On the MacEnterprise maillist, Arjen van Bochoven wrote of problems with automatic HomeSyncs under Leopard with NFS home directories. Manual syncs worked fine, but the automatic background syncs would fail with errors that looked like this:
1::  Peer "network" is unable to sync. (-[SPeer_FS_PHD mountPeerVolume] (Peer-FS-PHD.m:140): "'((homePath))' is nil")
0::  [2009/02/19 10:45:10.640] Peer "network" is unable to sync. Not enough peers will be available to continue syncing.
0::  [2009/02/19 10:45:10.640] Aborting sync of "HomeSync_Mirror".
I saw the exact same problem in my environment. This also affected login and logout syncs. Here’s the (ugly) fix. Continue reading “Leopard, MobileAccounts, and NFS homes”
Here is a PDF of my presentation at Macworld SF 2008 on Managing OS X Clients with or without Open Directory.
If you are doing an in-place upgrade from Tiger to Leopard without using the Apple Leopard Install DVD, you may need a way to convert existing local or mobile accounts from NetInfo to the dslocal store.
Here’s a script that converts local accounts; it requires the nicl binary, which you can copy from any Tiger installation.
For local accounts, it uses nicl to read the account info, and dscl to create a new corresponding account. For mobile accounts, it uses createmobileaccount to recreate the mobile account.
New in Leopard is the ability to protect an account with FileVault as it is being created. When creating a mobile account, you can check the box to use FileVault, and this setting is easy to enforce with Workgroup Manager’s preference management as part of the Mobility settings.
If you use the Accounts preference pane to create a local account, you’ll see a new checkbox labeled “Turn on FileVault protection”, but it’s unchecked by default. What if your organization wants to ensure that all accounts — even purely local accounts — on laptops are protected with FileVault? With Workgroup Manager’s preference management, there does not seem to be a way to manage this setting in the Accounts preference pane. But you can manage it if you dig a little deeper…
Continue reading “Enforcing FileVault on local accounts”
Newer posts on the same subject:
Recently on the MacEnterprise mailing list, several of us were discussing putting MCX records into the local directory service. This is an appealing idea to me, because we don’t use Open Directory, and I’ve never wanted to spend the political capital to get our LDAP schema extended to support MCX, especially since I didn’t really know if ManagedClient/MCX would actually do what we wanted.
MCX in the local directory service seemed to me a way to experiment without having to convince our LDAP admins to make schema changes.
Continue reading “MCX, dslocal, and Leopard”