31 Aug 2011

On Mobile Accounts and Syncing

I'm still working on the post about Apache and Lion Server. Taking the screenshots is time consuming and i've got a lot on. In the mean time i thought i would share an email conversation I had with a reader recently as I thought it contained some pretty cool stuff.

To: [email protected]
Date: 27 August 2011 17:40:59 GMT+01:00
Subject:Blog Post 6 Feb 2011
I’m relatively new to Mac servers and am trying to configure mobile computer accounts.  I read you blog from February 6, got your e-mail, and decided to drop you a note.  
I can’t get a mobile computer account to sync no matter what I do on a Snow Leopard server.  The manual for Snow Leopard Server is long and bulky but overall doesn’t contain much useful information on this subject; and there’s precious little in any forums about Mac servers other than how to integrate with Active Directory (which I’m not doing).  
I don’t want to be a leech on your time but if you know of a setting that often gets overlooked, on which syncing is dependent, I’d appreciate it if you could let me know.  

I've certainly had fun with mobile accounts.

To: [email protected]
Date: 29 August 2011 11:01:03 GMT+01:00Subject: Re: Blog Post 6 Feb 2011 
Thanks for the email. I agree mobile accounts are a pain to set up and i’ve had the same headaches as you.  
The answer to this is that, in workgroup manager you have to manage the preferences always and, despite whether you want syncing in the background or not, "background sync" and “manually" HAVE to be ticked for a login and logout sync to trigger. (I know I know)
You can then manage the frequency of the background sync on the last tab to be manual if this is not your desired behaviour. You can also configure away the icon in the menu bar so a manual sync can’t be triggered by the user. 
You also have to set up the sync rules yourself, there aren’t any provided by default if you’re managing them with workgroup manager, despite what the “network home and default sync settings” option would lead you to believe. 
As a final note you don’t have to manage homesync rules through workgroup manager, they are settings available to the user in the accounts pane in System Preferences. Click on the mobile user and click mobile account: settings button. 
Hope this helps you deploy your mobile accounts. 
The Admin
Turns out I wasn't on the right track for their issue. Issues can manifest themselves in so many ways and clumps of users in forums complaining about vaguely similar things. Here was the final response.
Hi Admin:  
Thanks for the information.  I ended up talking with Apple tech support about the problem.  They reproduced it and admitted they’ve had some issues with Lion and OD. Here’s what ended up solving the problem:  
  •  Unbind the client.
  • Delete all home folders on client and server.
  • Reset all permissions on the server and client machines using Disk Utility and restart both machines when complete.
  •  Create a separate automount sharepoint on the server for network user home folders.  (Don’t use the default sharepoint as permissions conflicts can happen.)
  •  Re-bind the client machine using a different method than what I had used.  
First, change the login option to use the server, then open Directory Utility, select LDAP, and use the bind function from there.  Previously, my understanding was that the client was bound after selecting the OD server as the login option but apparently, it’s not fully bound until you click on the “Bind” button in Directory Utility.  (The green light beside the server after selecting it for logon is deceiving.)  
Thanks again.

