Configuring a workstation to use a network or mobile account is beneficial in environments where administrators wish to manage authentication from a central server, utilize single-sign-on, or improve security by enforcing a password expiration policy.
To read more about the differences between network and mobile accounts, as well as instructions on binding to Open Directory and Active Directory, visit our article, Creating Network/Mobile Accounts with Local Homes.
In order to convert an existing local account to a mobile account, we must first remove the account from the local directory. Ideally, we will retain the existing data and ensure the existing home name matches the short name of the appropriate network user. Instructions are below. Contact us if you would like Robot Cloud to help automate this process!
Perform the Conversion
- Bind the workstation using the instructions in our Creating Network/Mobile Accounts with Local Homes knowledge-base article.
- Use Terminal to remove the username from the local directory. This will leave the local home folder in place. The command is below (substitute USERNAME for the short name of the user you are converting).
sudo dscl . delete /Users/USERNAME
- Change the name of the local home folder to match the directory short name. The command is posted below (substitute USERNAME for the original short name, and DIRUSERNAME for the directory short name).
sudo mv /Users/USERNAME /Users/DIRUSERNAME
- Log out to test the new account.
- At the login screen, select 'Other' or simply type the user's network credentials.
Clean Up Permissions
On the first login it is entirely normal to receive permissions errors. These can be corrected using two Terminal commands. Substitute USERNAME for the directory short name, and DOMAIN for the sub-domain of your directory server. IMPORTANT: You will want to run these two commands from an account other than the newly converted network account.
sudo chown -R USERNAME:"DOMAIN\domain users" /Users/USERNAME sudo chmod -R 755 /Users/USERNAME
Additionally, there are some applications which hard-code the path to support files in their preference plists. These applications will break if the username was changed. Ensure that all applications launch appropriately and modify the plists using a text editor to correct the path, or delete the plist, re-launch the application and re-configure the settings.