User profile for user: gakushaburu
gakushaburu Author
User level: Level 1
146 points

Network and mobile accounts

I would like to allow users set up in Open Directory to log into the client even when the server is not available. I assume I need to set up mobile accounts but there seems to be differences between what I am seeing and what is documented.


All the documentation I have found either states or implies that network users have their home folders on the server and creating a mobile account allows the home folder to be synced to the local machine. All the Community threads I've seen seem to say the same thing but that is not what I am seeing.


I have network users created in Open Directory. When I created the users the home folder directory structure was automatically created on the server. On first network login the same structure was created on the local machine. It seems that only the local home folder changes. The home folder on the server doesn't seem to have had anything added or changed since the day it was created. This is what I want.


So what actually happens when a mobile account is created? All I really want to do is cache the login credentials and user environment variables on the local machine. I assume this must happen for a machine to be used off the network as described in the documentation but is that all that happens if all the folders in the list for syncing are deselected?


I'm using El Capitan (10.11.6) on both server and clients and Server 5.2.

Mac mini, OS X El Capitan (10.11.6)

Posted on Jan 6, 2017 10:57 PM

Reply
5 replies
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,697 points

Jan 16, 2017 4:06 AM in response to gakushaburu

It sounds like you have not correctly configured the mobility settings in your Profile Manager.


You need to either apply the mobility settings to an individual device in Profile Manager or more typically create a device group and add your Macs to that group and then set the mobility settings for that group. This particular setting i.e. mobility settings is more appropriate to set at the device level rather than the user or user group level.


The following is roughly what your mobility settings should look like - depending differences in different versions of Server.app and therefore Profile Manager.


User uploaded file

Reply
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,697 points

Jan 9, 2017 8:52 AM in response to gakushaburu

There were three types of account.


Network login - home directory only stored on the server

Mobile Account - home directory only stored on the local client machine and not synced

Portable Home Directory - home directory stored on both the server and client machine and automatically synced


With the latest Apple software that is macOS Sierra the third option i.e. Portable Home Directories is no longer supported.


From your description it seems you have already done what you want which is to configure your systems to use Mobile Accounts. The only thing synced for Mobile Accounts are password changes. With Mobile Accounts since the users home directory is stored locally on the client machine it can be used even when disconnected from the network.


The process that happens when a mobile account is created is as follows.


  1. You define the user account in Server.app and it gets added to Open Directory,
  2. If you have a network home directory share defined a new empty home directory is created in that (even though it will not actually be used)
  3. You 'bind' a Mac client machine to your Open Directory server
  4. You login via 'other' and enter the login details for the user account you created and added to Open Directory
  5. It detects that this is the first time you have logged in via this account on this machine and creates a local matching user account using the same name, password, and UID number, it also creates a new empty home directory on the client machine
  6. It then completes the login process using this account
  7. Thereafter when the password is changed it is synced back to the Open Directory server
Reply
User profile for user: jheldens
jheldens
User level: Level 1
11 points

Jan 9, 2017 1:03 PM in response to John Lockwood

John,


Can you please tell us what the correct name is for an account for which the "user account files" are directly mounted from the server (so no local copy is made when the user logs in )


The procedure for creating these type of users.

1. Create a file share in the server.app and enable it for "home folders"

2. Create a user in the server.app an when specifying the the loaction of home folder choose the share created in step 1 (it will be a choice in the drop down box)

3. You can now use that user on any client bound to the server and the home folders will be automatically mounted. Files are only stored on the server (the network share is not mounted under /Volumes but is mounted under /Network/server/...)


Thanks

Reply
User profile for user: gakushaburu
gakushaburu Author
User level: Level 1
146 points

Jan 14, 2017 12:12 AM in response to John Lockwood

John, thanks for the reply. Your description seems to match the documentation but as I mentioned in my original post, this is not what I am seeing. I have not touched mobile account settings at all and the accounts on the client I am using for testing is not mobile. All the data is on the client and only on the client but if I disconnect from the server login is no longer possible.


Here is what I have done. For the sake of brevity I won't mention every step.


Carried out a clean install of El Capitan and Server.app on a Mac mini

Set up DNS and Open Directory (with a new master directory)

Created accounts in Server.app with the home folder set to "Local only" (I must admit the meaning of local was not clear to me as logically it could mean where the user logs in or where the user was set up). The users are listed as being on the "Local Network Directory"

Set up Profile Manager but the only settings for Macs are Login Windows settings to show network users on the login screen.


Carried out a clean install of El Capitan on an iMac and bound it to Open Directory.

Logged into one of the accounts in Open Directory (id 1001) through "Other"

Put the iMac into Profile Manager to change the Login Window.

The Open Directory accounts now display on the login screen if I am connected to the network but not when disconnected.

I've used this iMac on and off for this user but still keep most of the data on a different machine. As I mentioned the Home on the iMac is being populated but the Home for that account on the server is not.

When disconnected from the network, the account is not available even through the "Other" option in the Login Window.


As you can see your description of the process from 1 to 6 is what I did (although there is no mention of "mobile" in that process nor any mention of what makes it set up a mobile account rather than a network account.


Step 7, the syncing of the password does not happen.


Effectively what I have is a network account with a local home and the "mobile account" settings which appear in "Users & Groups" would then appear to be settings for a portable home, not a mobile account. I have looked at that dialog but not clicked on "create".

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Network and mobile accounts

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up