Mac OS X 10.8 Mobile Accounts not showing on Macs Bound to AD

James Wilkinson
James Wilkinson used Ask the Experts™
on
We have a mixed estate of Apple and Microsoft Devices in our Secondary School. Our Staff MAcbooks were working when we Bound the Macs to the Active Directory Domain and enabled Mobile Accounts. We receive the mobile account at the Welcome screen on and off the network.

All of a sudden this has stopped working. Our users only get the mobile account as an option when they login to a home account (in the background Wifi connection is established) then they log out and they see the mobile account.

This is very frustrating to have to do this every time. Apple have released an OS X 10.8.4 update which improves performance of network connection, mobile accounts and Active Directory connection but we still have this as an issue.

Another user has the same issue here
https://discussions.apple.com/thread/5185728?start=0&tstart=0

If anyone knows how to force wifi connections at login this would be the first step and a possible solution. I would have thought that a mobile account would work completely offline regardless of wifi connection though.

As always any help is much appreciated
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Aaron TomoskyDirector of Solutions Consulting

Commented:
If you don't solve this, I'd really recommend unjoining everything, installing the free version of centrify on each mac,and joining using centrify. One caution is don't let centrify map existing local user accounts to different active directory accounts even though it lets you. IMO this doesn't work well.

After fighting with macs joining for awhile someone suggested this route and I never looked back. As long as you make clean user accounts it works great. Centrify caches password hashes for offline login just like windows does, so no mobile account to sync.
James WilkinsonNetwork Security Analyst

Author

Commented:
Thank you for this advise I will look into this this week
James WilkinsonNetwork Security Analyst

Author

Commented:
Centrify did not fix this for us but does look like a good piece of software. I'm reluctant to add in another piece of software at this stage as I'm worried it's something else which can go wrong with our setup. I will research more and see if it's necessary to use to get us operating much more reliably
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

James WilkinsonNetwork Security Analyst

Author

Commented:
Just had an Apple specialist remote in to check our environment and he said everything is setup as expected and it's strange why mobile accounts don't show up at startup. The only thing that stands out to me is the wifi symbol is showing on the few clients that work and not on the ones that don't. Apple say this is nothing to do with it as mobile accounts (as the name suggests) do not rely on the network.

We use a few different OS X versions and this is the same on all.
James WilkinsonNetwork Security Analyst

Author

Commented:
We employed an Apple specialist to visit and fix this for us. He said that it is a known apple issue which will hopefully be resolved in OS X 10.9 Mavericks
Aaron TomoskyDirector of Solutions Consulting

Commented:
Centrify didn't solve what exactly? It removes the need for network connections if the user has logged in before...
James WilkinsonNetwork Security Analyst

Author

Commented:
Centrify didn't resolve our issue with the Welcome Screen not showing the Mobile Accounts when off the network.
Aaron TomoskyDirector of Solutions Consulting

Commented:
With centrify you don't need a mobile account. It caches the password hash so a regular network account can be signed in as long as it has signed in before.
It sounds like you've solved your problem for now.  Unfortunately, this still exists in Mavericks.  I did find a way around it.

I haven't yet found a way to turn on the wireless when a user is not logged into a Mac, but I'm still searching.  It's a very obnoxious bug.  This is one reason I want a Windows PC.  I like to run my laptop as a server which means I need the USB or lightning to ethernet adapter to stay connected with the newer, thinner MacBook Pros.

I worked around the mobile account problem by creating the user account entries manually as mobile accounts to each system after it has joined the domain.  Once the account is added as a managed mobile account, the user needs to log in once and it will be cached and remain recognized on the system in the future.  You will still need to log into a working account one time to enable the wireless first.

This command will likely generate errors or warnings that can be ignored.  Run the following as an admin account with sudo:
sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n USERNAME

Open in new window



When you don't have a budget, you just have to work around things.
James WilkinsonNetwork Security Analyst

Author

Commented:
hi serialband

Thank you for your guidance. I have seen this and have yet to try it out. It may work for you

http://www.afp548.com/2013/03/07/another-way-to-enable-wi-fi-at-login-window-with-profiles/

Regards
Thanks!  That's a great link.  I'll have to try that out.  I've been looking for that, but that's not an easy link to search for.  I wonder what search terms would have taken me there.
James WilkinsonNetwork Security Analyst

Author

Commented:
Our Apple specialist company told me that site so that I can look at it often for common issues and updates/workarounds it's very valuable especially with us steadily merging to Mavericks
James WilkinsonNetwork Security Analyst

Author

Commented:
Let me know how you get on with that as I'm going to attempt it too it seems more technical than I'm used to as I'm fairly new to Apple Management with scripting especially
I'll let you know, but I may not have time to test that this week as I have a server upgrade that I'm working on.
James WilkinsonNetwork Security Analyst

Author

Commented:
Ok I will let you know how I get on if I manage to push it out this week
Network Security Analyst
Commented:
We now know that this is a bug with 10.8.5 and Mavericks. This is still happening on 10.9.2.

The issue is when we use FileVault encryption. If we switch this off the Mobile Accounts work 100%. We encrypt the HDD and Mobile Accounts fail
I'm using a mobile account with filevault.  You probably also need to enable a local administrator account access to filevault.  I first made sure filevault worked with the local account, then used that account to decrypt the disk and logged in with the mobile account.  I then enabled filevault on the mobile account and I've been logging in with the mobile account since.
James WilkinsonNetwork Security Analyst

Author

Commented:
Issue resolved. This is a common issue and not many correct solutions on the net so it may be worth posting in knowledge base. or maybe a cleaned up discussion just showing the solution

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial