Allow network users to login at login window option missing

Similar Messages

• Login Options: Where is "Allow network users" stored?

  Hi all
  If I enable "Allow network users to login to this computer" in SystemPreferences / Accounts / Login Options - anyone knows where that gets stored?
  I searched in the /Local/Default/ directory and in /Library/Preferences, but couldn't find anything. I'd like to write a script to modify access for network users; no problems in adding and deleting users from the list, but I can't turn on and off general access...
  Thanks, Tina

  I have set up a Mac OS X Server for Open Directory but I do not seet the additional option to allow network users to log in on a Mac OS X 10.4 client.
  This may be one of the reasons I cannot login with networks accounts.
  Unfortunately, I also cannot login using network accounts to the server which does have the network users option checked.
  I have the Mac OS X Server set up to be a LAN DNS server, which worked fine before I connected the second ethernet interface to the Internet. Now changeip -checkhostname insists that the Web address of the server should be the address of the hostname when it MUST be the LAN IP address to work properly. I can find no one to login to either of these machines as a network users, even though I can find the users through the Address Book, indicating that the Open Directory connection is properly configured and even though I can ping by name through the LAN which indicated DNS is set up properly.

• Network users not appearing on login screen

  Hi all. I have just started setting up Lion Server for my household however have a slight issue with allowing network users to logon to devices. If I allow usernames and passwords to be typed in manually then network users can login, however if I want to have them show up as users on the login screen it doesn't work.
  Is there a way for network users to be visible on the login screen at all times please? There are only two network users in my house.
  Thanks,
  Jordan

  See my reply here https://discussions.apple.com/message/16280642 where I previously described how to do this.You will need Workgroup Manager installed for Lion if you have not already downloaded and installed this. You can get it here http://support.apple.com/kb/DL1419

• No network user log in at login window when over WiFi??

  I can only log in as a network user (home directory on server instead of local) from computers that are connected via wired Ethernet, but not on computers connected via WiFi. From any computer a local logged in user can access server resources -- they just can't from the login window. It is as though WiFi is only enabled once logged in (however it still doesn't work even if I use Fast User Switching to get a login window.)
  Anyone experiencing this problem and found a solution?
  As a secondary issue, I haven't been able to figure out how to automount shares via any technique nor have I found an explanation of how to do it in the manuals. Enable Automount in Server Admin doesn't seem to do it for "Shared Library Folder" however at least something appears in /Network/Servers for "User Home Folders and Group Folders, although it isn't mounted. I've also tried Workgroup Manager, Perferences, Login Items, adding shares there, also to no avail. All the shares will mount via client system command so the sharing does seem to be working.

  I don't have my wireless entwork set up yet (no one really needs it), so can't help with that issue. Although, I seem to recall Fast User Switching has issues with network accounts anyway, so that issue may be unrelated to your original WiFi issue.
  As for automounting, you should have it set up in Server Admin first (as you seem to already). Then you need to also set it up in WGM much like it seems you tried, but make sure you're doing it from a client machine and not from the server so it populates with the proper path info (or you could correct it in the Details section if you know what you need, but that's unnecessarily cumbersome). Also, make sure the "Authenticate selected share point with..." is checked for the share as well. Of course, if you're already doing this from the client, then I've no clue as it seems everything should be fine. That's how mine are set up with no issues, although I also have them set up on the dock, but that should be irrelevant just for mounting purposes.
  Message was edited by: Rikakiah

• How can I allow network users to use File Sharing on 10.8 Server?

