Problem setting up Network User

Hi Leif,

Many thanks for your reply.

Leif Carlsson wrote:
The only way of "linking" a "local" account on a computer to a OpenDirectory account that I know of is to create the "network" account homefolder on the local/client machine HD when the user is logging in to the OD server for the first time.

Actually, it is possible to not have a network account or home folder, and link a local user to a user account on the server. When a client computer is bound to the OpenDirectory server, in the 'Accounts' preference pane of the client computer, there is a field called 'Server Account:' with a 'Set…' button. Clicking the 'Set…' button allows one to link the local account to the server account. Even though there is no home directory on the server, when the user logs in to the client Mac, the password and any managed preferences for that account are taken from the server account.

The client machine has to be bound to OD first and the account should preferably be setup as a mobile account (so the account can be used even if the computer isn't connected to the network - logins are cached locally).

I have bound the client machine to the OD server, but I have not yet set up the account as a mobile account. I plan to do this eventually, but wanted to get the 'basic' network user account working first.

For a "true network home" folder residing only on a server volume/share, the OD account should use a share(point) setup in Server Admin for an automount AFP (or NFS) "User home folders" share.

I have done this. The server has a sharepoint called 'Homes' which is set to automount over AFP, with the setting 'Use for: User home folders and group folders'. This seems to be working, because on the client Mac, the 'Homes' sharepoint automatically appears when browsing the available network volumes.

Then in the OD the user should be setup to use the automatically created path (afp://<server FQDN>/<shared folder>) as it's homefolder path.

I believe I've done this as well, using Workgroup Manager. When viewing the 'Basic' tab of the user, the 'Home:' is given as 'afp://<server FQDN>/Homes/jwarren'. That looks right to me, but I cannot login as the user 'jwarren' from the client Mac's login screen (Network Users are enabled on the client Mac). When I log in as a different user on the client Mac, I can browse the network, and the above afp path is automatically mounted.

Is there some other setting needed so that the client Mac will 'see' the network user I have set up? As I say, the autmount sharepoint is set up, and the user is set up in OpenDirectory (on the server) to have a home folder on the automount. But when I'm at the login screen on the client Mac, the network user does not appear in the list, and if I try to login by typing the username and password manually, the login window just shakes as it does when one enters the incorrect password.

Any further help much appreciated!

posted in the wrong place…

I found the solution to my problem and thought I'd post it here in case others have a similar issue...

The user (jwarren) which I had made into a Network User had their 'Login Shell' set to 'None' in the 'Advanced' tab of Workgroup Manager. The account was initially created using Server Preferences, and this is the default setting it creates. Changing the shell to something else (/bin/tcsh in my case) fixed everything. The user shows up as a Network User in login lists, and entering the password logs in.

It was an easy solution, but not documented anywhere. I realise that this might seem obvious in hindsight, but I think of the login shell as only being important for the Unix underpinnings (eg. using Terminal or ssh'ing in). I can understand now that a user needs a login shell even to log into the graphical interface.

Cheers,
Jolin