+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
Mac Thread, Using Profile Manager in Technical; I have set up a test mac network to role out Mavericks to our mac's eventually. We currently use Mountain ...
  1. #1

    Join Date
    May 2013
    Posts
    15
    Thank Post
    0
    Thanked 2 Times in 2 Posts
    Rep Power
    3

    Using Profile Manager

    I have set up a test mac network to role out Mavericks to our mac's eventually. We currently use Mountain Lion across school integrated with Active Directory to provide single sign on.

    Anyway I am setting up the test Mavericks server and client in the same way but instead of using Workgroup Manager as we have in the past, I thought I would look at using the Profile Manager instead. I have got my head around how it works I think and have enrolled the client mac and installed the trust certificate for the server. The part that I am struggling with at the moment is that I have configured settings for our students user group. When I log in as a student they don't get the settings. It looks like the profile isn't getting pushed and applied when the student logs on.

    Is there a guide somewhere or can anybody help me in the way they have Profile Manager set up or how to get a user groups profile to apply when they log on.

    Thanks

  2. #2

    Join Date
    Oct 2012
    Posts
    60
    Thank Post
    17
    Thanked 5 Times in 4 Posts
    Rep Power
    10
    Check both of the following:
    - Ports - The link here has all of the ports that need to be opened in your firewall for Profile Manager to work.
    - DNS - Common sense, but if this isn't right, you'll never have it right.
    Others?

  3. #3

    Join Date
    Dec 2009
    Posts
    605
    Thank Post
    8
    Thanked 36 Times in 34 Posts
    Rep Power
    17
    Did you manage to get this working ?

    All our machines will be binded to AD and OD

    My test mac can apply Policys to the computer , but any AD user or AD group and the policy doesnt even get sent from profile manager ?

    ports are all open on the server and on the client to negate any of these issues but it just wont even attempt to push to any AD user/Group even though i have enable it to do so ! .

  4. #4

    Join Date
    Oct 2012
    Posts
    60
    Thank Post
    17
    Thanked 5 Times in 4 Posts
    Rep Power
    10
    May be a stupid question, but are the students logging in as local users or are the computers bound to the OD?

  5. #5

    Join Date
    Dec 2009
    Posts
    605
    Thank Post
    8
    Thanked 36 Times in 34 Posts
    Rep Power
    17
    Quote Originally Posted by Jwzg View Post
    May be a stupid question, but are the students logging in as local users or are the computers bound to the OD?
    Is this in responce to my question ?

    The client machines are both bounded to AD and OD .

    The users login with AD usernames/passwords .. But no policy seems to get pushed to them ?

    Computers seem to work fine

  6. #6

    Join Date
    Oct 2012
    Posts
    60
    Thank Post
    17
    Thanked 5 Times in 4 Posts
    Rep Power
    10
    It was. I normally try to ask the obvious questions first, but sometimes, I get accused of being thick, LOL.

    Did you install the trust profile to the client devices (if you are not using a CA signed cert.) along with the enrollment and remote management profiles?

    If so, then I also assume that you went into the Profile Manager web page (servername.domain.suffix/profilemanager) and assigned your settings to the group there, right?

    Quote Originally Posted by 2097 View Post
    Is this in responce to my question ?

    The client machines are both bounded to AD and OD .

    The users login with AD usernames/passwords .. But no policy seems to get pushed to them ?

    Computers seem to work fine
    Last edited by Jwzg; 2nd January 2014 at 08:46 PM.

  7. #7

    Join Date
    Oct 2012
    Posts
    60
    Thank Post
    17
    Thanked 5 Times in 4 Posts
    Rep Power
    10
    Any luck?

  8. #8

    Join Date
    Dec 2009
    Posts
    605
    Thank Post
    8
    Thanked 36 Times in 34 Posts
    Rep Power
    17
    Thanks for getting back to me Jwzg

    Yes i did all the above , and everything works perfect with opendirectory accounts and applying policys to the PC .

    Just seems AD users it wont work on . I really dont understand the issue !

  9. #9
    marekbrad's Avatar
    Join Date
    May 2006
    Location
    Bradford
    Posts
    137
    Thank Post
    25
    Thanked 38 Times in 31 Posts
    Rep Power
    23
    sorry to have to tell matey .. but its a known issue with Mavericks .. loads of threads on apple support about it..

  10. #10
    stevehp's Avatar
    Join Date
    Jul 2008
    Location
    Ohio
    Posts
    102
    Thank Post
    13
    Thanked 19 Times in 16 Posts
    Rep Power
    16
    If you haven't already you need to create Open Directory groups in Profile Manager then nest Active Directory groups within that.

