Mac

1. Go to Start and type cmd in the search box (for Vista and 7) or select Run and then type in cmd (for XP)
2. Type “ipconfig /all” and press enter.
3. Record the Physical Address from your wireless card (there will be multiple physical addresses–find the one associated with your wireless card, not your ethernet card)
4. Send an email with the code to the IT Director

Mac

1. Go to System Preferences and click on the Network preference button.
2. Click the Advanced button.
3. Make sure the Airport tab is selected and record the Airport ID as circled in the photo below (partially blocked out for security).
4. Send an email with the code to the IT Director

This post is password protected. To view it please enter your password below:

Password:

Apple introduced “mobile accounts” to in essence mimic a Windows-based environment: a user is authenticated by a server and that server looks for a local copy of the user’s profile and either creates one if it doesn’t exist or synchronizes the one on the server with the local copy and logs the user in.  This allows users to log in to that laptop later, even if they aren’t connected to the network because a local account has been created to mimic the network account.  The network/local account will be synchronized later when network connectivity is restored.  Sounds great, right?  The problem with Apple’s mobile accounts are that they are incredibly slow in practice, so much so, that I consider them to be unusable.  If you don’t use local or mobile accounts, your user’s computing environment will freeze anytime they lose network connectivity, which is also an unworkable solution in my opinion.  Many schools will choose to setup mobile accounts to only synchronize certain folders of the user’s network profile (like Documents), but I have found it still too slow to warrant the convenience, as well as potentially being a bit deceptive for the user (what if the user doesn’t save the file in Documents?).

At the beginning of the year, we tried using mobile accounts with synchronization turned completely off.  In essence, this would mean that local accounts are created for each user as they log in for the first time, but those local accounts are never synchronized with the server account, so the user has to make sure to save to their mounted server home directory.  In theory, this system works well, but in reality, it doesn’t.  For our older clients (G4 iBooks 1.33ghz, 512 RAM, 10.4), the login times were horrendous (~1-5 min) and completely unreliable (half of the time, the mobile account creation wasn’t executed and the user logged in as a regular network user).  The system seemed to work fine (though still slower than expected) for our newer clients (2.4ghz macbook, 2 gb RAM, 10.5).  I’m not sure how much of the reliability issue was related to 10.4 vs 10.5 or speed of the client, but the solution was unworkable for our 10.4 iBooks.

Thus, we have reverted back to our original hybrid network/local system.  This system is based on a design from another website/blog that I can no longer find to credit.  If you know who it is, please comment.  We used this system with our laptops back before we switched over to an Apple server from a Linux LDAP/NFS file server.  Here’s how it works:

1. The client is setup to authenticate to our 10.5 server using open directory.  The mappings for NFShomedirectory and apple-home-dir are changed to point to a local alias:

   #/Users/networkUser

   

   

2. A startup script is run to copy a local user template to the folder /Users/NetworkUsers/<username>-local and then point the alias /Users/networkUser to that folder

   #!/bin/tcsh -f
   
   # script to change the ownership of the default profile to the user
   logging in and to mount network shares
   
   set localAdmin = admin
   set localUser = local
   
   ### Debug/testing sanity check ###
   if ( $#argv < 1 ) then
   	echo "No user specified!"
   	exit 1
   endif
   if ( $1 != $localAdmin ) then
   if ( $1 != $localUser ) then
   	if ( ! -d "/Users/NetworkUsers/${1}-local" ) then
   	 `mkdir -m 700 /Users/NetworkUsers/${1}-local`
   	 `/usr/bin/ditto -rsrcFork "/System/Library/User Template/Non_localized" "/Users/NetworkUsers/${1}-local"`
   	 `/usr/sbin/chown -R ${1}:staff /Users/NetworkUsers/${1}-local`
   	endif
   	 `rm -R /Users/networkUser`
   	 `ln -fs "/Users/NetworkUsers/${1}-local" /Users/networkUser`
   	 `/usr/bin/osascript /Library/Management/networkMounts.scpt ${1}`
   	endif
   endif
   
   ### Always exit with 0 status
   exit 0

3. To make the startup script run during login, you have to set the login hook (this command assumes you named the script “reset-homedir-startup.sh” and placed it in the folder /Library/Management/

   sudo defaults write com.apple.loginwindow LoginHook /Library/Management/reset-homedir-startup.sh

4. At the end of the login script, an applescript is run to mount the network shares automatically.  Right now, the script is hard coded to obtain the group id number and convert that to a folder name so that a shortcut directly to the user’s home directory can be made and placed on the desktop and sidebar (this could be made more elegant).  AFP cannot mount a specific folder, thus you have to create a symbolic link to the user’s folder instead.  Apple has the option to automatically include this folder in the dock, but not in the Finder or the Desktop (thus it is kind of worthless because users can’t browse to the Dock when saving inside of a program).  The home share and group share AFP mounts are included in the Login Items preferences section of each group.  You cannot use Apple’s default “mount home directory automatically” option in workgroup manager because it will try to mount the home directory under /Users/networkUser.  Thus, simply tell it to mount the AFP share you want manually.  The profile template that is setup for the network users includes a sidebar item that points to a symbolic link (that is created from the applescript) in an administration folder (/Library/Management/) that links to the users home directory.  When you are first setting up this sidebar item in the user template, just make a folder /Library/Management/home and give everyone read/write permissions.  Then drag that folder to the user’s sidebar.  When the login script runs, it will replace this folder with a symbolic link and the sidebar item will automatically update (and change names to the user’s home directory name).  The applescript is below:

on run argv
	set user to item 1 of argv
	set groupid to do shell script "id " & user & " | awk
            '{ print substr($2,5,4)}'"
	if groupid = "1025" then
		set group to "faculty"
	else if groupid = "1027" then
		set group to "class2010"
	else if groupid = "1028" then
		set group to "class2011"
	else if groupid = "1029" then
		set group to "class2012"
	else if groupid = "1030" then
		set group to "class2013"
	else if groupid = "1031" then
		set group to "class2014"
	else if groupid = "1032" then
		set group to "class2015"
	else if groupid = "1033" then
		set group to "class2016"
	else if groupid = "1034" then
		set group to "class2017"
	else if groupid = "1035" then
		set group to "class2018"
	else if groupid = "1036" then
		set group to "class2019"
	else if groupid = "1037" then
		set group to "class2020"

	end if
	set group1 to group

	do shell script "rm -R /Library/Management/home"
	do shell script "ln -sf /Volumes/home/" & group1 & "/" & user & "/Library/Management/home"
	do shell script "ln -sf /Volumes/home/" & group1 & "/" & user & "/Users/networkUser" & "/Desktop/" & user

end run

5. A screenshot is provided below to highlight how the user’s network home directory is placed in both the sidebar and the desktop.sd
6. The video below details how to create a local template and set up proper permissions, etc.

Lots of people like the idea of sharing one home directory for both Apple and Linux logins, but I think that results in some confusing overlaps and ugliness on the Desktop.  Windows Samba home directories are almost always treated as a separate folder/share, so why should linux home directories be any different?  Since Apple Open Directory is basically just OpenLDAP, the two systems overlap nicely, making combined home directories possible, but I still don’t think it makes much sense (the Desktop icons for a Linux system would show up on your Apple system and vice versa, making it confusing for the user).

The end result is that there is no magical way for users to have one shared home directory that integrates perfectly into whatever OS you log into.  Thus, a separate network share that is independent of all the normal home directory crap (Desktop/Documents/Movies/etc) is necessary.  It turns out that this is possible using Open Directory, but that it is easier to have Linux and Apple home directories shared.  Within an Open Directory (or OpenLDAP), there are fields for your Apple Home Directory, NFS Home Directory, and Windows (Samba) Home Directory.  However, Workgroup Manager in OS X Server automatically populates both the Apple Home Directory and the NFS Home directory based on your selection in the Home tab, so you have to manually edit the NFS Home Directory entry if you want something different.  The problem with manually editing is that it isn’t as automated (though there is probably a way to make it more automated through the use of presets?).  Additionally, it is more easily messed up–so it is best to have a combined Apple/Linux home directory as it is originally setup.  Thus, in order to properly mount a user’s home directory in Linux, setup the ridiculous mount point on your linux box by creating the directory structure: /Network/Servers/<servername>/Volumes/<volumename>/home and mounting via NFS the network share in that location.

See future posts for details about our particular setup and on how to make Linux/Apple/Windows play nicely together.