Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

JoelBC

macrumors 65816
Original poster
Jun 16, 2012
1,045
100
I have decided to go the Mac Mini OS X Server route but I do have one critical backup / restore related question to ask...

I have come to understand that when I bind my MBA to the OS X Server that among many other things the binding process will create a NEW NETWORK USER ACCOUNT / ID on my MBA...I find this to be problematic because the NEW NETWORK USER ACCOUNT is essentially a clean install of OS X meaning that ALL of the applications, custom setup, files, etc. in my local account will not appear in the NEW NETWRO USER ACCOUNT. The thought of having to rebuild / recreate this is "crushing" and reason enough not to go down this route.

Is there a way -- and I hope that the answer is yes -- to use a CCC or TimeMachine backup of my local account to recreate / restore my local account (application, data, user settings, etc.) in my network account without deleting / replacing those items or settings that make it a network account (i.e. without converting the network account to a local account). Please tell me both that there is a way and how to do it.

Thanks in advance,

Joel
 
I have decided to go the Mac Mini OS X Server route but I do have one critical backup / restore related question to ask...

I have come to understand that when I bind my MBA to the OS X Server that among many other things the binding process will create a NEW NETWORK USER ACCOUNT / ID on my MBA...I find this to be problematic because the NEW NETWORK USER ACCOUNT is essentially a clean install of OS X meaning that ALL of the applications, custom setup, files, etc. in my local account will not appear in the NEW NETWRO USER ACCOUNT. The thought of having to rebuild / recreate this is "crushing" and reason enough not to go down this route.

Is there a way -- and I hope that the answer is yes -- to use a CCC or TimeMachine backup of my local account to recreate / restore my local account (application, data, user settings, etc.) in my network account without deleting / replacing those items or settings that make it a network account (i.e. without converting the network account to a local account). Please tell me both that there is a way and how to do it.

Thanks in advance,

Joel

Binding your Mac to the server does not remove or prevent having local accounts on your Mac. Local accounts can't be managed by the server, but they can still exist and function on a directory bound Mac. For instance, the small group of macs in our marketing department that I manage all have a local administrator account.

So biding to the server will not wipe out your data. If you want to migrate your local user account to a network account on the server after binding, Apple has you covered: http://support.apple.com/kb/HT5338
 
Binding your Mac to the server does not remove or prevent having local accounts on your Mac. Local accounts can't be managed by the server, but they can still exist and function on a directory bound Mac. For instance, the small group of macs in our marketing department that I manage all have a local administrator account.

First, appreciate you taking the time to respond.

Second, I complete agree with you in that i) binding by MBA to OS X Server ("OSXS") does not remove the local account but ii) leaves the user with the option of logging on locally [i.e. to the MBA and having access to the local desktop] pr logging on to the network [i.e. through the MBA and having access to their network desktop].

Third, the point I was reaching for, and perhaps not as well as I could have, is that the driver behind setting up a network is to increase administrator ease which to me means choosing between i) configuring the network such that the user always logs on locally [i.e. to the MBA] meaning that all data is maintained locally and the network is accessed / logged onto only to access network services when needed or ii) configuring the network such that the user always logs on to the network [through the MBA] and all data is maintained on the server [subject to the possible exception / need to create a roaming profile].

What are your comments / thoughts on this?



So biding to the server will not wipe out your data. If you want to migrate your local user account to a network account on the server after binding, Apple has you covered: http://support.apple.com/kb/HT5338

First, I have never has great success when digging into terminal so would like to know what kind of results others have had with this. Any ideas?

Second, I think for purposes of simplicity it is beast / easiest to always and consistent either log on locally [i.e. to the MBA] or to the network [i.e. through the MBA] and then manage the data accordingly. Though perhaps not the best exa,poe, this is what I have been doing at work for the past 20+ years in a Windows domain.

Thanks and look froward to your further comments.


Joel
 
First, appreciate you taking the time to respond.

Second, I complete agree with you in that i) binding by MBA to OS X Server ("OSXS") does not remove the local account but ii) leaves the user with the option of logging on locally [i.e. to the MBA and having access to the local desktop] pr logging on to the network [i.e. through the MBA and having access to their network desktop].

Third, the point I was reaching for, and perhaps not as well as I could have, is that the driver behind setting up a network is to increase administrator ease which to me means choosing between i) configuring the network such that the user always logs on locally [i.e. to the MBA] meaning that all data is maintained locally and the network is accessed / logged onto only to access network services when needed or ii) configuring the network such that the user always logs on to the network [through the MBA] and all data is maintained on the server [subject to the possible exception / need to create a roaming profile].

What are your comments / thoughts on this?





First, I have never has great success when digging into terminal so would like to know what kind of results others have had with this. Any ideas?

Second, I think for purposes of simplicity it is beast / easiest to always and consistent either log on locally [i.e. to the MBA] or to the network [i.e. through the MBA] and then manage the data accordingly. Though perhaps not the best exa,poe, this is what I have been doing at work for the past 20+ years in a Windows domain.

Thanks and look froward to your further comments.


Joel

With OS X Server you've got basically two options:

i) Standard network accounts where the user logs into the network and all their data is stored on the server in real time. So no matter what system they log into that is on the network, they have access to the same data. Pretty much synonymous with a roaming profile on Windows. You have to have at lease one file share designated on the server for Home Directories, and make sure your network users are configured to use it and not the 'Local Only' option. With this setup, no user data is stored on the client computer.

ii) Mobile accounts. In Profile Manager (or Workgroup Manager if you prefer it), at the group or individual user level, you can set the ability for users to create a mobile user account the first time they log in on any given client computer. The mobile account creates a local user and what is called a portable home directory on the client so that if the user takes their computer off the network, they can still login to the computer and use their data. The capability to sync data between the user's portable home directory and the server is built-in. Using Profile Manager (or Workgroup Manager) you can configure exactly what files to sync and how often to do so. If you take your MBA off network, you can work as normal and your data will sync with the server when you return.

There is a great video that goes over all the details of mobile accounts here: https://www.youtube.com/watch?v=UXJLGl64hug

As for the conversion process, I have done it before and never had any issues, but I've always had a complete system backup before attempting it, just in case.

As to syncing and managing data between local and network: I would just go with a mobile account and home directory syncing set to sync at login and logoff. I actually prefer this setup for all the users in the setup I manage because they are graphic designers that work with lots of high-res photography and even gigabit ethernet would slow them down and they sometimes need to hop on another workstation for one reason or another.
 
With OS X Server you've got basically two options:

i) Standard network accounts where the user logs into the network and all their data is stored on the server in real time. So no matter what system they log into that is on the network, they have access to the same data. Pretty much synonymous with a roaming profile on Windows. You have to have at lease one file share designated on the server for Home Directories, and make sure your network users are configured to use it and not the 'Local Only' option. With this setup, no user data is stored on the client computer.

Agree with one follow up...in OS X Server's "user setup window" what is the difference between setting the home folder location to "Local Only" versus "Home Folder" where "Home Folder" is a network share?

The reason I ask is that I that I would have that the two were essentially the same in that:

a) "Local Only" would result in the users Home Folder information being placed located in the //Server/Users/Users Name/ folder and that this information / folder would be available to that user were they to log on to the server from any device that is bound to the server.

b) "Home Folder" would result in the users Home Folder information being placed located in a Home Folder share -- say //Server/Users/Home Folder/Users Name/ folder -- and that this information / folder would be available to that user were they to log on to the server from any device that is bound to the server.

So, what are the differences because in the event that the difference is that a share folder is needed to enable the syncing feature described below then could this not be achieved by simply making each users \\Server\User\User Name\ folder a share?

While on this point, would it not even be preferable to make each users \\Server\User\User Name\ a share because this approach would add greater security because access could be limited to the specific user whereas when using the \\Server\User\Home Folder\User Name approach all users would have access to all user's information because the Home Folder would presumably be shared by all users?



ii) Mobile accounts. In Profile Manager (or Workgroup Manager if you prefer it), at the group or individual user level, you can set the ability for users to create a mobile user account the first time they log in on any given client computer. The mobile account creates a local user and what is called a portable home directory on the client so that if the user takes their computer off the network, they can still login to the computer and use their data. The capability to sync data between the user's portable home directory and the server is built-in. Using Profile Manager (or Workgroup Manager) you can configure exactly what files to sync and how often to do so. If you take your MBA off network, you can work as normal and your data will sync with the server when you return.

