approach you describe in your post.

     

    Eric. wrote:

     

    The hybrid or fusion of these two extremes would be this. You have a Network User Account that also exists on a client Mac (Mobility User Account or Mobilty Account) with a home directory that exists not only on the client Mac (Portable Home Directory) but is also sync'ed with a copy of the home directory on the server. The Mobility Settings determine what (which folders) and how often (login, logout, every x minutes) the sync takes place.

     

    You mention Profile Manager:

     

     

    Eric. wrote:

     

    The reason "Create Mobility Account at login" button isn't working for you is because all of your user accounts on the Mac are local accounts (you've got only "Admin" and "Standard"). The only users who can have a Mobility Account are Network Users. A Mobility Account will say "Mobile" under the user's name. I'm not sure that whether that button will work on it's own, even if you have a Network account. It *might* require setup in Profile Manager first, but I don't know for user. I setup "Mobility" in Profile Manager first, then created Mobility Accounts on my Macs. I never used that button it may be there in case a user later needs to create a Mobility Account, having originally decided not to (be it on purpose or by accident).

     

    I wanted to see if I could "get" the client Mac to change it's accounts to network / Mobility Accounts by having it recognize the Server and Open Directory. 

     

    Is Profile Manager on the server? If so, I haven't seen it labeled specifically as such in the Server App.

     

    Kirk

  • Eric. Level 6 Level 6 (12,260 points)
    Currently Being Moderated
    Sep 30, 2012 10:06 AM (in response to Kirk Carver)

    Kirk,

     

    You're already bound to the server! See the green dot next to the name of your server in the first screen shot?

    https://discussions.apple.com/servlet/JiveServlet/showImage/2-19820286-159407/UserGroupEditServer.jpg

    Your MPB is already bound, and the connection is good as indicated by the green dot. When you can't connect, it will turn red.

     

    Profile Manager. To turn that on, use Server.app.ProfileManager_Server.jpg

    Once you have that setup and turned on, note the two links "Open Profile Manager ->" and "Visit user portal ->".

     

    "Open Profile Manager" will launch the browser where you'll configure mobility and any other settings you want for the computer, groups of computers, users, or user groups. (That's like the Profile Manager Admin page.) You're using a browser, so you can eventually just go their straight from the browser. The address is usually something like:

    https://server_fully_qualified_domain/profilemanager

    So in your case it's probably:

    https://syrinx.carter.private/profilemanager

     

    The user portal lets users register their devices and can accept remote management. With remote management using the profile manager admin web page (the link given above), any modifications you make there will pushed to the devices.

  • Kirk Carver Level 1 Level 1 (5 points)
    Currently Being Moderated
    Nov 11, 2012 3:05 PM (in response to Eric.)

    Eric

     

    Thanks for last post. It cleared a few things up, but I seem to have met another roadblock...

     

    I went through the process that you layout in your post.  When I get to this point:

     

     

    Eric. wrote:

     

    Once you have that setup and turned on, note the two links "Open Profile Manager ->" and "Visit user portal ->".

     

    "Open Profile Manager" will launch the browser where you'll configure mobility and any other settings you want for the computer, groups of computers, users, or user groups. (That's like the Profile Manager Admin page.) You're using a browser, so you can eventually just go their straight from the browser. The address is usually something like:

    https://server_fully_qualified_domain/profilemanager

    So in your case it's probably:

    https://syrinx.carter.private/profilemanager

     

    The user portal lets users register their devices and can accept remote management. With remote management using the profile manager admin web page (the link given above), any modifications you make there will pushed to the devices.

     

    I am met with the following:

    ServerMyDevicesPage.jpg

     

    When I try to "enroll", I get an error:

     

    InstallDeviceEnrollmentQuery.jpg

    AreYouSureDeviceEnrollQuery.jpg

     

    ProfileInvalid20121111.jpg

     

    Can you advise as to what step I have missed in this?

     

    Kirk

Actions

More Like This

  • Retrieving data ...

Bookmarked By (9)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.