Skip to main content
Answer

Mobility Configuration Profile

  • May 3, 2013
  • 7 replies
  • 10 views
T
Forum|alt.badge.img+10

Hey, guys:

I've set up a Mobility Configuration Profile to "Create mobile account when user logs in to network account" for our Open Directory (10.6.8). Of course, being a User Level profile, this doesn't get applied until after first login. So the first time we log in with a network user it creates a network account, then the Configuration Profile gets applied, so the next time we login, a proper mobile account gets created. This is okay, but is there any way to get the mobile account on first login?

Lemme know your thoughts!

Michael

Best answer by justinworkman

Sorry I just noticed your reply....
Here is the EA:

#!/bin/sh
liu=$(who | grep console | awk '{print $1}')
la=$(ls /Users | grep $liu)
if [ "$liu" = "$la" ]; then
echo "<result>Mobile</result>"
else
echo "<result>Network</result>"
fi

and here is the script:

#!/bin/sh
liuser=$(who | grep console | awk '{print $1}')
/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n $liuser

I'm abandoning hopes of using configuration profiles for mobility this year and reverting back to using 10.6.8 OD MCX.

    7 replies

    J
    Forum|alt.badge.img+13
    • Johnny_Kim
    • Contributor
    • May 3, 2013

    I use a script with a startup trigger with the command below. This works very well with 10.7.x, not sure about 10.6.x

    dsconfigad -mobile enable ; dsconfigad -mobileconfirm disable
    T
    Forum|alt.badge.img+10
    • tuinte
    • Author
    • Valued Contributor
    • May 3, 2013

    Do you mean dsconfigldap as I'm using OD not AD?

    J
    Forum|alt.badge.img+7

    I've had trouble with this also. I'm also using OD. Even after a single login I can't reliably be sure that a 'mobile' account will be created. I've seen people have to log in and out multiple times before their mobile account takes hold. What I eventually did this year(I'm hoping to come up with something new this summer) is build an extension attribute to determine who was using a network account. I created a smart group based on that EA then ran a script scoped to that group that forced the creation of the mobile account. I'd be happy to share the EA and script if anyone is interested.

    T
    Forum|alt.badge.img+10
    • tuinte
    • Author
    • Valued Contributor
    • May 7, 2013

    I would gladly take such an EA and such a script.

    J
    Forum|alt.badge.img+7
    • justinworkman
    • Contributor
    • Answer
    • May 31, 2013

    Sorry I just noticed your reply....
    Here is the EA:

    #!/bin/sh
liu=$(who | grep console | awk '{print $1}')
la=$(ls /Users | grep $liu)
if [ "$liu" = "$la" ]; then
echo "<result>Mobile</result>"
else
echo "<result>Network</result>"
fi

    and here is the script:

    #!/bin/sh
liuser=$(who | grep console | awk '{print $1}')
/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n $liuser

    I'm abandoning hopes of using configuration profiles for mobility this year and reverting back to using 10.6.8 OD MCX.

    T
    Forum|alt.badge.img+10
    • tuinte
    • Author
    • Valued Contributor
    • May 31, 2013

    OP delivers. Thanks a million.

    J
    Forum|alt.badge.img+1
    • Jpmvdr
    • New Contributor
    • June 27, 2013

    Justin,
    I am using your script but get an error I do not understand:
    Running script createMobileUser.sh... Script exit code: 0 Script result: 2013-06-27 13:29:15.298 createmobileaccount[975:707] MCXCCacheMCXRecordAndGraph(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_SUSPEND, &(uid=1027), NULL) failed
    2013-06-27 13:29:16.426 createmobileaccount[975:707] MCXCCacheMCXRecordAndGraph(): vproc_swap_integer(NULL, VPROC_GSK_PERUSER_RESUME, &(uid=1027), NULL) failed
    createmobileaccount built Apr 27 2013 02:50:29

    Any ideas?

    Terms & ConditionsCookie settingsAccessibility statement