Q: Home Sync wants to use the Login Keychain

open key chain access via spotlight & open the lock that is on extreme left corner of the window , it will promote for username & password please enter it .

right click on login & move to trash .

Restart from apple logo & empty the trash .

As stated prior in this thread,trashing the login.keychain results in the user loosing valuable information.

Instead, I would recommend locating every entry inside the login.keychain that could be involved in the homesync process and only delete these items.

Pardon me i am interrupting , you followed the steps but one more thing is to be added please remove the alfa numeric folder that is corrupted directly to trash , restart from apple logo then empty the trash . by doing so a fresh alfa numeric folder will be created once again . this pop will go away i have done in my system , as same issue occurred in my system also .

The key chain is corrupted , only passwords are stored  in key chain and if if the user has written password in a safe place, then can follow the steps.

The Alpha nummeric folder does is not the login.keychain instead it holds the "Local Items" keychain items.

The local.keychain is so to speak the 'old' format, whereas the the 'Local Items' keychain is the 'new' format which is compatible with iCloud Keychain.

The local.keychain and Local Items keychain share the same (synced) password to open them. When changing password of login.keychain, the Local Items password is also changed and vice versa. And, as we know, this password usually is synced with the user account password.

As stated prior, Apple advises only to delete keychain from within Keychain access.

So, if you want to delete the Alpha numeric folder, you simply delete the 'Local Items' keychain.

If you have enabled iCloud keychain, Keychain access doesn't show a 'Local Items' keychain. Instead it shows a 'iCloud' keychain with refers to the same folder.

Also, please note, the original issue is that Homesync wants to acces the login.keychain. Not the Local Items keychain.

If you encounter another error message stating Homesync wants to acces the Local Items keychain, that seems like a new exponent.

Open keychain access via spotlight , press command + comma to open keychain preferences .

Click on reset my default keychain it will ask the new user name & password please enter it & time remaining ...

Quit all windows & restart from apple logo , once again enter your new user name & password that you have formed .

This pop was due to old username password that was conflicting .

I'd agree with what nick-without-a-name posted. The local items are stored in the 'alpha-numeric' keychain in the keychain folder. This changed in keychain around 10.9 or 10.8 if I recall correctly. If you do not use iCloud the local items keychain is created & used. I don't believe it is a 'corrupt' keychain as you described appreciate, if you could view the local items in keychain access it probably wasn't corrupted?

As you can see from the length of this thread, there have been multiple posts along the lines of 'do X,Y then Z – it solves this issue for me.' Unfortunately the issue is complex & solutions can easily be misdiagnosed. I've yet to see one that works in a complex environment (multiple network users, using multiple Macs with home syncing…).

Consider that this issue seems to appear when network users switch from Mac to Mac (at least in my limited experience with it). Testing logins of one user account on multiple Macs can provoke it in my experience – please try to be thorough when you test or at least describe your setup & how you tested.

Yes i do agree with you the user is using mavericks 10.9 &  i think so there must be no option  by going to keychain access > keychain preferences & clicking on reset my default key chain ( this option of resetting my default keychain must not be there ) but in el capitan this option is there .i think so user has changed the login password .

But apple has formed an article for it :  If your Mac keeps asking for the login keychain password - Apple Support

@appreciate, I'm afraid you are wrong. That linked Apple document is not the solution to this issue & I suspect you will find that someone else already suggested that process earlier in this thread, if I recall correctly.

Have you even seen this specific issue? You do understand that home sync is used for OS X server user accounts over the network?

Simply resetting the keychain is not the answer to this issue - it will eventually come back after resetting a keychain. The linked article does not mention home sync at all, it is general help, whereas this issue is specific to network based user accounts syncing over the network.

I understand your desire to help others here, however when you do not fully grasp the issue (or have not seen it) it can be counterproductive, wasting your time & that of the other users. Please take this as intended, not as snark just a helpful hint. Accept my apologies if you are experiencing this issue but your posts don't suggest that is the case.

Hi all,

FIrstly apologies for my incorrect and poor suggestion last time (always happy to hold my hand up when I'm wrong). As such, no promises on this, but early results are looking good.

