Friday, August 12, 2011

OS X Lion not creating a local home folder for network users

Update: 3/27/12

After a few months of relying on Snow Leopard, I had to get a new Macbook so this topic has come back up. I'm happy to report that the 10.7.3 update Apple released in early February appears to have fixed the mobile account issue this post was about. The only thing that still doesn't work is when disconnected from the network, domain users do not have admin rights on the machine even if they're in a group that Directory Utility has identified as an admin group on the machine. To get around this, check out my other post.

Update: 8/19/11
Apple released 10.7.1 yesterday, so I'm curious to see if it resolves these issues with network accounts. I'll have a chance to test it next week and will update this with what I find. If you're ready this and already tried it please leave a comment as to whether or not it works for you

Original Post

I use local home folders for the Mac users I manage, but the Macs are bound to Active Directory for the user accounts. In OS X 10.7 Lion this seems to be far from complete. First I couldn't get logged in with a network account, which required a workaround. Then after getting in, another error said the "The home folder for user xxxxxx isn't located in the usual place or cannot be accessed". This has worked fine in 10.4-10.6 but is now broken in 10.7. The problem appears to be related to OS X Lion having bugs with creating mobile accounts. By unchecking "Create mobile account", the home folder issue disappears. Supposedly I see a lot of talk of a 10.7.2 update fixing this problem, but since that update is in beta and not available to the general public that doesn't do much good. If you don't know where to go to uncheck the mobile account box, here's a walkthrough:

1. Open System Preferences
2. Go to User & Groups
3. Click Login Options in the lower left. You may have to authenticate first by clicking the lock icon in the lower left.
4. Under Network Account Server, click Edit
5. Select your domain, then click Open Directory Utility
6. Select Active Directory, then click the pencil to edit
7. Click to Show Advanced Options
8. Under User Experience you will see "Create mobile account at login". Uncheck this box
9. Click OK
10. Close your windows
11. Reboot and log in like normal


Anonymous said...

I'm in the same boat as you but unchecking "Create mobile account..." creates a local home but doesn't allow you to use it if you're offline. Let me know if you find anything that works. I'll check back if I get it working as well.


rslygh said...

Yes Mike, you are correct. I haven't been able to find any workarounds for this that actually work. I believe we're both stuck waiting for the 10.7.2 update to be released in order for this to get fixed, hoping that it actually is addressed in that update.

Anonymous said...

Fighting the same issue here, with no luck.
You either get local directory or "mobile user".

th3elf said...

Thanks for this information, trying to get this working has been killing me...only to find out it is a glitch in the OS.

Anonymous said...

I got the offline mobile AD account logon to work. In my case I was logging on as the network domain user 'administrator'

Connect mac to domain (a story in it’ own) and logon as a network user.
Had to grant the user admin rights to the mac using the accounts preferences. I expected the AD config to allow domain admins to local admin the mac's, but still working on that. Maybe a config issue or a mistake I made.

Then I ran a disk repair.

Then a log off and back on open a terminal and sudo the command "./createmobileaccount -n username" while in the directory "/System/Library/CoreServices/"

So far working with mobile user.

Rebooted the mac a few times so far.

Still slow logon's, Very slow. Even with the fix from juiced2010. Brand spanking new mac took over 2 minutes to process the logon as a mobile user while disconnected or connected to the AD domain. Even the local admin user took 2 minutes.

Switching between Users also slow.

Also mac still reports "Network Accounts are unavailable" But I am disconnected from the AD domain. I suspect this is normal.

When is 10.7.2 coming out?


rslygh said...

I don't know when 10.7.2 is coming but 10.7.1 that came out last week didn't solve the problem. I can't find anything about 10.7.2 except that it's supposedly available to developers for beta testing. You may be able to get your hands on it if you bug Apple support enough.

Anonymous said...

I got my hands on 10.7.2

Gonna test it on an AD domain on Monday.

Will update.


Anwar Maharban said...

I had the same problem, but i managed to fix mine by Repairing Permissions through Disk Utility.
After running that everything worked like it should.
Odd thing is, that i don't remember changing anything like permissions anywhere, all these problems started after upgrading to Lion.

Hope this solution helps.


Anonymous said...

I'm having the exact same problem with Open Directory too. I get errors when trying to create a Mobile Home directory and local.. logging in also takes up to 3 mins.. really annoying.. hope 10.7.2 fixes this SOON!