Archive

Archive for October, 2009

The night Loginwindow put out a hit on my user accounts.

October 11, 2009 Leave a comment

I had an odd problem crop up while doing a server upgrade today, where some AD accounts that I’d set up on a server were disappearing after a reboot. I’d set them up, reboot and *poof* no more user accounts. After a few tries, I hit Google and found the following blog entry which pointed the finger at the loginwindow process clearing the accounts because it believes them to be inactive External Accounts. Sure enough, I checked /var/log/system.log and saw the following entries for each account that had mysteriously disappeared:

Oct 11 00:14:43 server-name com.apple.loginwindow[55]: -xaRemoveInactiveExternalAccounts: removing “username” with home “/Volumes/Data/Users/username” from DSLocal because account is not active.

However, not all accounts were disappearing; only the ones where the account’s home folder was stored on another hard drive in the same server.

In the end, I re-read the createmobileaccount man page and noticed the -x and -X switches:

usage: createmobileaccount -n username [-h homepath] [-P | [-p password]] [-e] [-q] [[-x] | [-X]] [[-s] | [-S]] [-u syncURL] [-v]
-n username : user record name
-h homepath : user home path; Default is “/Users/<username>”
-p password : user password
-P : prompt for password. A password is required for FileVault home
-e encrypt : encrypt new home with FileVault
-q quota : max size in bytes of FileVault home
-x : create as external account on non-boot volumes. Default
-X : create as mobile account account non-boot volumes.
-s : set home sync on if home created.
-S : set home sync off if home created. Default.
-u syncURL : server target of home synchronization
-v : verbose output

I’d been setting up the user accounts using the following command:

sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n username -h /Volumes/Data/Users/username

Since I wasn’t specifying “-x” or “-X” in the command, by default, createmobileaccount was setting them up as external accounts because I’d specified a home folder on a non-boot volume.

Once I switched my command to be the following, my mobile accounts began surviving a reboot:

sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -X -n username -h /Volumes/Data/Users/username

Categories: Geeky, Mac administration, Mac OS X, Mac OS X Server