Adding network user as admin

Similar Messages

• How do I allow access to non admin network users to disk volume?

  I would like to allow access to a specific volume (disk) on one of our networked macs (Mac1) to all users. I've set user accounts on Mac 1 for all network users. These users are "regular" users, not admin. They can access this disk (and all others on Mac1) if I log in as Admin set Users to Admin. If I do this, then users have access to ALL data on all disks. If I do not, leaving them as "regular" users, when they log in they only see public folders. How can I allow access to the one disk volume without making network users admin? I tried changing various settings for the volume in Finder Info (everone else=read/write; ignore permissions) with no luck.
  Thanks
  iMac, ibooks, G5, Tibook   Mac OS X (10.4.4)  

  Your observations are correct - by default, an "admin" user connecting over AFP can choose from available "volumes" (default) or "shares", whereas a non-admin user can only mount "shares".
  By default, the only "shares" on an OS X client machine are the users' "Public" folders, and unlike pre-OS X Macs, it isn't easy to configure your own share points. Apple's official statement is that users wanting this functionality should buy OS X Server.
  However, it is possible to create an arbitrary share point using 3rd party software called "SharePoints" (donationware). I have never used it, but it seems to be well regarded. Alternatively, you can do it manually following the instructions in this hint & comments (especially apw8's):
  http://www.macosxhints.com/article.php?story=20011108161839416
  Once the external drive (or folder on the external drive) is configured as a share point, it should be possible for non-admin users to select and mount it once they connect over AFP.

• Giving an OD Network User/Group local admin rights.

  Is there a way to manage workstation admin rights from the server?
  I ran into a problem with Lightroom that requires admin privileges to change the program preferences. We have alot of graphic art students with roaming profiles, spread out across 5 labs, that need to make this change. I would like to be able to add a group or all network users to the local admin group, for a few days, so the students can make the changes.

  This works on 10.5, not sure about 10.6.
  As root on the client.
  Upgrading legacy group for local admin group - this is from 10.4 days, not sure if you still need to do it.
  dseditgroup -o edit -f n -t group -n /Local/Default admin
  Nest OD group in local admin group
  dseditgroup -o edit -a DirectoryAdminGroup -t group -n /Local/Default admin
  Gen

• How to change a network, managed user to admin user

  Im current in a admin, network, managed user of this machine... i will be working from home in a couple of days, i was thinking if im in a network managed account i will not able to log in to my mac. is there a way for me to change it from a network managed user account to a locally admin account?

  A network user is automatically converted to a mobile user on a portable Mac at the first login. On a desktop Mac, the conversion is optional. If the conversion is declined and the user opts not to be prompted again, the setting can be undone as follows:
  sudo defaults delete /Library/Preferences/com.apple.MCX MobileAccountNeverAsk-username
  (substituting the short user name for the string username.)
  Credit for this solution to "E.Uncle" on the Apple OS X Server mailing list.

• Network user as a admin

  how do I make a user on a network as an admin on a mac as opposed to a local account-my work has a new employee who has a G5 powermac and needs to be able to access all the company network files, drives and printers as well as his profile on the netwokr-the problem is that the network is windows based
  can someone tell me how to do this
  Dell   Windows XP Pro  

  you should read this
  it seems if you use os x server you can bind to AD.
  Don't know how many features you get though!
  try posing a message in the OS X server folder on
  this site.
  thanks but we are in a WINDOWS server enviorment-not a mac-though after reading the OS X and windows server section, it appears that Virtual PC might be needed-my question is can someone take essentaily move a file from Virtual PC to the local mac client- like copy a file from a sever being accessed via virtual PC and put it on the mac desktop?

• Mavericks - Make all new network users admin

  We have a small collection of Macs at the office and are struggling with how to make all new network accounts local administrator.
  What we have managed to do is make all new network users adminstrators, but only when they log on with network access to the Active Directory. In other words, network users are only administrators as long as the Mac is at the office. Once they take the Mac off the premises they are no longer local admin.
  Is there a simple way to make all accounts, even network accounts, local admin? Even when the company network is unavailable?
  Appreciate any help I can get!

  Hi Jack,
  Might try BatchMod, it's much better/easier than the Finder for recursive Permission changes, but careful, it's powerful...
  http://www.lagentesoft.com/batchmod/index.html
  Once launched try dropping said folder on it's Window & set as desired, check he Apply to enclosed items box too.

• Mountain Lion Server: add network user to remote management

  Hi,
  So recently I have upgraded from Lion Server to ML Server. A little disappointing, but whatever, I've moved on and got everything almost back to where I had it with Lion.
  My last few issues I believe are related but can't quite figure it out. In Lion I have an admin profile and then a network user profile that I used on my MBP bound with AD. I'm at the stage where my nre network user can log in on the server machine but I can't log in as the network user via screen sharing. I can't add a network user to Remote Management, and with Remote Management enabled Screen Sharing is greyed out. I'd really like this to work.
  My second problem is that I can't bind my MBP to the server but even when bound the network user account can't log in.
  Any body have  any ideas?
  Thanks!

  I had this problem on a clean install.
  The solution was incredibly simple for me, but only  after I saw Ross.M's note about opening the Users & Groups settings panel (in the OS System Prefs, not in server) and rebinding to OD server under Login Options.
  That was not the solution for me, but under Login Options I discovered a previously unnoticed pref for "Allow network users to login at login window."  I had this option set (apparently by default) to "Only these network users:"  but with an empty list.  Adding my users to the list made it work perfectly.
  Talk about KISS

• Can I put Network Users on a sparse bundle disk image?

  Hello! Can anyone out there help me figure out what seems to be a rather complicated feat?  I'm trying to get users to log in to client iMacs as if they were local accounts, but the user account information is stored on a sparse bundle disk image.
  Long story short, I've currently got OS X Server running network user accounts tied to Active Directory.  When the users log in, they have a sparse bundle disk image that automatically mounts on their desktop.  This has been an effective solution for some of our software that doesn't play well with Network storage, as the sparse bundle is treated like local storage by the Macs.
  However, what would be a much better solution for us is to actually have the whole user account stored on the disk image.  It's a little like the way FileVault 1 worked, except the disk image is actually stored on a network drive.  So far, as a proof-of-concept, I've been able to make this work manually: I've had to log in to a local admin user and then mount the user's sparse bundle with all their user folder contents contained within.  Then, once the user path is changed to point to the disk image, the user logs right in, everything works exactly as expected (once I got the permissions set correctly).  This method works exactly like a Network User account except that all the applications see it as local storage instead of network storage.
  The trick, though, is automating this process.  I want a user to sit down in front of any iMac, log in and go straight to their account.  It would be nice if OS X Server was able to accommodate this with a setting, but it doesn't.  So, my plan so far has been to create a generic local account with a script on the desktop that users can open to login in.  The script would then mount the network share, then mount the sparse bundle disk image, then log the user in to their "local" account on the iMac.  When they log out, there's a login hook that restarts the machine.
  So far, I'm stumbling over the fact that the sparse bundle unmount when logging out of the generic "login" account, preventing the user from logging in.  But if I leave the generic account logged in, then the loginhook to restart the computer doesn't work.
  Any feedback or suggestions would be greatly appreciated!

  IIRC, sparse images only grow as things are added, but do not shrink. Create a new one, mount the original, transfer your stuff from the original into the new one, and delete the original one.

• Allowing network users to sudo on workgroup clients

  I'm setting up a network of Minis, powered by a Snow Leopard Server Mini, to run a Java application we use. The Java app is deployed using a custom, Java-based, installer that requires root access for some parts of the install. At present, we just ask the user to type in their sudo password at the start of the install. Works great on conventional SL machines, Windows, and Linux.
  I want there to be a single user account for each machine (say, "A01"). When a user logs on to a machine as A01, they need to be able to install the software. However, when they put in their account password, the sudo request fails because their account isn't in /etc/sudoers. Using the admin account that I create when I uncrate the new machine works fine.
  How can I tell each local machine that I want these network-based accounts to have sudo access? It's OK if I have to manually edit /etc/sudoers on each machine, but it would be cleaner if I could set the setting centrally somehow.

  I've got the exact same problem, even after adding the users to sudoer.
  Blah.

• How to add user with admin priviledges to  multiple machines

  Hi all,
  I would like to be able to create a local ARD user on each machine on the network, with admin privileges on the machine. Is this possible?
  The custom client installer seems to only allow adding standard users. Is there away I can create a Unix command that I could send to each machine, to add an administrator user? Your advice would be greatly appreciated.

  Since machines ship with ARD 2 already installed, rather than go through the hassle of creating a Client package and having to edit that, you can simply run a shell script to take care of everything.
  We utilze a BASH script to create the ARD user, set the password of the user, hide it in the login window, add the user to the sudoers file (just to make sure the user can sudo), and add the path to kickstart to the PATH variable in the default .profile (/etc/profile) so that you can use kickstart without having to type the entire path.
  Script follows:
  #!/bin/bash
  # add kickstart to path
  echo "PATH="\"/bin:/sbin:/usr/bin:/usr/sbin:/System/Library/CoreServices/RemoteManag ement/ARDAgent.app/Contents/Resources:/Developer/Tools"\"" >> /etc/profile
  export path
  # add ARD user
  niutil -create . /users/arduser
  niutil -createprop . /users/arduser gid 499
  niutil -createprop . /users/arduser uid 499
  niutil -createprop . /users/arduser shell /bin/bash
  niutil -createprop . /users/arduser home /private/var
  niutil -createprop . /users/arduser realname ard
  niutil -createprop . /users/arduser shadowpasswd
  niutil -appendprop . /groups/admin users arduser
  # now set the passwd for the ard user
  dscl . -passwd /Users/arduser ardpass
  # now add to the sudoers file
  echo "arduser ALL=(ALL) ALL" >> /etc/sudoers
  # now hide the ARD user from the loginwindow process
  mkdir /var/temp/
  cp /Library/Preferences/com.apple.loginwindow.plist /var/temp/com.apple.loginwindow.bak
  defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array-add arduser
  /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/ki ckstart -configure -users arduser -access -on -privs -all
  exit 0
  Just copy that into a text file, chmod it to 755 and you can then run it on the machine. We will put it at the root of the hard drive, run it, and then remove it. If you want the script to delete itself, just put the following before "exit 0":
  rm $0
  That will delete the file.
  Hope that helps out.
  Steve
  XServe G5, XServe RAID (1TB), MacBook Pro Mac OS X (10.4.6)

• No network user log in at login window when over WiFi??