    Beware of Profile Manager though it's resource hungry and it does not scale well. Don't deploy more then 50-100 clients with or you'll be in my shoes with nearly 1700 macs and it takes ages to load or even push settings on a Mac Mini Server with 16gb of ram. You need something more robust like Puppet, Casper or plain old MCX if you want better scalability.

  11. #11

    Join Date
    Oct 2012
    Posts
    60
    Thank Post
    17
    Thanked 5 Times in 4 Posts
    Rep Power
    10
    Quote Originally Posted by stevehp View Post
    If you haven't already you need to create Open Directory groups in Profile Manager then nest Active Directory groups within that.

    Beware of Profile Manager though it's resource hungry and it does not scale well. Don't deploy more then 50-100 clients with or you'll be in my shoes with nearly 1700 macs and it takes ages to load or even push settings on a Mac Mini Server with 16gb of ram. You need something more robust like Puppet, Casper or plain old MCX if you want better scalability.
    Thanks for the tip, Steve.

    As for us, we have over 400 devices and users running off of our MacMini server with 16GB of RAM, and although it can be a little laggy, it's not that bad. We use it for Profile Manager, update caching and OD (no other file sharing though).

  12. #12

    Join Date
    Dec 2009
    Posts
    605
    Thank Post
    8
    Thanked 36 Times in 34 Posts
    Rep Power
    17
    Still having this problem with Profile manager

    I tried the above suggestion , created a OD user group and nested a AD user group inside . Profile manager doesnt even attempt to send to it

    That being said WGM , works fine when i put a AD user account in a OD group and i can control the dock etc with that ! ??

    Any more suggestions please

  13. #13
    MicrodigitUK's Avatar
    Join Date
    May 2007
    Location
    Wiltshire
    Posts
    332
    Thank Post
    37
    Thanked 54 Times in 50 Posts
    Rep Power
    24
    Profile Manager uses Apple push notifications ( like a iOS device) via apples servers the client to fetch new settings. You need some ports open to the OSX server to Apple's IP range and from the OSX client to apple's IP range.

    Also nested groups only works in 10.9.2 (I think) and server 3.1. So if using older version of 10.9 start by running all updates and installing latest version of server.

  14. #14
    stevehp's Avatar
    Join Date
    Jul 2008
    Location
    Ohio
    Posts
    102
    Thank Post
    13
    Thanked 19 Times in 16 Posts
    Rep Power
    16
    Quote Originally Posted by 2097 View Post
    Still having this problem with Profile manager

    I tried the above suggestion , created a OD user group and nested a AD user group inside . Profile manager doesnt even attempt to send to it

    That being said WGM , works fine when i put a AD user account in a OD group and i can control the dock etc with that ! ??

    Any more suggestions please
    I would suggest the same as MicrodigitUK and check that push notifications can be received in our environment. This link >> Push Diagnostics will help you easily confirm that. Hopefully it's available on the UK Mac App Store.

    I wish you luck Profile Manager for me is a bear to keep running smoothly. It's very cranky most days. The last several weeks we've been having internet issues and it's not been fun, active tasks that pile up into the thousands, no pushes and it takes several refreshes to actually load the administration portal. I'm dumping it for Puppet or localmcx or another MDM provider.

  15. #15

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 283 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175
    Quote Originally Posted by alexpuk2002 View Post

    Is there a guide somewhere or can anybody help me in the way they have Profile Manager set up or how to get a user groups profile to apply when they log on.

    Thanks
    There is a good guide for this on Krypted.com - Using Profile Manager 3 In Mavericks Server | Krypted

    - - - Updated - - -

    Quote Originally Posted by alexpuk2002 View Post

    Is there a guide somewhere or can anybody help me in the way they have Profile Manager set up or how to get a user groups profile to apply when they log on.

    Thanks
    There is a good guide for this on Krypted.com - http://krypted.com/mac-os-x/using-profile-manager-3-in-mavericks-server/

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 5
    Last Post: 27th September 2013, 03:09 PM
  2. Android: Profile Manager to launch app
    By SimpleSi in forum Netbooks, PDA and Phones
    Replies: 0
    Last Post: 2nd July 2010, 10:15 AM
  3. Move from Roaming profiles to less hungry profile management
    By ranj in forum Windows Server 2000/2003
    Replies: 12
    Last Post: 24th July 2009, 12:39 PM
  4. SIMS Profile Manager - Comments lose focus
    By Willott in forum MIS Systems
    Replies: 4
    Last Post: 6th July 2009, 09:52 AM
  5. How does your school use assessment manager?
    By thegrassisgreener in forum MIS Systems
    Replies: 9
    Last Post: 19th December 2007, 10:20 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •