Currently Being ModeratedNov 18, 2012 7:14 AM (in response to Kirk Carver)
Prior to installing the Device Enrollment Profile you need to install a Trust Profile. In the My Devices window there is a Devices and Profiles. Click on Profiles and install the Trust Profile. If you do not have one you need to return to the Server app and select Review Certificates. In the Certificates panel you can create a self-signed certificate.
Here is how my Profiles appear in System Preferences for a PHD.
Each Mac that you want to use for Mobile Accounts will require the Trust Certificate and needs to be enrolled for Device Management. In the Profile Manager you will be able to set up how you want the Mobile Account managed. There are numerous settings that you can push to each machine. I manage a lab with about 8-10 Mobile Accounts and I find it most useful to have a Device Group "Mobile" that has all of the managed Macs, that way I can push to all Mobile Accounts at once.
Another note, I have found that that setting up Mobility on the Device Profiles works much better than setting Mobility from the User Profiles. I could never get it to work properly with mobility from the User Profiles.
Let me know if you need more detail, I am running Lion, not ML Server.
Currently Being ModeratedNov 18, 2012 8:00 AM (in response to Bradley Olwin)
Thanks for the input. Very much appreciated.
I had indeed set up a trust between the laptop and the server (more through persistence, the help of this forum, and dumb luck than actual know-how on my part). See attached image:
(not sure why it shows two certificates and two settings for each of Remote Mangement, Settings, and Trust Profile -- can you explain?)
I was still having no luck getting mobile accounts setup. I called Apple Enterprise support. They reviewed my setup, and could find anything wrong in the basic server setup. They then stepped me through the process of setting up mobile home directories using the web interface. It appeared we could push a "payload" to the client from the server, but could not get any network user to synchronize (the user would appear as a login option, buy little "double-house" icon at the top of the screen always showed a "!"):
Support tech was very helpful, but very stumped! He called in his upper level support, who looked at the situation and determined a gremlin was at fault. Since my server had no data on it, he advised that I reinstall the the OS and the Server App, and then set things up from scratch. I've gone through the process of reloading the OS. Before I try to attack it any further, should I erase all of the "profile" information on the client machine (see the image above)?
Also, should I go into to the Users and Groups on the client machine and remove my server as the directory server so that nothing gets confused (see screen shot below)?
Any advice is appreciated
Currently Being ModeratedNov 19, 2012 8:56 AM (in response to Kirk Carver)
I gave up on portable home directories. all my users were getting sync errors all the time and could never figure out whether to use the network account or the portable account to sync from . it was a disaster
Currently Being ModeratedDec 19, 2012 9:46 AM (in response to Gerben Wierda)
@ gerben wierda,
hello Gerben, I have tried out portable home directories on 10.6.8 server and clients and it was a complete failure.
The implementation is not industrial grade. It works for a while, and then suddenly it does'nt. It's too fragile.
What's more, there is no decent up-to-date documentation for it, and the implementation of PHD is also not well documented, (and i searched for weeks) This lack of documentation makes it difficult to understand or remedy the problems when things go wrong.
In the end I have thrown PHD completely out of the window. Honnestly, we need stuff that is more reliable than that. So my guess is that apple will not very mucht promote PHD before they can get it to work in a more robust way. I've reverted to batch-synchronise directories with synchronize_pro_x, but also that is not always satisfying.
I also have used it to fix problems when things go wrong with portable home directories.
Currently Being ModeratedDec 21, 2012 7:23 AM (in response to jlorre)
I turned off all portable home directories on ML 10.7.2 server. Over the next 2 weeks, users started having increasing problems with their accounts and I ultimately had to create entirely new accounts for all my users. It seems the users lib folders were just a catastrophe.
Currently Being ModeratedJan 10, 2014 7:04 PM (in response to James Rothschild)
When you say you cant get it to work? do you have more details....?
Also yes Portable home directories can be tricky. I try to train my users when a sync error occure to say use the most recent modification date and to use that for all future issues. Then no more sync errors unless a document is open when trying to sync... cant get away from that. except not to sync in background or trap files that use file locking IE excel.....
Also here is the option for the menu bar did you make sure you have this selected in your profile?
More Like This
- Retrieving data ...
- This solved my question - 10 points
- This helped me - 5 points