There is a great video that goes over all the details of mobile accounts here: https://www.youtube.com/watch?v=UXJLGl64hug

Appreciate the reference to video which I have been using over the last week to try to learn about OS X Server and, based on their content, concur with your above comment.

Three follow ups:

i) Am I correct -- though this may depend on your answers to the above -- that a network user's home folder resides only on the server OR resides on both the network and the client SOLELY BASED on whether OS X Server's file sharing window for the shared folder that contains the user's home folder has "make available for home directories" ticked?

ii) The user would log on to their MBA using their network user credentials [as opposed to their MBA's local credentials] and presented with a "desktop" that is a mirror of their network "desktop" which can be thought of as being no different than a different / separate MBA user. Is this correct?

iii) With this setup presumably -- even when connected to the network -- files would be accessed from the MBA rather than the server to improve performance. Is this correct>



As for the conversion process, I have done it before and never had any issues, but I've always had a complete system backup before attempting it, just in case.

Appreciate that and good to know.



As to syncing and managing data between local and network: I would just go with a mobile account and home directory syncing set to sync at login and logoff. I actually prefer this setup for all the users in the setup I manage because they are graphic designers that work with lots of high-res photography and even gigabit ethernet would slow them down and they sometimes need to hop on another workstation for one reason or another.

Again, much thanks...I think that I am getting there with your assistance I just need to understand the need / rational and related security differences between "Local Only" and "Home Folder" approach.
 
Last edited:
Sevoneone:

I have been thinking about this a fair amount as it has been gnawing at me [i.e. I really want to understand this].

I currently understand this situation to be as follows:

1. If a network user's home folder location is specified as "Local Only" then the home folders a) will be located on the server b) will be available to the user only the user logs into the server from the server and c) will not be available to be synced to the client [because they are not available when logging into the server from a client].

2. If a network user's home folder location is specified as a shared folder then the home folders a) will be located on the server b) will be available to the user when they log into the server from any client and c) will be available to be synced to client. When the home folder location is specified as a shared folder whether they are or are not synced to the client is controlled in Profile Manager's OS X's "mobility" settings.

3. With respect to the above:

i) Am I correct in my understanding and, if not, then please correct it.

ii) Can a users //Server/Users/User Name folder be configured as a shared folder that can be "made available for home directories"?

iii) Can the "standard" share folders [i.e. Documents, Music, etc,] be configured as shared folders that can be "made available for home directories"?

iv) For security purposes is it better to a) have a different shared folder for each users' home folder or b) one shared folder for all users' home folder. The confusing / issue is whether one shared folder for all users' home folders creates a security issue in that it enables all users access to see what other users have in their home folders[which, as an aside, I think it would].

Thanks in advance for your help!

Joel
 
1. If a network user's home folder location is specified as "Local Only" then the home folders a) will be located on the server b) will be available to the user only the user logs into the server from the server and c) will not be available to be synced to the client [because they are not available when logging into the server from a client].
2. If a network user's home folder location is specified as a shared folder then the home folders a) will be located on the server b) will be available to the user when they log into the server from any client and c) will be available to be synced to client. When the home folder location is specified as a shared folder whether they are or are not synced to the client is controlled in Profile Manager's OS X's "mobility" settings.
Correct.

ii) Can a users //Server/Users/User Name folder be configured as a shared folder that can be "made available for home directories"?
Don't make individual share points for each user's folder. Set Users as the sharepoint and then when you make the user accounts, Server will put the home folders where they should be and will configure the account to properly use it. If you make individual share points, Server will make another subdirectory inside that with the user's home folder.

iii) Can the "standard" share folders [i.e. Documents, Music, etc,] be configured as shared folders that can be "made available for home directories"?
That's ill-advised. Make a separate folder in which the mobile home directories are located, or put them in /Users if you aren't concerned about the users filling the boot disk with their documents.

The confusing / issue is whether one shared folder for all users' home folders creates a security issue in that it enables all users access to see what other users have in their home folders[which, as an aside, I think it would].
You can restrict access to home folders in the Server app after the accounts are created.
 

Thanks...



Don't make individual share points for each user's folder. Set Users as the sharepoint and then when you make the user accounts, Server will put the home folders where they should be and will configure the account to properly use it. If you make individual share points, Server will make another subdirectory inside that with the user's home folder
.

So the suggestion is to make \\Server\Users the share point such that the server will then create subfolders for each users home folders...is this correct?

This also means that the correct or preferred order for configuring the server is to first specify the shared folder and second add users..is this correct?



That's ill-advised. Make a separate folder in which the mobile home directories are located, or put them in /Users if you aren't concerned about the users filling the boot disk with their documents.

Understood about not using the standard shared folders [i.e. Documents, Music, etc.] as locations for the home folder.

With respect to your last comment are you saying that it is preferable to designate the shared folder for the home folder as something other than \\Server\Users so that the boot disk is faster and smaller?


You can restrict access to home folders in the Server app after the accounts are created.

So if the share point is \\Server\Home Folder\ then the suggestion is that *AFTER* the individual home folders are created under Home Folder to then go into file sharing and restrict access to the individual home folders to the specific user...is this correct?

And, of course, thanks for all the help...
 
So the suggestion is to make \\Server\Users the share point such that the server will then create subfolders for each users home folders...is this correct?

This also means that the correct or preferred order for configuring the server is to first specify the shared folder and second add users..is this correct?
Yes, the server will create the subfolders for the users' homes automatically.
Yes, you need the share point to exist, and to have it set as a destination for network homes, before you create your users. Otherwise you will not have an option to create home folders for the users.
It's not ideal to put the network homes on the server's boot disk, because if the users fill up the boot disk with their files, the server may become unstable.
 
Yes, the server will create the subfolders for the users' homes automatically.
Yes, you need the share point to exist, and to have it set as a destination for network homes, before you create your users. Otherwise you will not have an option to create home folders for the users.

It's not ideal to put the network homes on the server's boot disk, because if the users fill up the boot disk with their files, the server may become unstable.

Thanks, very helpful and very much appreciated...

Would appreciate help with one more thing..is my understanding correct that if the share point is \\Server\Home Folder\ then to ensure property security the process is to i) create the Home Folder share ii) create the network user accounts so that the individual home folders are created and iii) return to the File Sharing device to restrict access to the individual home folders to the specific user?
 
Thanks, very helpful and very much appreciated...

Would appreciate help with one more thing..is my understanding correct that if the share point is \\Server\Home Folder\ then to ensure property security the process is to i) create the Home Folder share ii) create the network user accounts so that the individual home folders are created and iii) return to the File Sharing device to restrict access to the individual home folders to the specific user?

Yes, that will work.
 
Going back to my original question which remains somewhat unanswered as my understanding has evolved :

OP Now Writes: said:
I have come to understand that when I i) setup OS X Server ii) create a network user ID for myself [i.e. for purposes of this discussion let's call it NetUser] and iii) then want to log on to the OS X Server from my MBA that I will be logging on as NetUser [as opposed to logging on using the MBA's local user ID which for purposes of this discussion let's call LocalUSer].

If the above is correct then this is a problem because the NetUser accountT is essentially a clean install of OS X meaning that ALL of the applications, custom setup, files, etc. that I have painstakingly setup under LocalUser will not under NetUSer. The thought of having to rebuild / recreate this is "crushing" and reason enough not to go down this route.

My related question are:

1. Is there a way -- and I hope that the answer is yes -- to use a CCC or TimeMachine backup of LocalUser to recreate / restore my local account (application, data, user settings, etc.) in NetUser?

Please note that this document http://support.apple.com/kb/HT5338 does not apply in this situation because it applies to the situation where the OS X Server admin wants to changes an OS X Server local account to an OS X Server Network account.

2. Would I be able to accomplish the above by installing and configuring OS X Server on my MBA [i.e. would LocalUSer then morph into NetUser?] and then cloning that setup onto my machine that I ultimately want to use as my server?

TIA,

Joel
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.