Create Network Account Without Loss of Local Account Steup

Discussion in 'Mac OS X Server, Xserve, and Networking' started by JoelBC, Aug 7, 2014.

  1. JoelBC macrumors 6502a

    Joined:
    Jun 16, 2012
    #1
    I have decided to go the Mac Mini OS X Server route but I do have one critical backup / restore related question to ask...

    I have come to understand that when I bind my MBA to the OS X Server that among many other things the binding process will create a NEW NETWORK USER ACCOUNT / ID on my MBA...I find this to be problematic because the NEW NETWORK USER ACCOUNT is essentially a clean install of OS X meaning that ALL of the applications, custom setup, files, etc. in my local account will not appear in the NEW NETWRO USER ACCOUNT. The thought of having to rebuild / recreate this is "crushing" and reason enough not to go down this route.

    Is there a way -- and I hope that the answer is yes -- to use a CCC or TimeMachine backup of my local account to recreate / restore my local account (application, data, user settings, etc.) in my network account without deleting / replacing those items or settings that make it a network account (i.e. without converting the network account to a local account). Please tell me both that there is a way and how to do it.

    Thanks in advance,

    Joel
     
  2. sevoneone macrumors 6502

    Joined:
    May 16, 2010
    #2
    Binding your Mac to the server does not remove or prevent having local accounts on your Mac. Local accounts can't be managed by the server, but they can still exist and function on a directory bound Mac. For instance, the small group of macs in our marketing department that I manage all have a local administrator account.

    So biding to the server will not wipe out your data. If you want to migrate your local user account to a network account on the server after binding, Apple has you covered: http://support.apple.com/kb/HT5338
     
  3. JoelBC thread starter macrumors 6502a

    Joined:
    Jun 16, 2012
    #3
    First, appreciate you taking the time to respond.

    Second, I complete agree with you in that i) binding by MBA to OS X Server ("OSXS") does not remove the local account but ii) leaves the user with the option of logging on locally [i.e. to the MBA and having access to the local desktop] pr logging on to the network [i.e. through the MBA and having access to their network desktop].

    Third, the point I was reaching for, and perhaps not as well as I could have, is that the driver behind setting up a network is to increase administrator ease which to me means choosing between i) configuring the network such that the user always logs on locally [i.e. to the MBA] meaning that all data is maintained locally and the network is accessed / logged onto only to access network services when needed or ii) configuring the network such that the user always logs on to the network [through the MBA] and all data is maintained on the server [subject to the possible exception / need to create a roaming profile].

    What are your comments / thoughts on this?



    First, I have never has great success when digging into terminal so would like to know what kind of results others have had with this. Any ideas?

    Second, I think for purposes of simplicity it is beast / easiest to always and consistent either log on locally [i.e. to the MBA] or to the network [i.e. through the MBA] and then manage the data accordingly. Though perhaps not the best exa,poe, this is what I have been doing at work for the past 20+ years in a Windows domain.

    Thanks and look froward to your further comments.


    Joel
     
  4. sevoneone macrumors 6502

    Joined:
    May 16, 2010
    #4
    With OS X Server you've got basically two options:

    i) Standard network accounts where the user logs into the network and all their data is stored on the server in real time. So no matter what system they log into that is on the network, they have access to the same data. Pretty much synonymous with a roaming profile on Windows. You have to have at lease one file share designated on the server for Home Directories, and make sure your network users are configured to use it and not the 'Local Only' option. With this setup, no user data is stored on the client computer.

    ii) Mobile accounts. In Profile Manager (or Workgroup Manager if you prefer it), at the group or individual user level, you can set the ability for users to create a mobile user account the first time they log in on any given client computer. The mobile account creates a local user and what is called a portable home directory on the client so that if the user takes their computer off the network, they can still login to the computer and use their data. The capability to sync data between the user's portable home directory and the server is built-in. Using Profile Manager (or Workgroup Manager) you can configure exactly what files to sync and how often to do so. If you take your MBA off network, you can work as normal and your data will sync with the server when you return.

    There is a great video that goes over all the details of mobile accounts here: https://www.youtube.com/watch?v=UXJLGl64hug

    As for the conversion process, I have done it before and never had any issues, but I've always had a complete system backup before attempting it, just in case.

    As to syncing and managing data between local and network: I would just go with a mobile account and home directory syncing set to sync at login and logoff. I actually prefer this setup for all the users in the setup I manage because they are graphic designers that work with lots of high-res photography and even gigabit ethernet would slow them down and they sometimes need to hop on another workstation for one reason or another.
     
  5. JoelBC, Aug 10, 2014
    Last edited: Aug 10, 2014

    JoelBC thread starter macrumors 6502a

    Joined:
    Jun 16, 2012
    #5
    Agree with one follow up...in OS X Server's "user setup window" what is the difference between setting the home folder location to "Local Only" versus "Home Folder" where "Home Folder" is a network share?

    The reason I ask is that I that I would have that the two were essentially the same in that:

    a) "Local Only" would result in the users Home Folder information being placed located in the //Server/Users/Users Name/ folder and that this information / folder would be available to that user were they to log on to the server from any device that is bound to the server.

    b) "Home Folder" would result in the users Home Folder information being placed located in a Home Folder share -- say //Server/Users/Home Folder/Users Name/ folder -- and that this information / folder would be available to that user were they to log on to the server from any device that is bound to the server.

    So, what are the differences because in the event that the difference is that a share folder is needed to enable the syncing feature described below then could this not be achieved by simply making each users \\Server\User\User Name\ folder a share?

    While on this point, would it not even be preferable to make each users \\Server\User\User Name\ a share because this approach would add greater security because access could be limited to the specific user whereas when using the \\Server\User\Home Folder\User Name approach all users would have access to all user's information because the Home Folder would presumably be shared by all users?



    Appreciate the reference to video which I have been using over the last week to try to learn about OS X Server and, based on their content, concur with your above comment.

    Three follow ups:

    i) Am I correct -- though this may depend on your answers to the above -- that a network user's home folder resides only on the server OR resides on both the network and the client SOLELY BASED on whether OS X Server's file sharing window for the shared folder that contains the user's home folder has "make available for home directories" ticked?

    ii) The user would log on to their MBA using their network user credentials [as opposed to their MBA's local credentials] and presented with a "desktop" that is a mirror of their network "desktop" which can be thought of as being no different than a different / separate MBA user. Is this correct?

    iii) With this setup presumably -- even when connected to the network -- files would be accessed from the MBA rather than the server to improve performance. Is this correct>



    Appreciate that and good to know.



    Again, much thanks...I think that I am getting there with your assistance I just need to understand the need / rational and related security differences between "Local Only" and "Home Folder" approach.
     
  6. JoelBC thread starter macrumors 6502a

    Joined:
    Jun 16, 2012
    #6
    Sevoneone:

    I have been thinking about this a fair amount as it has been gnawing at me [i.e. I really want to understand this].

    I currently understand this situation to be as follows:

    1. If a network user's home folder location is specified as "Local Only" then the home folders a) will be located on the server b) will be available to the user only the user logs into the server from the server and c) will not be available to be synced to the client [because they are not available when logging into the server from a client].

    2. If a network user's home folder location is specified as a shared folder then the home folders a) will be located on the server b) will be available to the user when they log into the server from any client and c) will be available to be synced to client. When the home folder location is specified as a shared folder whether they are or are not synced to the client is controlled in Profile Manager's OS X's "mobility" settings.

    3. With respect to the above:

    i) Am I correct in my understanding and, if not, then please correct it.

    ii) Can a users //Server/Users/User Name folder be configured as a shared folder that can be "made available for home directories"?

    iii) Can the "standard" share folders [i.e. Documents, Music, etc,] be configured as shared folders that can be "made available for home directories"?

    iv) For security purposes is it better to a) have a different shared folder for each users' home folder or b) one shared folder for all users' home folder. The confusing / issue is whether one shared folder for all users' home folders creates a security issue in that it enables all users access to see what other users have in their home folders[which, as an aside, I think it would].

    Thanks in advance for your help!

    Joel
     
  7. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #7
    Correct.

    Don't make individual share points for each user's folder. Set Users as the sharepoint and then when you make the user accounts, Server will put the home folders where they should be and will configure the account to properly use it. If you make individual share points, Server will make another subdirectory inside that with the user's home folder.

    That's ill-advised. Make a separate folder in which the mobile home directories are located, or put them in /Users if you aren't concerned about the users filling the boot disk with their documents.

    You can restrict access to home folders in the Server app after the accounts are created.
     
  8. JoelBC thread starter macrumors 6502a

    Joined:
    Jun 16, 2012
    #8
    Thanks...



    .

    So the suggestion is to make \\Server\Users the share point such that the server will then create subfolders for each users home folders...is this correct?

    This also means that the correct or preferred order for configuring the server is to first specify the shared folder and second add users..is this correct?



    Understood about not using the standard shared folders [i.e. Documents, Music, etc.] as locations for the home folder.

    With respect to your last comment are you saying that it is preferable to designate the shared folder for the home folder as something other than \\Server\Users so that the boot disk is faster and smaller?


    So if the share point is \\Server\Home Folder\ then the suggestion is that *AFTER* the individual home folders are created under Home Folder to then go into file sharing and restrict access to the individual home folders to the specific user...is this correct?

    And, of course, thanks for all the help...
     
  9. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #9
    Yes, the server will create the subfolders for the users' homes automatically.
    Yes, you need the share point to exist, and to have it set as a destination for network homes, before you create your users. Otherwise you will not have an option to create home folders for the users.
    It's not ideal to put the network homes on the server's boot disk, because if the users fill up the boot disk with their files, the server may become unstable.
     
  10. JoelBC thread starter macrumors 6502a

    Joined:
    Jun 16, 2012
    #10
    Thanks, very helpful and very much appreciated...

    Would appreciate help with one more thing..is my understanding correct that if the share point is \\Server\Home Folder\ then to ensure property security the process is to i) create the Home Folder share ii) create the network user accounts so that the individual home folders are created and iii) return to the File Sharing device to restrict access to the individual home folders to the specific user?
     
  11. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #11
    Yes, that will work.
     
  12. JoelBC thread starter macrumors 6502a

    Joined:
    Jun 16, 2012
    #12
    Thank you, your assistance is greatly appreciated and is helping me get to where I need to be...

    Joel
     
  13. JoelBC thread starter macrumors 6502a

    Joined:
    Jun 16, 2012
    #13
    Going back to my original question which remains somewhat unanswered as my understanding has evolved :

    My related question are:

    1. Is there a way -- and I hope that the answer is yes -- to use a CCC or TimeMachine backup of LocalUser to recreate / restore my local account (application, data, user settings, etc.) in NetUser?

    Please note that this document http://support.apple.com/kb/HT5338 does not apply in this situation because it applies to the situation where the OS X Server admin wants to changes an OS X Server local account to an OS X Server Network account.

    2. Would I be able to accomplish the above by installing and configuring OS X Server on my MBA [i.e. would LocalUSer then morph into NetUser?] and then cloning that setup onto my machine that I ultimately want to use as my server?

    TIA,

    Joel
     

Share This Page