Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Multiple users on different Macs used to be possible. Not anymore?

I have a Mac OS X Lion Server setup running with Open Directory and file services.

A couple of Macs are connected to this server and all network users can log in on all Macs.


Fast forward to 2019.

macOS Server no longer supports this. So what do I need to get this working on Macs with macOS Mojave? We still want to share Macs among different users, so we need a server where the home folders reside.

Posted on Jan 17, 2019 12:08 PM

Reply
Question marked as Best reply

Posted on Jan 18, 2019 7:03 AM

I have not tried it with Mojave clients talking to an older server e.g. Lion so cannot comment on that.


However I can say that over time since Mavericks and with subsequent releases Apple have conspired to make the use of Network Logins (and Network Home Directories) harder and harder. By now most battle hardened Mac admins have long since had to give up.


The main problems that have occurred are as follows -


  1. Apple introduced the 'local items' keychain to store passwords, this is used by Apple applications such as Mail, Calendar, Contacts and Safari. It is effectively impossible to use the local items keychain across multiple Macs with network home directories when 'hot desking' because it is stored in a folder named after the unique UUID number of an individual Mac
  2. Apple over time have changed from using plists or similar to increasingly using SQLite databases. SQLite really really does not like accessing databases stored on a network file server and will frequently corrupt said databases, this also applies to the 'local items' keychain which is as no surprise a SQLite database
  3. When you login as a network login user with a network home directory and then logout and then log back in it can be the case that files and/or processes have not been closed properly by the Mac operating system and/or Mac file server resulting in files apparently being 'busy' and inaccessible. This often required rebooting the file server or at best stopping and starting it which of course disconnects all users.
  4. Possibly related to the above Spotlight used to go insane with Network Home Directories and would start fully reindexing the users entire Network Home Directory including potentially tens of thousands of emails each time the user logged in. This caused enormous amounts of network traffic and file server activity (with multiple users) typically first thing in the morning often lasting till lunch time and brought performance to its knees. No excluding the Network Home Directory from Spotlight indexing is not a solution because users want in particular to be able to search their emails!
  5. I am sure there are other issues I have (thankfully) since forgotten :(


As an aside I at one point considered writing a long in-depth blog article entitled - "Network Home Directories, the good, the bad and the very very ugly". :( Not that I expected Apple to change their direction.


Sadly Apple seem to think everyone is using just an iPhone and/or iPad individually assigned to them, or sometimes remember people also use MacBook laptops. They have completely forgotten their education roots and that education is not drowning in money and needs to share computers in labs. :(


One might now be able to argue businesses no longer even in the Windows world hot desk between desktop computers. However in the Windows world it is possible to setup and use a 'Virtual Desktop Environment'. The licensing for macOS makes it effectively impossible to setup an equivalent VDI infrastructure for Macs even if technically it might be possible. :(


Apple - Read. My. Lips. iCloud is not a business solution it is a consumer solution. :( Therefore iCloud Drive as a poor mans network home directory is not a solution.

Similar questions

3 replies
Question marked as Best reply

Jan 18, 2019 7:03 AM in response to bestaatdezeal

I have not tried it with Mojave clients talking to an older server e.g. Lion so cannot comment on that.


However I can say that over time since Mavericks and with subsequent releases Apple have conspired to make the use of Network Logins (and Network Home Directories) harder and harder. By now most battle hardened Mac admins have long since had to give up.


The main problems that have occurred are as follows -


  1. Apple introduced the 'local items' keychain to store passwords, this is used by Apple applications such as Mail, Calendar, Contacts and Safari. It is effectively impossible to use the local items keychain across multiple Macs with network home directories when 'hot desking' because it is stored in a folder named after the unique UUID number of an individual Mac
  2. Apple over time have changed from using plists or similar to increasingly using SQLite databases. SQLite really really does not like accessing databases stored on a network file server and will frequently corrupt said databases, this also applies to the 'local items' keychain which is as no surprise a SQLite database
  3. When you login as a network login user with a network home directory and then logout and then log back in it can be the case that files and/or processes have not been closed properly by the Mac operating system and/or Mac file server resulting in files apparently being 'busy' and inaccessible. This often required rebooting the file server or at best stopping and starting it which of course disconnects all users.
  4. Possibly related to the above Spotlight used to go insane with Network Home Directories and would start fully reindexing the users entire Network Home Directory including potentially tens of thousands of emails each time the user logged in. This caused enormous amounts of network traffic and file server activity (with multiple users) typically first thing in the morning often lasting till lunch time and brought performance to its knees. No excluding the Network Home Directory from Spotlight indexing is not a solution because users want in particular to be able to search their emails!
  5. I am sure there are other issues I have (thankfully) since forgotten :(


As an aside I at one point considered writing a long in-depth blog article entitled - "Network Home Directories, the good, the bad and the very very ugly". :( Not that I expected Apple to change their direction.


Sadly Apple seem to think everyone is using just an iPhone and/or iPad individually assigned to them, or sometimes remember people also use MacBook laptops. They have completely forgotten their education roots and that education is not drowning in money and needs to share computers in labs. :(


One might now be able to argue businesses no longer even in the Windows world hot desk between desktop computers. However in the Windows world it is possible to setup and use a 'Virtual Desktop Environment'. The licensing for macOS makes it effectively impossible to setup an equivalent VDI infrastructure for Macs even if technically it might be possible. :(


Apple - Read. My. Lips. iCloud is not a business solution it is a consumer solution. :( Therefore iCloud Drive as a poor mans network home directory is not a solution.

Jan 18, 2019 9:18 AM in response to John Lockwood

Thank you very much for your reply. You've described exactly the issues I'm seeing and it's good to read that it really is a dead end. Although it's not the answer I was hoping for.

Apple is killing the use of the Mac for small businesses where there are more users than Macs.

Having network accounts makes it possible to deploy Macs in such organisations. They simply cannot and will not give each employee a dedicated Mac.

Jan 18, 2019 10:25 AM in response to bestaatdezeal

Bestaatdezeal,


We currently use a High Sierra Server with network userhomes that we log into from Sierra clients in the same "hot-desking" manner you do with your Lion system. As time and the Mac OS has progressed, the stability of this method has declined in accordance with the points John Lockwood has made. Our users suffer frequent (daily) loss of preferences as they move from one client machine to another. Periodically the Mail.app and Messages.app (the built in Apple apps) suffer complete failures and request creation of accounts when being turned on. If the user immediately logs out and reboots the machine, sometimes, the accounts reappear. Other times we have to restore the user from a time when the userhome was last fully functional. Roughly yearly we have to recreate new userhomes when things get too problematic. Unfortunately, the renewed performance on the new userhome only lasts for a couple of weeks or months before the problems set in again.


I would not suggest trying to set this up today because it really needs constant attention to keep running. With 10 users I have to do maintenance to keep things working at least 2 times each week. Performance and stability reached its apex with Snow Leopard and has been gradually declining ever since. Apple has stripped this feature and others out of the OS and Server as of Mojave.


I am still searching for the best solution for our 10 users and 10 computers across two locations. I hope to find one that will allow essentially the same use without having to resort to each user having their own computer. Our business is not conducive to that type of use.


-Erich

Multiple users on different Macs used to be possible. Not anymore?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.