Aaron Adams’s Blowhard Blog

I’m refreshing this story just a bit due to a very dumb error I made concerning setting up the user home folder. The previous instructions worked just fine for the purposes outlined in the article, but they’re not the right way to do it. Everything is all better now.

Originally published 1 June 2005.
One of Tiger’s new features is the ability to synchronize home folders between multiple Macs. This can be useful in any number of situations, and as an example to simplify the explanation of how to set up home folder synchronization and how it works, let’s create a hypothetical company with a hypothetical user, Roy, who has just been hired to do a job that involves some travel. Roy will be at his desk some part of the time and on the road for the remainder. On Roy’s desk is an iMac G5, and he’ll receive an iBook as his traveling companion. Roy has the need to synchronize the files and folders in his home folder between the iMac and the iBook. When Roy is on the road for a week or two, without access to the company LAN, and he makes changes to a bunch of files, those changes need to be reflected on his iMac when he returns. Conversely, when Roy is about to leave on a business trip, he needs to take with him the same files and folders on his iBook that are on his iMac.

The new home synchronization feature of Tiger and Tiger server makes this possible. In short, we can specify a set of preferences which create mobile accounts and set up synchronization details and force them onto Open Directory users’ machines. Space dedicated to Roy’s account on the server acts as intermediary storage for the actual process of synchronization.

The first step to making all of this work is creating an account for Roy in the directory with the proper home folder information. The correct share point URL, path, and local machine home have to be configured in Workgroup Manager.

• Start “Workgroup Manager” and connect to the directory where Roy’s account is to be created.
• Click the “Sharing” icon in the toolbar.
• Click the share that is intended to contain user home folders, “Users” is the share created by default.
• Click the “Network Mount” tab and then the lock icon to authenticate.
• Check the box next to “Enable network mounting of this share point”.
• Make sure “Where: LDAPv3/127.0.0.1″ is selected.
• Select “Protocol: AFP” from the drop-down.
• Select the radio button next to “User Home Directories”.
• “Save”.
• Click the “Accounts” icon in the toolbar.
• Click the “New User” button in the top toolbar.
• Fill in Roy’s “Basic” information.
• Change Roy’s “Advanced” properties as needed.
• Click the “Home” tab.
• Select the home afp://yourserver/Users.
• Click “OK”.
• Click the “Create Home Now” button and “Save”. This will create Roy’s new home folder on the server.

Now Roy’s account has a home that is shared from the server and a local location for the home on any machine he logs into. Next, we must use Workgroup Manager again to make Roy’s account mobile.
The purpose of a mobile account is to replicate the settings of an Open Directory user onto the local machine so that the user doesn’t have to be connected to the corporate LAN in order to authenticate and use his account as usual.

• Select Roy’s account listed on the left.
• Click “Preferences” in the top toolbar.
• Select the “Mobility” icon, bright orange, on the right.
  
• Check “Synchronize account for offline use”. This is the setting that creates the duplicate of Roy’s account properties on each machine he logs into.
• Optionally, check “Require confirmation before creating a mobile account”. If you want users to have the option whether or not to create an account, that’s all fine and dandy. In Roy’s case, this option will be left unchecked because Roy is non-technical and we frankly don’t trust him to choose the right option when the dialog appears.
• Next to “Manage”, on top, click the “Always” radio button. If the “Require confirmation…” button is checked, the dialog asking whether to create a mobile home folder will appear every time Roy authenticates to Open Directory on a given Mac until he says yes.
  

Roy’s mobile account has been created. When he logs into any Open Directory-connected Mac, a mobile account will be created for him on that machine. Now we need to use Workgroup Manager again to specify how home synchronization will behave.

• Still under “Mobility”, select the “Rules” tab.
• Since Roy is going to be out of town and off the network for a couple of weeks, we’re going to have his synchronization occur manually in the background. Click the “Background Sync” tab to set this up.
• Next to “Manage”, we’ve chosen the “Always” radio button. This means each time Roy authenticates to Open Directory, the background sync option will be reinforced.
• Under “Synchronize in the background”, we see a folder named ~ listed. That, of course, is shorthand for the home folder. We’re syncing Roy’s entire home folder because we assume that’s where he’ll save his work. If perchance there are other folders that need to be synchronized, the + button to the right will allow us to add them.
• Items can also be skipped. By default, the Library and .Trash folders won’t be synchronized.
• Finally, there is a checkbox at the bottom labeled “Merge with user’s settings”. If the Accounts system preference pane is enabled, Roy will be able to configure which folders in his home are synchronized and which are not. He may, for instance, disable synchronization of the Pictures folder. If that’s not a problem, this box can be left checked.
  
• Move on to the “Options” tab.
• Again, because we want this preference reinforced every time Roy authenticates against Open Directory, we select the “Always” radio button next to “Manage”.
• Under “Synchronize background folders”, we select the “Manually” radio button. We don’t want Roy’s sync on a timer because, again, there will be long stretches of time when he’s not connected to any network. “Manually” means Roy only synchronizes when he clicks the menu bar icon and explicitly invokes the sync.
  
• Click “Done”.

Roy is ready to go.

On his first day of work, Roy sits down at his desk and powers-up his iMac. He authenticates to Open Directory with the username and password given to him by the IT staff. A mobile account is automatically created on the iMac. For the first several weeks, Roy works at his desk while he learns his new job. When it’s time for Roy’s first trip, he clicks the Home Sync icon in the iMac’s menu bar. All of the files and folders in Roy’s home folder are synchronized to his home share on the server. Then, Roy powers-up his iBook and logs in with his Open Directory username and password, and a mobile account is automatically created there also. After logging in, Roy clicks the Home Sync icon in the menu bar of the iBook, and the files and folders residing on the server, sync’d moments before from Roy’s iMac, are copied to the iBook. Roy now has a copy of all his files and folders for traveling.

A week later, Roy returns from his trip and plugs his iBook into the company LAN. Again, he clicks the Home Sync icon in the iBook’s menu bar and all the files and folders that have changed in the last week are synchronized up to the server. Roy then shuts off his iBook, logs into the iMac on his desk, hits the Home Sync icon in the iMac’s menu bar, and the files and folders he sync’d from his iBook a moment ago are now available on his iMac.