Centrify DirectControl on all versions of Mac OS XProblem:
With version-specific Mac Mobility settings, AD users can be converted to a Mobile Account with a profile from a "network home template" or a "local home template".
If the profile is created using "local home template", then the first time an AD user logs into their account - it will not sync with the network home, or do any Single-Sign-On.
If they logout and log back in again, the syncs work and SSO is also operational.Cause:
The local home template does not get created with the .k5login
After initially creating the user home profile, the system tries to use SSO to mount the network home to do the first Home Sync. However since SSO is not working during the very first login, the mount fails and so Home Sync cannot occur.
This problem does not exist when using "network home template" because .k5login
were already created from the network home folders.Workaround:
There are two available workarounds:
- After the initial login sync failure, logout and log back in again. The problem goes away after the first logout.
- Use the "Network home and default sync settings" template instead when configuring the Mobility Settings policies.
There is no current resolution as the home folder mounting mechanism (HomeDirMechanism
) in OS X is a module managed by Apple.