OD: network account vs. mobile account

Question

OD: network account vs. mobile account

Hi everyone,

I currently operate several LANs where Mac clients are bound to an OS X Server and authenticate via OD. This works well, no matter if I select to keep the users’ home local or on the file server. The problem is that once the OD providing server is down noone can login at the clients. In bigger environments this can be remedied by using a second server as an OD replica. But what about smaller outfits that happen to have just a handful of clients? A second server is often not in the budget there. I know that there are mobile accounts and that they are usually used with portable Macs.

Is that what I need to do here? Set up mobile accounts instead of network accounts?

With some LANs I certainly don’t want to go back to local accounts since the users often need to switch Macs and need to have their user account no matter where they login. At these places I selected to keep the user homes on the fileserver. But I also do not want to lose OD authentification.

Any input is appreciated, as always!

Björn

Posted on Oct 11, 2012 7:26 AM

Reply

Answer 1

Best reply

Strontium90

Level 5

4,833 points

Oct 12, 2012 7:20 AM in response to Björn Herrmann

In a word yes. If you want "offline" access you will need to enable Mobile Accounts. This basically means that the account information and password will be cached to local machine to allow users to access the device when the network is not available. This is common for laptops. But, the home folder then becomes a local one.

Now, this is generally mutaully exclusive to your goal of network home folders. If you are in a pure Network home environment, then the loss of the domain is likely the loss of the home folder automount also. For that, there is no solution other than OD Replica to allow for failover of authentication.

Reply

Answer 2

Oct 12, 2012 8:23 AM in response to Strontium90

Thanks for replying, Strontium90!

So if I get it correctly mobile accounts are not synchronized to the file server once a laptop user gets back to the corporate network? They are always stored locally only? If that’s the case then it seems there’s no way to accomplish both (independence from a single OD master and network homes) of my goals?

Reply

Answer 3

Oct 13, 2012 6:36 AM in response to Björn Herrmann

Mobile Homes are kept locally, and that is the copy of the user accout you will be using on that mac, but it then syncs back to the server so if you log in on another mac you will either be logging into the network home of that user or if that mac is set up to use mobile homes you will be asked if you want to create a mobile home, so the users account will be copied to this mac also.

You can set the mobile home accounts to expire after a certain amount of time so that you are not leaving many copies scattered on all the macs indefinitely

Reply

Answer 4

Oct 15, 2012 9:16 AM in response to Kevin Neal

Hi Kevin,

sounds like I could use mobile homes in a small office consisting of only a few Macs. I am thinking about one place where there are only relatively recent iMacs, all equipped with huge HDs (1 TB+) connected via Gigabit Ethernet. There are only around 5-7 users so it would not hurt to set the mobile home expiration to never. This is possible, right? So since they get never disconnected from the network, all homes would be in sync all the time?

What would happen if user A logs in at Mac A and later decides to also login at Mac B? Will there be an error? Will the changes done while on Mac A already be synced to Mac B? Or does it only happen at logout?

Reply

Answer 5

Oct 15, 2012 9:25 AM in response to Björn Herrmann

you set up rules that control the syncs so you can decide when, how often and what gets synced.

The time it takes to sync at login/log out is the only real frustration with mobile homes.

Basically you have two types of sync: login/logout and background

Login/Logout happens when you log in or log out (obviously!) and is meant to be used to sync the library and other files that can't sync while they are in use.

Background sync happens on a schedule that you can set, and is meant to sync the rest of your home folder except Library and microsoft user data

You can adapt the rules however you like though, and exclude individual files, folder or sets of folders from either or both of the syncs

Its best not to be logged in to the same user at the same time on multiple macs, cos it could get into a real mess, you would log out of Mac A then log into Mac B and because Mac A completed its sync on log out then Mac B will have all the upto date files.

If you did log into the same account on different macs at the same time it would show you syncing conflicts and you would be given the choice of saying the correct file is on This Mac or the Network Home

Reply

Answer 6

Oct 15, 2012 9:50 AM in response to Kevin Neal

Thanks to both of you! That has totally clarified the situation for me. I will set up a test environment soon to play around with the different options and then decided how to implement it.

Thank you for taking the time!

Björn

Reply