Wednesday, March 13, 2013

Cached Credentials for a Mac using AD

When you have a laptop computer, you want to be able to use the same logon credentials when you are in the office as when you are on the road. With a Windows-based laptop, this is accomplished by cached credentials. The cached credentials on a Windows computer are automatically created the first time you log on. A network administrator can disable this, but it is enabled by default.

On a Mac that logs on using AD credentials, you can get similar functionality by enabling the option "Create mobile account at  login" in the Directory Utility that you use to configure AD connectivity for the MAC. When this option is enabled, the local mobile account is enable the first time the user logs on by using AD credentials.

Many times, no one thinks of this option until after the user has already logged on. In such a case, you need to log on as root and manually create the mobile account by using createmobileaccount. It is located in /System/Library/CoreServices/ManagedClient.app/Contents/Resources/.
createmobileaccount -n Bob -p Pa$$w0rd
A couple of links with additional info:

1 comment: