Mac OS X 10.8 Mobile Accounts not showing on Macs Bound to AD

We have a mixed estate of Apple and Microsoft Devices in our Secondary School. Our Staff MAcbooks were working when we Bound the Macs to the Active Directory Domain and enabled Mobile Accounts. We receive the mobile account at the Welcome screen on and off the network.

All of a sudden this has stopped working. Our users only get the mobile account as an option when they login to a home account (in the background Wifi connection is established) then they log out and they see the mobile account.

This is very frustrating to have to do this every time. Apple have released an OS X 10.8.4 update which improves performance of network connection, mobile accounts and Active Directory connection but we still have this as an issue.

Another user has the same issue here
https://discussions.apple.com/thread/5185728?start=0&tstart=0

If anyone knows how to force wifi connections at login this would be the first step and a possible solution. I would have thought that a mobile account would work completely offline regardless of wifi connection though.

As always any help is much appreciated
James WilkinsonNetwork ManagerAsked:
Who is Participating?
 
James WilkinsonConnect With a Mentor Network ManagerAuthor Commented:
We now know that this is a bug with 10.8.5 and Mavericks. This is still happening on 10.9.2.

The issue is when we use FileVault encryption. If we switch this off the Mobile Accounts work 100%. We encrypt the HDD and Mobile Accounts fail
0
 
Aaron TomoskySD-WAN SimplifiedCommented:
If you don't solve this, I'd really recommend unjoining everything, installing the free version of centrify on each mac,and joining using centrify. One caution is don't let centrify map existing local user accounts to different active directory accounts even though it lets you. IMO this doesn't work well.

After fighting with macs joining for awhile someone suggested this route and I never looked back. As long as you make clean user accounts it works great. Centrify caches password hashes for offline login just like windows does, so no mobile account to sync.
0
 
James WilkinsonNetwork ManagerAuthor Commented:
Thank you for this advise I will look into this this week
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
James WilkinsonNetwork ManagerAuthor Commented:
Centrify did not fix this for us but does look like a good piece of software. I'm reluctant to add in another piece of software at this stage as I'm worried it's something else which can go wrong with our setup. I will research more and see if it's necessary to use to get us operating much more reliably
0
 
James WilkinsonNetwork ManagerAuthor Commented:
Just had an Apple specialist remote in to check our environment and he said everything is setup as expected and it's strange why mobile accounts don't show up at startup. The only thing that stands out to me is the wifi symbol is showing on the few clients that work and not on the ones that don't. Apple say this is nothing to do with it as mobile accounts (as the name suggests) do not rely on the network.

We use a few different OS X versions and this is the same on all.
0
 
James WilkinsonNetwork ManagerAuthor Commented:
We employed an Apple specialist to visit and fix this for us. He said that it is a known apple issue which will hopefully be resolved in OS X 10.9 Mavericks
0
 
Aaron TomoskySD-WAN SimplifiedCommented:
Centrify didn't solve what exactly? It removes the need for network connections if the user has logged in before...
0
 
James WilkinsonNetwork ManagerAuthor Commented:
Centrify didn't resolve our issue with the Welcome Screen not showing the Mobile Accounts when off the network.
0
 
Aaron TomoskySD-WAN SimplifiedCommented:
With centrify you don't need a mobile account. It caches the password hash so a regular network account can be signed in as long as it has signed in before.
0
 
serialbandCommented:
It sounds like you've solved your problem for now.  Unfortunately, this still exists in Mavericks.  I did find a way around it.

I haven't yet found a way to turn on the wireless when a user is not logged into a Mac, but I'm still searching.  It's a very obnoxious bug.  This is one reason I want a Windows PC.  I like to run my laptop as a server which means I need the USB or lightning to ethernet adapter to stay connected with the newer, thinner MacBook Pros.

I worked around the mobile account problem by creating the user account entries manually as mobile accounts to each system after it has joined the domain.  Once the account is added as a managed mobile account, the user needs to log in once and it will be cached and remain recognized on the system in the future.  You will still need to log into a working account one time to enable the wireless first.

This command will likely generate errors or warnings that can be ignored.  Run the following as an admin account with sudo:
sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n USERNAME

Open in new window



When you don't have a budget, you just have to work around things.
0
 
James WilkinsonNetwork ManagerAuthor Commented:
hi serialband

Thank you for your guidance. I have seen this and have yet to try it out. It may work for you

http://www.afp548.com/2013/03/07/another-way-to-enable-wi-fi-at-login-window-with-profiles/

Regards
0
 
serialbandCommented:
Thanks!  That's a great link.  I'll have to try that out.  I've been looking for that, but that's not an easy link to search for.  I wonder what search terms would have taken me there.
0
 
James WilkinsonNetwork ManagerAuthor Commented:
Our Apple specialist company told me that site so that I can look at it often for common issues and updates/workarounds it's very valuable especially with us steadily merging to Mavericks
0
 
James WilkinsonNetwork ManagerAuthor Commented:
Let me know how you get on with that as I'm going to attempt it too it seems more technical than I'm used to as I'm fairly new to Apple Management with scripting especially
0
 
serialbandCommented:
I'll let you know, but I may not have time to test that this week as I have a server upgrade that I'm working on.
0
 
James WilkinsonNetwork ManagerAuthor Commented:
Ok I will let you know how I get on if I manage to push it out this week
0
 
serialbandCommented:
I'm using a mobile account with filevault.  You probably also need to enable a local administrator account access to filevault.  I first made sure filevault worked with the local account, then used that account to decrypt the disk and logged in with the mobile account.  I then enabled filevault on the mobile account and I've been logging in with the mobile account since.
0
 
James WilkinsonNetwork ManagerAuthor Commented:
Issue resolved. This is a common issue and not many correct solutions on the net so it may be worth posting in knowledge base. or maybe a cleaned up discussion just showing the solution
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.