I Found the following two articles / support queries:

https://derflounder.wordpress.com/2011/08/12/creating-ad-or-od-mobile-users-from -the-command-line

http://serverfault.com/questions/724898/set-windows-share-as-network-home-for-ad -joined-mac-users

Based upon these, which in summary say that setting up mobile accounts from the GUI doesn't work correctly (and given everyone's experience reported here, I'm sure we can all agree on that!), I tried the below:

WIth an already set up and synced mobile account in place that experiences the multpile requests for access to various objects on the Mac, I logged in as a local administrator account and performed the following:

sudo rm -rf <path to mobile account local home directory>

e.g.: sudo rm -rf /Users/mobileuser

<enter password>

cd /System/Library/CoreServices/ManagedClient.app/Contents/Resources

sudo ./createmobileaccount -vsXn <mobile account username> -h <path to mobile account local home directory> -u <path to mobile account network home>

e.g.: sudo ./createmobileaccount -vsXn mobileuser -h /Users/mobileuser -u smb://myserver.mydomain.private/myshare/mobileuser

As explained in the first link above, you may get some errors depending upon your server settings, I have a magic triangle with managed profiles for the Mac machines, so didn't get any after actually remembering to reconnect the Mac to the network again! (oops, cannot find username is never a good sign really!)

the next step if this is a new mobile account that requires admin rou elegies in the machine in use (I didn't do this as the account I was playing with was previously set up with admin rights, so already existed in the group):

sudo dscl . -append /Groups/admin GroupMembership <mobile account username>

e.g.: sudo dscl . -append /Groups/admin GroupMembership mobileuser

Then I logged out as the local account and logged in as the mobile user. The account was treated as brand new on the machine (i.e. Asked to login to iCloud and agree to t&c's). Once in, I ran homesync from the menubar option. When that finished, I logged out, waited for sync to finish and logged back in. Then I reset up finder preferences and amended the homesync preferences to ignore the ~/Library folder. I've done this on two machines so far for the same user, and as of yet, haven't had the annoying pop ups back. We shall see I guess.

jpparellel, we all make mistakes and bad decisions. So, to speak for myself: welcome to the club ;-)

Although I have had some experience with te magic triangle in the past, this setup bascially brings a whole new perspective to the problem.

If I understand correctly, you first delete the user homefolder, while not deleting the user account. Am I correct?

Next, you create a mobile account using a command. Why not triangle both the Mac server and client Mac. I would think in that case the user account and homefolder are setup when the user enters credentials at the login window.

Having said that, It would be interesting to see if there is any difference between creating the mobile homefolder the 'classic' way (when user enters credentials at the login window), or manually using the command.

HI Nick,

You understand correctly, I deleted the mobile user home folder without deleting the account. This meant that the user kept already assigned admin privileges and the documents already stored on the server were re-synced to local account at the end.

To clarify on the setup, The Mac running OS X server is configured through login options to authenticate against the local OS X server AND Active directory. Each client machine is set to authenticate against the OS X server AND Active directory. The mobile user is only setup in active directory. This means that active directory handles authentication and managed preferences on Windows machines. The OS X server handles managed preferences on Macs.

I should have also reference the options to the createmobileaccount command which can be seen in full by running the command without options.

-v verbose output to screen

-s enable homesync (the default is -S which is no sync enabled)

-X create as mobile account (the default is -x which is create as external account)

-n username

-h local hom folder path

-u URL to network home folder

Do we think running the following on an extant user will sufficiently correct things?  Would make it much easier than taking my wife's laptop and nuking her home directory

/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -vXsn $USER

I tend to think this is exactly the same command that is invoked from the Login Window the moment a network home user logs in for the first time. After all, what would be the point of having two commands built-in to MacOS that do the same?

I never had a look at the contents of the ManagedClient app, It's interesting to find all the apps and scripts that make Managed Client work in one place.

That brings me to a new interesting idea:

Since we all know the issue was introduced in the MacOSX10.9.4 update (if I recall this correctly), would it be possible to run a pre 10.9.4 version of the ManagedClient app on Yosemite of El Capitan? That would be an interesting test.

@sdf_iain: I nuked the home directory ONLY on the client machine. So while I had to reset up preferences for things, all the documents were synced back to the machine from the network home. I appreciate that re-doing all preference is a pain, but I was trying to rule out corrupted files (such as the keychain). Perhaps setup another account to play with? i.e. Setup another account in the same way as normal, once you get the requests for the homesync wants access to.... Then try the command for that account? From the articles I listed, I suggest that at least specifying the network home using -u might be worth it.

@nick-without-a-name: I would tend to agree, however, and it may have been linked to my personal preference to setup mobile users with their local home directory on a non-system partition - in my case /Volumes/OS\ X\ Documents/Users/<username>, but using the GUI method, my accounts always appeared as external. Using the command I listed, specifically the -X flag, they now show as mobile. A small difference, but shows the GUI uses more default options that may be flawed. perhaps derification  the network home director. Although that is speculation of course.