Re: Preferences for network login
Re: Preferences for network login
- Subject: Re: Preferences for network login
- From: Matt DeFoor <email@hidden>
- Date: Sat, 20 Apr 2013 09:22:53 -0400
When dealing with different sources of authentication via AD and LDAPv3
plug-ins, there are two types of accounts that people refer to. They are:
Network accounts
Mobile accounts
Network accounts basically mean the user authenticates against an
authentication authority other than the local host and their home directory
is mounted via protocols such as AFP, SMB, or NFS. Since in your case
they're referring to AD, let's assume that they're using the builtin AD
plug-in. In this scenario, the user preferences are stored in their
"network home directory" which is located on some other machine/server than
the local host.
So, if their users are logging in from different machines each time they
login, it stands to reason that "by host" preferences may not work
consistently. However, with network accounts, if the user's home directory
can't be mounted, they're not supposed to be able to actually login via
loginwindow.
Mobile accounts mean that when the user logs in to the machine for the
first time and it is configured as such, a "mobile, managed" account will
be created on the local machine. In addition, the user will get a local
home directory created for them...along with that, your typical local
preferences, etc.
There are other unique problems to each of these approaches. To truly
troubleshoot the problem, you'd need to know more about how they're
configuring the AD plug-in before going further. There are different
options that may be impacting your application.
To look at the configuration options, you'll need to configure the AD
plug-in via System Preferences->Users & Groups->Login Options->Network
Account Server: Join->Open Directory Utility. Once you have Directory
Utility open, you'll see that there are three default plug-ins. Active
Directory is the one you want to look at.
The configuration options that you're going to be interested in are
Advanced Options. You'll want to know what checkboxes they've got checked
in order to figure out how they're operating.
Based on your description, I'll assume that "Create mobile account at
login" is not checked.
Troubleshooting this kind of setup can be hard if you don't have AD at
hand. I could probably provide some assistance in testing as I can setup AD
test environments. I also develop a plug-in similar to the AD and LDAPv3
plug-ins.
Cheers,
Matt
On Sat, Apr 20, 2013 at 1:18 AM, Graham Cox <email@hidden> wrote:
>
> Hi all,
>
>
> Our app stores some "by host" preferences aside from its usual user
> defaults.
>
> We have a user that reports that these preferences are not working when
> logging in over the network. I'm not actually sure what they mean by that,
> quote: "other users (all of which are network accounts that authenticate
> with AD)"
>
> The prefs are stored and read using CFPreferences, with current user,
> current host as the domain settings.
>
> First, what sort of network accounts are implied by 'AD' ? Second, what
> preferences settings would allow the preferences to work with this kind of
> login, if any? I'm thinking that current user, any host would be
> appropriate, but it's hard to be sure as I don't know what sort of login
> they're even talking about, and it's also difficult to know how to test
> this.
>
> Any hints or help would be gratefully received.
>
> --Graham
>
>
>
> _______________________________________________
>
> Cocoa-dev mailing list (email@hidden)
>
> Please do not post admin requests or moderator comments to the list.
> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden