Synchronizing an Account | Apple Training Series: Mac OS X v10.4 System Administration Reference, Volume 2

Once a mobile account is created, a user has a local copy of her attributes and values, but the data that user works with every dayword-processing documents, Keynote presentations, and other document typesis stored on the computer on which the local account was created. Also, any preferences for the applications that create those files and settings, such as the Dock or Finder preferences, are stored locally as well, and not stored on the server where the original account is located.

While MCX setting changes are propagated down every time a user logs in when connected to the network on which the original server is located, user-created data and preferences are not. Therefore, a plan must be put into place to handle the user-created documents and preferences. Synchronization backs up user-created data, preferences, and other items related to the user's work environment into the network home folder of that user.

Before synchronization can occur, a home folder for the user must be created on the network for that user and listed in the user's attributes. This is done using Workgroup Manager. Please refer to Lesson 8, "Creating Accounts," for more information on creating home folders for network user accounts.

Setting Up Synchronized Accounts

After setting the managed preference for mobile accounts, choose how the initial synchronization will take place. (If no synchronization is set, the user-created data is never written back to the server.)

When setting up synchronization, you must define which parts of the user's home folder will be synchronized. When testing a new account with no user-created data, it's best to synchronize the entire home folder and leave all the defaults in place. Remember that the shortcut for a user's home folder is represented by a tilde (~).

To set up synchronization on login and logout:

1.	Launch Workgroup Manager.
2.	Connect to your directory server and authenticate.
3.	In the top right corner of the Workgroup Manager window, be sure the lock icon is unlocked to indicate that you are authenticated. If not, click it and authenticate.
4.	Select the user(s), workgroup, or computer list to which you wish to apply the settings.
5.	Click the Preferences button at the top of the window.
6.	Click the Mobility icon (not shown).
7.	Click the Rules tab, and in the Rules pane, click Always.
8.	Next to the "Synchronize at login and logout" portion of the window, click the Add (+) button and add a tilde (~) in the new line.

9.	Leave all other defaults as they are for now.
10.	Click Apply Now.

When the user with the mobile account initially logs in to a computer bound to the directory server, a new home folder is created and a dialog appears, informing the user that the mobile account is being synchronized.

After the login, another icon appears in the menu bar, indicating that the user can immediately synchronize his home folder whenever he wishes and perhaps also control which folders are synchronized.

Managing Synchronized Folders

Another aspect to consider when setting up synchronized accounts is whether users should have their data synchronized in the background, and how often that synchronization should occur. Second, should users decide this or should administrators? If users decide, are they also permitted to decide which folders are synchronized?

The options related to overall synchronization are as follows:

Login, logout, and background syncing
Merging with user settings
Time interval for background synchronization

Regardless of whether the synchronization takes place at login and logout and whether background synchronization is involved, you have the option of merging new settings with the user settings. This permits preferences that the user has set, such as Dock preferences, to not be overwritten unless management is strictly enforced on those settings.

To enable merging with user settings, click either the Login and Logout Sync or Background Sync tab (depending on which you are doing), and check the box (if it's not already checked) at the bottom of the window.

Then click the Apple Now button. (It is checked by default when setting up new mobile accounts with synchronization.)

The login and logout synchronization is exactly what it sounds like. Synchronization takes place only when the user logs in or logs out. Choosing to always manage this setting does not permit the user to allow what is synced. If you choose to manage the item once as opposed to always, when the user logs in, she can manage which folders are synchronized by using her Accounts preferences pane (within System Preferences) and clicking the Configure button that opens the Synchronize dialog.

Users can control when they synchronize during their logged-in session and exactly which folders they want to synchronize.

Background syncing is simply the permitting of synchronization to take place at predefined intervals. Background syncing can be managed never, once, or always, and if it's managed only once, the user then has control over when the account is synchronized while he or she is working.

Also, as you learned earlier in this lesson, merging these settings with the user's settings will permit the user to keep the settings that were configured prior to the initial syncing.

Once background syncing is enabled, you must use the Options pane to decide how often to synchronize the information.

Optimizing Synchronized Content

Once you decide how synchronization takes place, you must decide what to synchronize. Earlier in this lesson, you synchronized the user's entire home folder, as represented by the tilde (~). However, you can specify with a high level of granularity exactly what is synchronized. For example, at login and logout you can choose to synchronize the user's entire home folder; however, you also can set background syncing to synchronize the user's Documents folder every hour. Both the Login & Logout Sync pane and the Background Sync pane have the same interface when dealing with exactly what to synchronize.

The Login & Logout Sync pane.

The Background Sync pane.

While it is readily apparent what is skipped during background syncing (which is the user's Library and Trash in the preceding example), the window showing items that are skipped with login and logout syncing does not scroll, so you see only a few skipped items.

Here is the list of Apple's default skipped items when doing login and logout syncing. The full paths of items are skipped.

~/Library/Logs
~/Library/Caches
~/Library/Printers
~/Library/Safari/Icons
~/Library/Preferences/ByHost
~/Library/Application Support/SyncServices
~/Library/Preferences/loginwindow.plist
~/Library/Preferences/com.apple.dock.plist
~/Library/Preferences/com.apple.iChatAgent.plist
~/Library/Preferences/com.apple.sidebarlists.plist
~/Library/Preferences/com.apple.systemuiserver.plist

Items starting with the following text are skipped:

IMAP-
Mac-

You can change exactly what is synchronized by adding to the synchronize list. Before you do, you should remove syncing of the entire home folder and then add back only the folders you want to sync. You do this by clicking the Add (+) button and manually adding a path, or by clicking the Browse (...) button and navigating to the location you want to synchronize.

Not only can you choose what to sync, but you can also choose what not to sync. As discussed earlier, there are a set number of items that are skipped by default when syncing.

The defaults are just suggestions and can be modified or deleted, depending on usage. You have available several methods of locating items that you want to skip:

By using qualifiers such as "Name contains" or "Ends with," you can skip items such as all files inside the home folder with names ending with the .mp3 or .m4a filename extension. You also could skip any item whose name contains movie. The level of detail is left up to you, but, using this method, you can skip large files and focus on syncing only those files germane to the organization.

Dealing with Synchronization Issues

What happens when users complain of slow login times, or your network administrator comes knocking on your door? Is the number of items being synchronized too high? What about items that appear synchronized but are not synchronized, or fail to synchronize at all? Examining some known issues and correcting for them will result in a richer user experience when using mobile accounts with synchronization.

Bandwidth Considerations

Depending on what is synchronized and the number of users doing synchronization, it is possible to saturate your network with all that synchronization traffic. Music, movie, and large image files that may take up several hundred megabytes will cause the user experience to appear sluggish, and they should be avoided unless the network can handle the bandwidth. One example of this is a Microsoft Entourage database that may be several hundred megabytes in size. Even if the user receives only one email during login, the entire database is synchronized. As you have seen, you can dictate with considerable precision the items that get synchronized. Testing, monitoring, and efficient management of items to be synchronized are the keys to keeping your network from being overwhelmed.

Synchronization Irregularities

It is possible for folders to get out of sync. An error message will appear stating that items cannot be synchronized. If the network home folder is not available, or if there has been an authentication issue, these errors will prevent synchronization from taking place. Attempting to log in via Connect to Server will test whether the home directory can be mounted with the proper authentication. Related to this type of error, disruption in the AFP service will also cause synchronization to fail.

One of the primary causes of conflicts is multiple logins of the same user account. For example, a user has several accounts on separate computers, and all those accounts are used at the same time. This can happen when a generic account is used for several users. To prevent this, in Workgroup Manager uncheck the box for "Allow simultaneous login on managed computers" in the Advanced pane of the generic user.

If a user logs in to her computer, and syncing occurs but the home folder on the server becomes unavailable during the session, she must log out and log back in when the server becomes available to synchronize her files on the server.

One way to prevent students from creating multiple mobile accounts (logging in to several different computers each day and having a mobile account on each computer) is to use computer lists and force a specific computer to a specific user. This prevents other users from logging in to any computer other than the one to which they were assigned. Should multiple accounts occur and the user's data is expendable, the user and his associated mobile home folder can be removed from all the computers. This can be done using the Accounts pane of System Preferences or by using NetInfo Manager. The shell script below can be sent out via Apple Remote Desktop to automatically remove mobile accounts, while keeping the local administrator account on each computer.

[View full width]
 #!/bin/sh #This script deletes mobile account user and their home directories PATH=/bin:/sbin:/usr/bin:/usr/sbin export PATH Users=$( nireport . /users name original_home | grep -v NoValue | sed -e's/[ ,].*$//' |  sed e'/^$/d') for users in $users; do echo Removing home folder of $user eval hd="~$user" if [[ "$hd" !="/"]]; then     rm r "$hd" fi echo Removing $user from NetInfo niutil destroy . /users/$user

Finally, if a serious error occurs and it appears that the mobile accounts home folder has been erased, look to the server hosting the network home folder, delete the local mobile account in NetInfo and the mobile account home folder, and allow the user to log in again and synchronize again from the beginning.