When dealing with different sources of authentication via AD and LDAPv3 plug-ins, there are two types of accounts that people refer to. They are:
Network accounts Mobile accounts Network accounts basically mean the user authenticates against an authentication authority other than the local host and their home directory is mounted via protocols such as AFP, SMB, or NFS. Since in your case they're referring to AD, let's assume that they're using the builtin AD plug-in. In this scenario, the user preferences are stored in their "network home directory" which is located on some other machine/server than the local host. So, if their users are logging in from different machines each time they login, it stands to reason that "by host" preferences may not work consistently. However, with network accounts, if the user's home directory can't be mounted, they're not supposed to be able to actually login via loginwindow. Mobile accounts mean that when the user logs in to the machine for the first time and it is configured as such, a "mobile, managed" account will be created on the local machine. In addition, the user will get a local home directory created for them...along with that, your typical local preferences, etc. There are other unique problems to each of these approaches. To truly troubleshoot the problem, you'd need to know more about how they're configuring the AD plug-in before going further. There are different options that may be impacting your application. To look at the configuration options, you'll need to configure the AD plug-in via System Preferences->Users & Groups->Login Options->Network Account Server: Join->Open Directory Utility. Once you have Directory Utility open, you'll see that there are three default plug-ins. Active Directory is the one you want to look at. The configuration options that you're going to be interested in are Advanced Options. You'll want to know what checkboxes they've got checked in order to figure out how they're operating. Based on your description, I'll assume that "Create mobile account at login" is not checked. Troubleshooting this kind of setup can be hard if you don't have AD at hand. I could probably provide some assistance in testing as I can setup AD test environments. I also develop a plug-in similar to the AD and LDAPv3 plug-ins. Cheers, Matt On Sat, Apr 20, 2013 at 1:18 AM, Graham Cox <[email protected]> wrote: > > Hi all, > > > Our app stores some "by host" preferences aside from its usual user > defaults. > > We have a user that reports that these preferences are not working when > logging in over the network. I'm not actually sure what they mean by that, > quote: "other users (all of which are network accounts that authenticate > with AD)" > > The prefs are stored and read using CFPreferences, with current user, > current host as the domain settings. > > First, what sort of network accounts are implied by 'AD' ? Second, what > preferences settings would allow the preferences to work with this kind of > login, if any? I'm thinking that current user, any host would be > appropriate, but it's hard to be sure as I don't know what sort of login > they're even talking about, and it's also difficult to know how to test > this. > > Any hints or help would be gratefully received. > > --Graham > > > > _______________________________________________ > > Cocoa-dev mailing list ([email protected]) > > Please do not post admin requests or moderator comments to the list. > Contact the moderators at cocoa-dev-admins(at)lists.apple.com > > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/cocoa-dev/mattdefoor%40gmail.com > > This email sent to [email protected] > _______________________________________________ Cocoa-dev mailing list ([email protected]) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [email protected]