  I can only log in as a network user (home directory on server instead of local) from computers that are connected via wired Ethernet, but not on computers connected via WiFi. From any computer a local logged in user can access server resources -- they just can't from the login window. It is as though WiFi is only enabled once logged in (however it still doesn't work even if I use Fast User Switching to get a login window.)
  Anyone experiencing this problem and found a solution?
  As a secondary issue, I haven't been able to figure out how to automount shares via any technique nor have I found an explanation of how to do it in the manuals. Enable Automount in Server Admin doesn't seem to do it for "Shared Library Folder" however at least something appears in /Network/Servers for "User Home Folders and Group Folders, although it isn't mounted. I've also tried Workgroup Manager, Perferences, Login Items, adding shares there, also to no avail. All the shares will mount via client system command so the sharing does seem to be working.

  I don't have my wireless entwork set up yet (no one really needs it), so can't help with that issue. Although, I seem to recall Fast User Switching has issues with network accounts anyway, so that issue may be unrelated to your original WiFi issue.
  As for automounting, you should have it set up in Server Admin first (as you seem to already). Then you need to also set it up in WGM much like it seems you tried, but make sure you're doing it from a client machine and not from the server so it populates with the proper path info (or you could correct it in the Details section if you know what you need, but that's unnecessarily cumbersome). Also, make sure the "Authenticate selected share point with..." is checked for the share as well. Of course, if you're already doing this from the client, then I've no clue as it seems everything should be fine. That's how mine are set up with no issues, although I also have them set up on the dock, but that should be irrelevant just for mounting purposes.
  Message was edited by: Rikakiah

• Network users can not read Applications or Library

  Not sure exactly where to post this but I think the server section will have more expertise than the desktop section.
  We have 10.5.4 clients authenticating against a 10.4 Open Directory master. Prior to upgrading the clients to 10.5.5 everything was working fine. After upgrading the clients network users could no longer read the Applications or Library folders. When logging in all the icons in the dock would be replaced with the generic application icon and when trying to launch one the system reports the application could not be opened because it may be damaged or incomplete.
  Viewing the iMac hard drive in a Finder window the Applications and Library folders have the do not enter sign on them. Viewing Sharing & Permissions under the Get Info window as the local admin user shows Read & Write for system and admin and Read only for everyone. This looks correct.
  An `ls -l` on the root directory in Terminal as a network user reports that Applications and Library do not exist (no such file or directory). When running `ls -l` as the local admin the two folders appear and have a + sign after their permission strings which indicates extended security attributes (an ACL). I cannot find a command line tool to display or manipulate ACLs (such as getfacl and setfacl in Solaris) other than fsaclctl which enables and disables ACLs for an entire filesystem.
  I disabled ACLs for the root fileystem (sudo fsaclctl -p / -d) and then network users could read the Applications and Library folders without problem. So there must be something in the ACL for those two folders that is restricting network users.
  One other thing I noticed was that I tried to add a network user to Sharing & Permissions under the Get Info window, I could search for network users in the pop-up window but they would not get added to the list when I clicked select. So perhaps the problem is not with the ACL on Applications and Library but with 10.5.5 somehow not recognizing network users.
  Installing Security Update 2008-007 does not resolve the issue. In fact it re-eanbles ACLs and they have to be disabled again in order for network users to work properly.

  I eventually managed to fix it again - don't know exactly what broke it and what resulted in a fix.
  Check what groups your network users are in, in a terminal enter the command:
  groups <username>
  My machine was only reporting the primary group of the user - none of the secondary groups were listed. This machine has a Open Directory custom mapping to force local home folders (a special case, we generally use NFS homes), and when I removed and re-added this mapping (rebooting in between changes) the groups command began to work correctly again and access to these folders was restored.
  I was able to confirm that the ACL was the problem, removing it allowed the network users to gain access, restoring it broke it again.
  BTW, the error messages you got when you ran the ACL removal chmod command are nothing to worry about, these are just device special files (representing hardware devices in the filesystem), I doubt that ACLs can be setup for these.

• Migrating local user accounts/home directories to network user accounts

  Hi,
  I am planning on moving the user accounts from several Mac OS X client machines to a new Mac OS X Server machine (Quad core Xeon MacPro). I am very familiar with OS X client in a support environment, but do not have extensive experience with Server.
  I read over the instructions in this article
  http://docs.info.apple.com/article.html?path=ServerAdmin/10.4/en/c6um3.html
  and it appears to be fairly straight forward, although I do have some questions regarding the existing data (home folders) and how to set the clients to log in to the network account.
  Previously, in the event that I have needed to move a person's home directory to a new computer or recover from a corrupt OS (and Archive&install was not an option), in OS X client I would:
  1) Back up the home directory.
  2) Erase/reinstall OS X client.
  3) Log in as Root.
  4) Go into "Accounts" pref pane and create user with same short name as original/backed-up home directory.
  5) Replace the newly created home directory with the backed-up home directory.
  6) Go into Terminal and chown/chgrp the home directory to username/staff, respectively.
  This would result in a perfectly migrated user account. All settings and files working just as they did on the previous system/install of OS X.
  First Question: Could I employee a similar method to retain the content and settings from the local user accounts on the server as I migrate them to network users? Moving the user accounts to the server as described, then running terminal to set proper ownership...
  Second Question: What do I do on each client system to tell it to recognize the networked home directory for each user? Do I just change the user's home folder path in Netinfo Manager to the automount location?
  Thanks in advance for any help you can offer,
  -David
  MacPro 2.66 Quad Core (MA356LL/A)     Mac OS X Server 10.4.8

  A network account is really existing only on the server but if you use "portable homefolders" (Tiger client and server) you could "migrate" the local account to a "server" one by:
  Login locally as another user with administrative rights.
  Change the name of the old account folder in /Users.
  Remove the "old" account locally (woun't remove the "old" folder as you changed the name) only Netinfo data.
  Login using the serveraccount login/password thus creating a homefolder on the server.
  Logout and back in, enable portable homefolder.
  Logout and then in as a local admin and remove the new user folder.
  Change the name on the old userfolder to what the new one had.
  I'm not a 100% sure Netinfo has the server account UID now (added by logging in and creating the portable account?) but if it does:
  (http://forums.macosxhints.com/archive/index.php/t-12077.html)
  "Finding and changing UIDs across the filesystem is a one-liner command:
  sudo find / -user UID -exec chown userName {} \;
  (replace UID with the old UID number and userName with the new user name to associate file ownership.)"
  (A portable account must have got some "kind" of UID?)
  Let the machine "sync" with the server account.
  If you want an "on network only" account I don't know what you need to remove locally afterwards.
  HTH

• Customized User Profiles not loading for Network Users

  I manage Macs in public computer labs and classrooms at a university. My general set up is as follows:
  Clients are running 10.8.5, OD Masters are running 10.7.5. Open Directory Master to manage client preferences for Login window and screen saver. Clients bind to Active Directory for authentication purposes only. Networked users home directories are stored locally then deleted at log out. Using Deploy Studio to image and restore clients.
  My customized user profiles are stored in /User Templates/Non_Localized.lproj.(I also update English.lproj for any local users that may need to be created for various reasons).
  Recently I have come across a situation where, randomly, my customized user profile does not load at Login, and I am given the out-of-the-box default Apple profile. This is happening in 11 of my 14 labs. I have three labs that seem to not be affected by this.
  On some labs I manage the DHCP, some labs I do not, and rely on our Networking group to supply DHCP and DNS. Because of this setup I have six different DNS server that may be in the mix. Two are Unix boxes, the other four are the Active Directory Domain Control servers. I did create a spreadsheet of all the AD/OD settings for each lab to see if I could find some kind of pattern, but don't see a way to upload it.
  The one thing I do notice is that when I do a mass login using a shell script via Apple Remote Desktop, when the profile fails to build correctly, the user login is quick, much quicker than when the correct profile loads. Almost as if a packet is sent the the OD server, it's rejected, and bam, Apple's default profile loads.
  I have flushed the DNS cache of the local clients using killall --HUP mDNSResponder
  I've got one week to figure this out before classes start, so if you have a clue as to what's going on, I sure would be grateful.
  Here are logs from both the admin's account and the user's account when the default profile fails to build:
  ADMIN log:
  8/20/14 1:31:03.366 PM  CVMServer[109]  Check-in to the service com.apple.cvmsCompAgent_x86_64 failed. This is likely because you have either unloaded the job or the MachService has the ResetAtClose attribute specified in the launchd.plist. If present, this attribute should be removed.
  8/20/14 1:31:03.389 PM  loginwindow[44] Login Window - Returned from Security Agent
  8/20/14 1:31:03.491 PM  loginwindow[44] USER_PROCESS: 44 console
  8/20/14 1:31:04.084 PM  WindowServer[75]    **DMPROXY** (2) Found `/System/Library/CoreServices/DMProxy'.
  8/20/14 1:31:06.307 PM  locationd[563]  NOTICE,Location icon should now be in state 0
  8/20/14 1:31:06.478 PM  coreaudiod[560] Enabled automatic stack shots because audio IO is inactive
  8/20/14 1:31:06.621 PM  UserEventAgent[548] cannot find fw daemon port 1102
  8/20/14 1:31:08.530 PM  WindowServer[75]    Display 0x04280480: MappedDisplay Unit 0; ColorProfile { 2, "iMac"}; TransferFormula (1.000000, 1.000000, 1.000000)
  8/20/14 1:31:09.707 PM  NetworkBrowserAgent[591]    Starting NetworkBrowserAgent
  8/20/14 1:31:10.393 PM  apsd[593]   Certificate doesn't match host
  8/20/14 1:31:11.499 PM  com.apple.SecurityServer[15]    Session 100010 created
  8/20/14 1:31:13.561 PM  genatsdb[608]   ########## genatsdb Sandboxed. ##########
  8/20/14 1:31:13.562 PM  apsd[593]   Certificate doesn't match host
  8/20/14 1:31:13.740 PM  com.apple.time[548] Interval maximum value is 946100000 seconds (specified value: 9223372036854775807).
  8/20/14 1:31:14.555 PM  apsd[593]   Certificate doesn't match host
  8/20/14 1:31:45.040 PM  genatsdb[608]   *GENATSDB* FontObjects generated = 1113
  8/20/14 1:31:55.663 PM  com.apple.time[548] Interval maximum value is 946100000 seconds (specified value: 9223372036854775807).
  8/20/14 1:32:20.627 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
  8/20/14 1:32:20.627 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
  8/20/14 1:32:20.627 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
  8/20/14 1:32:20.627 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
  8/20/14 1:32:20.628 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
  8/20/14 1:32:20.628 PM  WindowServer[75]    dict count after removing entry for window 0x2a is 0
  8/20/14 1:32:20.641 PM  com.apple.launchd[1]    (com.apple.quicklook.satellite.4D0B4319-944D-49A6-A515-02F31AE3C235[628]) Could not terminate job: 3: No such process
  8/20/14 1:32:20.641 PM  com.apple.launchd[1]    (com.apple.quicklook.satellite.4D0B4319-944D-49A6-A515-02F31AE3C235[628]) Using fallback option to terminate job...
  8/20/14 1:32:20.645 PM  coreservicesd[65]   SendFlattenedData, got error #268435459 (ipc/send) invalid destination port from ::mach_msg(), sending notification kLSNotifyApplicationDeath to notificationID=188
  8/20/14 1:32:20.647 PM  coreservicesd[65]   SendFlattenedData, got error #268435460 (ipc/send) timed out from ::mach_msg(), sending notification kLSNotifyApplicationDeath to notificationID=147
  8/20/14 1:32:20.647 PM  coreservicesd[65]   SendFlattenedData, got error #268435460 (ipc/send) timed out from ::mach_msg(), sending notification kLSNotifyApplicationDeath to notificationID=194
  8/20/14 1:32:20.648 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
  8/20/14 1:32:20.648 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
  8/20/14 1:32:20.648 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
  8/20/14 1:32:20.648 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
  8/20/14 1:32:20.648 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
  8/20/14 1:32:20.716 PM  loginwindow[44] DEAD_PROCESS: 44 console
  8/20/14 1:32:20.891 PM  com.apple.time[548] Interval maximum value is 946100000 seconds (specified value: 9223372036854775807).
  8/20/14 1:32:20.929 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
  8/20/14 1:32:20.929 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
  8/20/14 1:32:20.929 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
  8/20/14 1:32:20.929 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
  8/20/14 1:32:20.929 PM  WindowServer[75]    CGXGetConnectionProperty: Invalid connection 32023
  8/20/14 1:32:20.930 PM  coreservicesd[65]   SendFlattenedData, got error #268435459 (ipc/send) invalid destination port from ::mach_msg(), sending notification kLSNotifyApplicationDeath to notificationID=158
  8/20/14 1:32:22.259 PM  WindowServer[75]    CGXRestartSessionWorkspace: session workspace exited for session 256 (on console)
  8/20/14 1:32:22.259 PM  WindowServer[75]    Session 256 released (1 references)
  8/20/14 1:32:22.259 PM  WindowServer[75]    Session 256 released (0 references)
  8/20/14 1:32:22.259 PM  WindowServer[75]    loginwindow connection closed; closing server.
  8/20/14 1:32:22.268 PM  apsd[593]   CGSLookupServerRootPort: Failed to look up the port for "com.apple.windowserver.active" (1102)
  8/20/14 1:32:22.285 PM  loginwindow[653]    Login Window Application Started
  8/20/14 1:32:22.299 PM  UserEventAgent[11]  Captive: [UserAgentDied:139] User Agent @port=45319 Died
  8/20/14 1:32:22.310 PM  ARDAgent[574]   CGSGetNextEventRecord (Inline) connection 0xb903, 16384 bytes
  8/20/14 1:32:22.310 PM  ARDAgent[574]   CGSShutdownServerConnections: Detaching application from window server
  8/20/14 1:32:22.310 PM  ARDAgent[574]   CGSDisplayServerShutdown: Detaching display subsystem from window server
  8/20/14 1:32:22.311 PM  blued[58]   -[CBManager init] init returning self:0x7ff6a3b04990
  8/20/14 1:32:22.329 PM  WindowServer[654]   Server is starting up
  8/20/14 1:32:22.330 PM  WindowServer[654]   Session 256 retained (2 references)
  8/20/14 1:32:22.330 PM  WindowServer[654]   Session 256 released (1 references)
  8/20/14 1:32:22.333 PM  WindowServer[654]   Session 256 retained (2 references)
  8/20/14 1:32:22.333 PM  WindowServer[654]   init_page_flip: page flip mode is on
  8/20/14 1:32:22.357 PM  WindowServer[654]   mux_initialize: Couldn't find any matches
  8/20/14 1:32:22.367 PM  WindowServer[654]   GLCompositor enabled for tile size [256 x 256]
  8/20/14 1:32:22.367 PM  WindowServer[654]   CGXGLInitMipMap: mip map mode is on
  8/20/14 1:32:22.424 PM  WindowServer[654]   WSMachineUsesNewStyleMirroring: true
  8/20/14 1:32:22.425 PM  WindowServer[654]   Display 0x04280480: GL mask 0x1; bounds (0, 0)[1920 x 1080], 30 modes available
  Main, Active, on-line, enabled, built-in, boot, Vendor 610, Model a012, S/N 0, Unit 0, Rotation 0
  UUID 0x000006100000a0120000000004280480
  8/20/14 1:32:22.425 PM  WindowServer[654]   Display 0x003f003e: GL mask 0x4; bounds (0, 0)[0 x 0], 1 modes available
  off-line, enabled, Vendor ffffffff, Model ffffffff, S/N ffffffff, Unit 2, Rotation 0
  UUID 0xffffffffffffffffffffffff003f003e
  8/20/14 1:32:22.425 PM  WindowServer[654]   Display 0x003f003d: GL mask 0x2; bounds (0, 0)[0 x 0], 1 modes available
  off-line, enabled, Vendor ffffffff, Model ffffffff, S/N ffffffff, Unit 1, Rotation 0
  UUID 0xffffffffffffffffffffffff003f003d
  8/20/14 1:32:22.429 PM  WindowServer[654]   Created shield window 0x4 for display 0x04280480
  8/20/14 1:32:22.429 PM  WindowServer[654]   Created shield window 0x5 for display 0x003f003e
  8/20/14 1:32:22.429 PM  WindowServer[654]   Created shield window 0x6 for display 0x003f003d
  8/20/14 1:32:22.431 PM  WindowServer[654]   Display 0x04280480: GL mask 0x1; bounds (0, 0)[1920 x 1080], 30 modes available
  Main, Active, on-line, enabled, built-in, boot, Vendor 610, Model a012, S/N 0, Unit 0, Rotation 0
  UUID 0x000006100000a0120000000004280480
  8/20/14 1:32:22.431 PM  WindowServer[654]   Display 0x003f003e: GL mask 0x4; bounds (2944, 0)[1 x 1], 1 modes available
  off-line, enabled, Vendor ffffffff, Model ffffffff, S/N ffffffff, Unit 2, Rotation 0
  UUID 0xffffffffffffffffffffffff003f003e
  8/20/14 1:32:22.431 PM  WindowServer[654]   Display 0x003f003d: GL mask 0x2; bounds (2945, 0)[1 x 1], 1 modes available
  off-line, enabled, Vendor ffffffff, Model ffffffff, S/N ffffffff, Unit 1, Rotation 0
  UUID 0xffffffffffffffffffffffff003f003d
  8/20/14 1:32:22.431 PM  WindowServer[654]   CGXPerformInitialDisplayConfiguration
  8/20/14 1:32:22.431 PM  WindowServer[654]     Display 0x04280480: MappedDisplay Unit 0; Vendor 0x610 Model 0xa012 S/N 0 Dimensions 18.70 x 10.51; online enabled built-in, Bounds (0,0)[1920 x 1080], Rotation 0, Resolution 1
  8/20/14 1:32:22.431 PM  WindowServer[654]     Display 0x003f003e: MappedDisplay Unit 2; Vendor 0xffffffff Model 0xffffffff S/N -1 Dimensions 0.00 x 0.00; offline enabled, Bounds (2944,0)[1 x 1], Rotation 0, Resolution 1
  8/20/14 1:32:22.431 PM  WindowServer[654]     Display 0x003f003d: MappedDisplay Unit 1; Vendor 0xffffffff Model 0xffffffff S/N -1 Dimensions 0.00 x 0.00; offline enabled, Bounds (2945,0)[1 x 1], Rotation 0, Resolution 1
  8/20/14 1:32:22.522 PM  WindowServer[654]   GLCompositor: GL renderer id 0x01022647, GL mask 0x00000007, accelerator 0x00003fab, unit 0, caps QEX|QGL|MIPMAP, vram 512 MB
  8/20/14 1:32:22.527 PM  WindowServer[654]   GLCompositor: GL renderer id 0x01022647, GL mask 0x00000007, texture units 8, texture max 16384, viewport max {16384, 16384}, extensions FPRG|NPOT|GLSL|FLOAT
  8/20/14 1:32:22.530 PM  loginwindow[653]    **DMPROXY** Found `/System/Library/CoreServices/DMProxy'.
  8/20/14 1:32:22.557 PM  WindowServer[654]   Created shield window 0x7 for display 0x04280480
  8/20/14 1:32:22.557 PM  WindowServer[654]   Display 0x04280480: MappedDisplay Unit 0; ColorProfile { 2, "iMac"}; TransferFormula (1.000000, 1.000000, 1.000000)
  8/20/14 1:32:22.609 PM  launchctl[657]  com.apple.findmymacmessenger: Already loaded
  8/20/14 1:32:22.613 PM  hidd[49]    CGSShutdownServerConnections: Detaching application from window server
  8/20/14 1:32:22.613 PM  hidd[49]    CGSDisplayServerShutdown: Detaching display subsystem from window server
  8/20/14 1:32:22.621 PM  com.apple.SecurityServer[15]    Session 100012 created
  8/20/14 1:32:22.622 PM  loginwindow[653]    Login Window Started Security Agent
  8/20/14 1:32:22.666 PM  com.apple.dock.extra[644]   Our bootstrap port disappeared out from under us: 0x1507 { urefs = 32774, rights = 0x1507: dead name }
  8/20/14 1:32:22.667 PM  com.apple.dock.extra[644]   Bug: 12F45: libxpc.dylib + 36100 [70BC645B-6952-3264-930C-C835010CCEF9]: 0x10000003
  8/20/14 1:32:22.681 PM  UserEventAgent[659] cannot find useragent 1102
  8/20/14 1:32:22.686 PM  com.apple.dock.extra[644]   Check-in to the service com.apple.imagent.desktop.auth failed. This is likely because you have either unloaded the job or the MachService has the ResetAtClose attribute specified in the launchd.plist. If present, this attribute should be removed.
  8/20/14 1:32:22.693 PM  SecurityAgent[665]  MacBuddy was run = 0
  8/20/14 1:32:22.695 PM  com.apple.dock.extra[644]   CGSGetNextEventRecord (Inline) connection 0xc917, 16384 bytes
  8/20/14 1:32:22.695 PM  com.apple.dock.extra[644]   CGSShutdownServerConnections: Detaching application from window server
  8/20/14 1:32:22.695 PM  com.apple.dock.extra[644]   CGSReleaseShmem : Cannot release shared memory
  8/20/14 1:32:22.695 PM  com.apple.dock.extra[644]   CGSDisplayServerShutdown: Detaching display subsystem from window server
  8/20/14 1:32:22.696 PM  com.apple.dock.extra[644]   Our bootstrap port disappeared out from under us: 0x1507 { urefs = 32774, rights = 0x1507: dead name }
  8/20/14 1:32:22.696 PM  com.apple.dock.extra[644]   Bug: 12F45: libxpc.dylib + 36100 [70BC645B-6952-3264-930C-C835010CCEF9]: 0x10000003
  8/20/14 1:32:22.696 PM  com.apple.dock.extra[644]   [Warning] Bad response from daemon for setup info
  8/20/14 1:32:22.704 PM  WindowServer[654]   MPAccessSurfaceForDisplayDevice: Set up page flip mode on display 0x04280480 device: 0x106d8d110  isBackBuffered: 1 numComp: 3 numDisp: 3
  8/20/14 1:32:24.429 PM  WindowServer[654]   **DMPROXY** (2) Found /System/Library/CoreServices/DMProxy'.
  8/20/14 1:32:24.459 PM  WindowServer[654]   Display 0x04280480: MappedDisplay Unit 0; ColorProfile { 2, "iMac"}; TransferFormula (1.000000, 1.000000, 1.000000)
  8/20/14 1:32:24.500 PM  WindowServer[654]   Display 0x04280480: MappedDisplay Unit 0; ColorProfile { 2, "iMac"}; TransferFormula (1.000000, 1.000000, 1.000000)
  8/20/14 1:32:24.695 PM  com.apple.dock.extra[644]   Our bootstrap port disappeared out from under us: 0x1507 { urefs = 32774, rights = 0x1507: dead name }
  8/20/14 1:32:24.696 PM  com.apple.dock.extra[644]   Bug: 12F45: libxpc.dylib + 36100 [70BC645B-6952-3264-930C-C835010CCEF9]: 0x10000003
  8/20/14 1:32:24.696 PM  com.apple.dock.extra[644]   [Warning] Bad response from daemon for setup info
  8/20/14 1:32:40.928 PM  com.apple.launchd[1]    (com.apple.dock.extra[644]) Exit timeout elapsed (20 seconds). Killing
  8/20/14 1:32:40.928 PM  coreservicesd[65]   SendFlattenedData, got error #268435459 (ipc/send) invalid destination port from ::mach_msg(), sending notification kLSNotifyApplicationDeath to notificationID=202
  8/20/14 1:33:35.215 PM  SecurityAgent[665]  User info context values set for jsuny
  8/20/14 1:33:35.297 PM  SecurityAgent[665]  Login Window login proceeding
  8/20/14 1:33:36.387 PM  loginwindow[653]    Login Window - Returned from Security Agent
  8/20/14 1:33:36.000 PM  kernel[0]   Sandbox: kcm(695) deny mach-lookup com.apple.networkd
  8/20/14 1:33:36.453 PM  loginwindow[653]    USER_PROCESS: 653 console
  8/20/14 1:33:37.052 PM  locationd[708]  NOTICE,Location icon should now be in state 0
  8/20/14 1:33:37.107 PM  UserEventAgent[700] cannot find fw daemon port 1102
  8/20/14 1:33:37.683 PM  xpcd[611]   MiniLauncher[711]: registration request failed: (0x12, 0xd) process failed sandbox check
  8/20/14 1:33:37.907 PM  WindowServer[654]   **DMPROXY** (2) Found `/System/Library/CoreServices/DMProxy'.
  8/20/14 1:33:38.011 PM  coreservicesd[65]   SendFlattenedData, got error #268435460 (ipc/send) timed out from ::mach_msg(), sending notification kLSNotifyApplicationReady to notificationID=237
  8/20/14 1:33:38.114 PM  WindowServer[654]   Display 0x04280480: MappedDisplay Unit 0; ColorProfile { 2, "iMac"}; TransferFormula (1.000000, 1.000000, 1.000000)
  8/20/14 1:33:38.395 PM  imagent[737]    [Warning] Setting up a new messages database.
  8/20/14 1:33:38.428 PM  NetworkBrowserAgent[747]    Starting NetworkBrowserAgent
  8/20/14 1:33:40.068 PM  com.apple.time[700] Interval maximum value is 946100000 seconds (specified value: 9223372036854775807).
  8/20/14 1:33:40.069 PM  com.apple.time[700] Interval maximum value is 946100000 seconds (specified value: 9223372036854775807).
  8/20/14 1:33:43.910 PM  netbiosd[89]    name servers down?
  8/20/14 1:33:56.635 PM  netbiosd[89]    notify name "self.mdns.disconnection" has been registered 20 times - this may be a leak
  8/20/14 1:33:56.639 PM  netbiosd[89]    notify name "self.mdns.disconnection" has been registered 40 times - this may be a leak
  8/20/14 1:34:49.927 PM  netbiosd[89]    name servers down?
  8/20/14 1:35:54.977 PM  netbiosd[89]    name servers down?
  USER LOG:
  8/20/14 1:31:03.956 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.gamed) Ignored this key: UserName
  8/20/14 1:31:03.956 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.gamed) Ignored this key: GroupName
  8/20/14 1:31:03.957 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.ReportCrash) Falling back to default Mach exception handler. Could not find: com.apple.ReportCrash.Self
  8/20/14 1:31:03.961 PM  loginwindow[44] Connection with distnoted server was invalidated
  8/20/14 1:31:04.013 PM  distnoted[549]  # distnote server agent  absolute time: 799.097924175   civil time: Wed Aug 20 13:31:04 2014   pid: 549 uid: 1467285364  root: no
  8/20/14 1:31:08.954 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.afpstat-qfa[588]) Job failed to exec(3). Setting up event to tell us when to try again: 2: No such file or directory
  8/20/14 1:31:08.955 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.afpstat-qfa[588]) Job failed to exec(3) for weird reason: 2
  8/20/14 1:31:08.958 PM  com.apple.launchd.peruser.1467285364[536]   (com.google.keystone.user.agent[590]) Job failed to exec(3). Setting up event to tell us when to try again: 2: No such file or directory
  8/20/14 1:31:08.958 PM  com.apple.launchd.peruser.1467285364[536]   (com.google.keystone.user.agent[590]) Job failed to exec(3) for weird reason: 2
  8/20/14 1:31:12.394 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.mrt.uiagent[578]) Exited with code: 255
  8/20/14 1:31:15.132 PM  SystemUIServer[557] Could not load menu extra NSBundle </System/Library/CoreServices/Menu Extras/User.menu> (loaded) for Class AppleUser
  8/20/14 1:32:20.642 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.quicklook[626]) Exited: Killed: 9
  8/20/14 1:32:20.647 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.mdworker.single.08000000-0000-0000-0000-000000000000[641]) Exited: Killed: 9
  8/20/14 1:32:20.647 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.mdworker.shared.04000000-0000-0000-0000-000000000000[635]) Exited: Killed: 9
  8/20/14 1:32:20.783 PM  Dock[556]   could not open iterator, -43, for directory <ECDirectory: 0x7fd8ac846970> {path=/Users/jsuny/Documents/} (directory changed)
  8/20/14 1:32:20.783 PM  Dock[556]   problem iterating directory, -43, for directory <ECDirectory: 0x7fd8ac846970> {path=/Users/jsuny/Documents/} (directory changed)
  8/20/14 1:32:22.310 PM  ARDAgent[574]   HIToolbox: received notification of WindowServer event port death.
  8/20/14 1:32:22.311 PM  ARDAgent[574]   port matched the WindowServer port created in BindCGSToRunLoop
  8/20/14 1:32:22.694 PM  com.apple.dock.extra[644]   HIToolbox: received notification of WindowServer event port death.
  8/20/14 1:32:22.694 PM  com.apple.dock.extra[644]   port matched the WindowServer port created in BindCGSToRunLoop
  8/20/14 1:33:36.504 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.gamed) Ignored this key: UserName
  8/20/14 1:33:36.504 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.gamed) Ignored this key: GroupName
  8/20/14 1:33:36.505 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.ReportCrash) Falling back to default Mach exception handler. Could not find: com.apple.ReportCrash.Self
  8/20/14 1:33:36.517 PM  loginwindow[653]    Connection with distnoted server was invalidated
  8/20/14 1:33:37.429 PM  MiniLauncher[711]   Skipping Setup Assistant for user 1467285364
  8/20/14 1:33:37.464 PM  transition[714] INFO: Not signed into MobileMe, nothing to do. Reason: 3
  8/20/14 1:33:37.506 PM  MiniLauncher[711]   INFO: MMAccountMgr_Private: finishedSetup called.
  8/20/14 1:33:38.180 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.afpstat-qfa[744]) Job failed to exec(3). Setting up event to tell us when to try again: 2: No such file or directory
  8/20/14 1:33:38.180 PM  com.apple.launchd.peruser.1467285364[536]   (com.apple.afpstat-qfa[744]) Job failed to exec(3) for weird reason: 2
  8/20/14 1:33:38.489 PM  CalendarAgent[741]  Could not find Meta Data for persistent Store
  8/20/14 1:33:38.877 PM  fontd[716]  FontWorker failed to return directory info (IPC failure?) for file://localhost/Users/jsuny/Library/Fonts/
  8/20/14 1:34:48.723 PM  migCacheCleanup[719]    Cache cleanup: cleanup for user 1467285364 took 0.43 seconds
  8/20/14 1:37:15.114 PM  Dock[723]   no information back from LS about running process

  Check these out:
  http://images.apple.com/server/macosx/docs/UserManagementv10.5.mnl.pdf
  http://clc.its.psu.edu/Labs/Mac/Resources/blastimageconfig/
  
http://blog.macadmincorner.com/

• Can I have a network user with the same name as a local user?!

  I have just set up Mac OS X 10.8 SErver with Open Directory.  I have about 20 machines that I will be setting up, some which have mainly been used localy and just used to tap into Shared Files, [historically], but am wanting to use network users for better backup and support.
  However some of the legacy accounts were not used on off the server...  What I have is the following :-
  a)    [Person A]  - They are a network user with Password [Password A]
  b)    The computer is [Person A], they have a Password [Password Old] (so it is different)
  I have Network Account Users turned on, with a green dot! (have domain all set up)
  However How do I connect using either a or b.  depending on what i feel like that day!
  ? Help any ideas.
  Ultimately I will have set up all my client machines with a client admin user and standard password... but I am not there yet!

  Moving from local (legacy) users to network users takes a one-time hassle of moving the contents of their local home folder contents up to the server. Using a finder copy never worked for me. What I finally found worked reliably was using rsync to copy the entire users local folder up to the server. Once on the server, move the files into place (if you didn't rsync them there directly. Finally, Chown all the files (on the server) to associate them with the correct userID on the server. If everything looks right on the server, you can test by trying to login as this user from another local Mac (but now as a network account), and hopefully their home folder looks like they expected.
  Note you will need admin access in the local machine and the server to rsync their home folder. You don't want to be logged into their account while trying to copy their files up to the server.
  If rsync is not your bag, a portable hard disk and/or disk image of their home folder is another way to move their stuff.
  Once you've verified that their network account got to the server ok, then REMOVE the local account.