  I am in the process of setting up a new OS X 10.8 Server. I have exported/imported the network users from my previous OS X 10.6.8 Server using Workspace Manager. I have re-entered the passwords of the users. I have existing clients running (stil logged in).
  I have set up the File Sharing service in Server.app. I have several mount points. I have made the Users mount point available for home directories over AFP.
  Now, the system administrator can connect to the server and get access to the file shares. So the basic file sharing system works.
  Also: the users on a client can get there password verified (e.g. when unlocking screen protection) by the server. It is just AFP they can't get access to, while the system administrator account (OD /Local on the server) can be used. So, the password in the server is OK too. It seems to be a matter of privileges.
  But no network user (OD user in directory /LDAPv3/127.0.0.1 on the server) can get access. Where can I give network users privileges for File Sharing on the server?
  I did try to add either the "Open Directory Users" group or a specific user that was imported into com.apple.access_afp. If I do that, there is partial success. I can connect to the server from the client with a user account other than system administrator from the server (but connecting is slow). But Mobile Home Sync does not work:
  1:: [13/04/05 16:11:10.379] Scheduling next sync of "HomeSync_Mirror" at 2013-04-05 14:11:20 +0000
  1:: [13/04/05 16:11:20.782] ==========================================================
  0:: [13/04/05 16:11:20.782] Starting automatic sync of "HomeSync_Mirror".
  1:: [13/04/05 16:11:20.786] Peer "network" reports changes since last sync.
  1:: [13/04/05 16:11:20.786] [0x7fd5a9224760/<SStore_FS:0x105db3420>] +[SStore_FS newStore_FSForPeer:alias:]: isRemote = NO
  1:: [13/04/05 16:11:20.786] [0x7fd5a9224760/<SStore_FS:0x105db3420>] +[SStore_FS newStore_FSForPeer:rootPath:rootAlias:rootRef:storePath:optionalStoreID:]: peer = <SPeer_FS:0x7fd5a5009520> = local, optionalStoreID = (null), peer.storeIDString = *
  1:: [13/04/05 16:11:20.786] [0x7fd5a9224760/<SStore_FS:0x105db3420>] +[SStore_FS newStore_FSForPeer:rootPath:rootAlias:rootRef:storePath:optionalStoreID:]: rootPath        = /Users/gerben
  1:: [13/04/05 16:11:20.786] [0x7fd5a9224760/<SStore_FS:0x105db3420>] +[SStore_FS newStore_FSForPeer:rootPath:rootAlias:rootRef:storePath:optionalStoreID:]: storePath       = /Users/gerben/.FileSync/store.filesyncstatetree
  1:: [13/04/05 16:11:20.787] [0x7fd5a9224760/<SStore_FS:0x105db3420>] +[SStore_FS newStore_FSForPeer:rootPath:rootAlias:rootRef:storePath:optionalStoreID:]: rootAlias       = {path='/Users/gerben', targetName='gerben', volumeName='Macintosh HD', type=DIR, volumeCreateDate=2010-08-10-12:58:16, targetCreateDate=2011-08-28-18:39:13, parentDirID=37638, nodeID=3003598, filesystemID=0000 ('0000'), signature=0x482b ('H+'), isBootVolume=YES, isAutomounted=NO, isEjectable=NO, hasPersistentFileIDs=YES, mounted=YES, url='file://localhost/'}
  0:: [13/04/05 16:11:20.789] -[SPeer_FS _mountServerCallbackShares:status:]: received error 64
  0:: [13/04/05 16:11:20.790] EXCEPTION: _mountServerCallbackShares:status: (Host is down) <-[SPeer_FS mountPeerVolumeWithURLString:] (Peer-FS.m:446): "'(-1)' error 64">
  0:: [13/04/05 16:11:20.790] USERINFO: {
  0:: [13/04/05 16:11:20.790]     NSLocalizedDescription = "Host is down";
  0:: [13/04/05 16:11:20.790] }
  0:: [13/04/05 16:11:20.790] BACKTRACE: {
  0:: [13/04/05 16:11:20.790] ? | 0x105cb79b7  
  0:: [13/04/05 16:11:20.790] ? | 0x105cbf0e5  
  0:: [13/04/05 16:11:20.790] ? | 0x105c2c866  
  0:: [13/04/05 16:11:20.790] ? | 0x105c2babd  
  0:: [13/04/05 16:11:20.790] ? | 0x105c2acb4  
  0:: [13/04/05 16:11:20.790] ? | 0x7fff858bb72a
  0:: [13/04/05 16:11:20.790] ? | 0x7fff858bb6a2
  0:: [13/04/05 16:11:20.790] ? | 0x7fff874cf8bf
  0:: [13/04/05 16:11:20.790] ? | 0x7fff874d2b75
  0:: [13/04/05 16:11:20.790] }
  1:: [13/04/05 16:11:20.790] Peer "network" is unable to sync. (-[SPeer_FS mountPeerVolumeWithURLString:] (Peer-FS.m:446): "'(-1)' error 64")
  0:: [13/04/05 16:11:20.790] Peer "network" is unable to sync. Not enough peers will be available to continue syncing.
  0:: [13/04/05 16:11:20.790] Aborting sync of "HomeSync_Mirror".
  1:: [13/04/05 16:11:20.790] -[SPeer abortSync] "local"
  1:: [13/04/05 16:11:20.797] -[SStore_FS setupWithAlias:andRef:] (Store-FS.m:447): unlink('/Users/gerben/.FileSync/.fstemp.QW1Gh-bhvgEhVwmG3.noindex')
  0:: [13/04/05 16:11:20.798] EXCEPTION: !IF <-[SPeer(protected) doPrepareForSyncWithResolvedConflicts:] (Peer.m:1149): "'(([self checkAbort]))'">
  0:: [13/04/05 16:11:20.798] BACKTRACE: {
  0:: [13/04/05 16:11:20.798] ? | 0x105c2bb66  
  0:: [13/04/05 16:11:20.798] ? | 0x105c2acb4  
  0:: [13/04/05 16:11:20.798] ? | 0x7fff858bb72a
  0:: [13/04/05 16:11:20.798] ? | 0x7fff858bb6a2
  0:: [13/04/05 16:11:20.798] ? | 0x7fff874cf8bf
  0:: [13/04/05 16:11:20.798] ? | 0x7fff874d2b75
  0:: [13/04/05 16:11:20.798] }
  1:: [13/04/05 16:11:20.798] -[SStore_FS deleteStateTreeTurdFile] (Store-FS.m:476): unlink('/Users/gerben/.FileSync/store.filesyncstatetree.statetree_dirty')
  1:: [13/04/05 16:11:20.798] Peer "local" is unable to sync. (-[SPeer(protected) doPrepareForSyncWithResolvedConflicts:] (Peer.m:1149): "'(([self checkAbort]))'")
  0:: [13/04/05 16:11:20.798] Peer "local" is unable to sync. Not enough peers will be available to continue syncing.
  1:: [13/04/05 16:11:20.798] EXCEPTION: SFAbortedException <-[SSyncEngine _waitForPeers:] (SyncEngine.m:1922): "'(_abort)'">
  1:: [13/04/05 16:11:20.798] -[SSyncEngine threadMain_SyncEngine_sync:]: sync failed with exception "-[SSyncEngine _waitForPeers:] (SyncEngine.m:1922): "'(_abort)'"".
  0:: [13/04/05 16:11:21.066] Sync of "HomeSync_Mirror" encountered errors. (_mountServerCallbackShares:status: (Host is down))
  0:: [13/04/05 16:11:21.067] Last successful sync completed at 2013-04-04 20:17:15 +0000.
  0:: [13/04/05 16:11:21.067] Finished sync of "HomeSync_Mirror".
  1:: [13/04/05 16:11:21.067] Scheduling next sync of "HomeSync_Mirror" at 2013-04-05 14:31:21 +0000
  1:: [13/04/05 16:11:21.284] 1-pass sync of "HomeSync_Mirror" took 0.02 seconds

  Hi Gerben,
  Try creating a brand new user, that's not imported and see if that works. Every user/group has a little gear in the Server.app/Users or Groups which allows specific access to specific services, perhaps filesharing is off in that section?
  Is your DNS setup properly? Can you verify that clients can see the FQDN of your server?
  After setting up the Users folder for mobilehomes, did you check whether the group and the separate users have access to filesharing? I am able to select the correct homefolder /Users and restrict the homefolder size.
  Goodluck!
  Jeffrey

• Allowing network users to sudo on workgroup clients

  I'm setting up a network of Minis, powered by a Snow Leopard Server Mini, to run a Java application we use. The Java app is deployed using a custom, Java-based, installer that requires root access for some parts of the install. At present, we just ask the user to type in their sudo password at the start of the install. Works great on conventional SL machines, Windows, and Linux.
  I want there to be a single user account for each machine (say, "A01"). When a user logs on to a machine as A01, they need to be able to install the software. However, when they put in their account password, the sudo request fails because their account isn't in /etc/sudoers. Using the admin account that I create when I uncrate the new machine works fine.
  How can I tell each local machine that I want these network-based accounts to have sudo access? It's OK if I have to manually edit /etc/sudoers on each machine, but it would be cleaner if I could set the setting centrally somehow.

  I've got the exact same problem, even after adding the users to sudoer.
  Blah.

• Network users not showing up at login screen

  Hello, I am new to Server and I have set up an Open Directory setup (using smb for home folders, I heard that it was faster or something somewhere) on my server iMac 27".  This iMac is running Mavericks 10.9.4 and the latest version of Server 3.  On my client iMac 24", I have bound the server to the iMac, as evidenced by the green dot next to the server IP in System Preferences Users and Groups.  The iMac is running Mavericks 10.9.4 as well.  For the network accounts, I have chosen to store the home folders on the server itself, so they are not mobile.  When I try to log in to the network accounts from the client iMac 24", the "Other..." selection does not appear so that I can input the username and password for the network user.  However, I am able to log in to the network accounts just fine from the server iMac 27", as well as another MacBook running Lion 10.7.5.  How can I get the "Other..." selection to show up on my login screen so that I am able to log in to the network accounts?
  And yes, "Allow network users to log in at the login window" is checked.

  Many Open Directory problems can be resolved by taking the following steps. Test after each one, and back up all data before making any changes.
  1. The OD master must have a static IP address on the local network, not a dynamic address.
  2. You must have a working DNS service, and the master's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. Change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.
  3. The primary DNS server used by the master must be 127.0.0.1 (that is, itself) unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.
  4. Follow these instructions to rebuild the Kerberos configuration on the master.
  5. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases.
  6. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.
  7. Reboot the master and the clients.
  8. Don't log in to the server with a network user's account.
  9. As a last resort, export all OD users. In the Open Directory pane of Server, delete the OD server. Then recreate it and import the users. Ensure that the UID's are in the 1001+ range.

• Mountain Lion Server: add network user to remote management

  Hi,
  So recently I have upgraded from Lion Server to ML Server. A little disappointing, but whatever, I've moved on and got everything almost back to where I had it with Lion.
  My last few issues I believe are related but can't quite figure it out. In Lion I have an admin profile and then a network user profile that I used on my MBP bound with AD. I'm at the stage where my nre network user can log in on the server machine but I can't log in as the network user via screen sharing. I can't add a network user to Remote Management, and with Remote Management enabled Screen Sharing is greyed out. I'd really like this to work.
  My second problem is that I can't bind my MBP to the server but even when bound the network user account can't log in.
  Any body have  any ideas?
  Thanks!

  I had this problem on a clean install.
  The solution was incredibly simple for me, but only  after I saw Ross.M's note about opening the Users & Groups settings panel (in the OS System Prefs, not in server) and rebinding to OD server under Login Options.
  That was not the solution for me, but under Login Options I discovered a previously unnoticed pref for "Allow network users to login at login window."  I had this option set (apparently by default) to "Only these network users:"  but with an empty list.  Adding my users to the list made it work perfectly.
  Talk about KISS

• OS X Server 3 new installation - network users can`t connect - what the h... am I doing wrong ?!?!

  Mac Server 3 drives me crazy ...
  I have a brand new MacMini here with Maverick on board, and two brandnew Macbook Air and 3 27"iMac that I want to set up as small office. The MacMini should act as Server (with two thunderbolt harddisks connected) for the rest. So far the theory, meanwhile I´m the reality of Server 3 ...
  Having years of experience with "normal network" solutions like filesharing etc. I had a look at Server 3 and thought it couldn`t be that complicated to set it up - but meanwhile I`m disillusioned.
  I`ve now completely reinstalled the MacMini and the Server the third time, connected directly to the Airport Extreme, started filesharing and started the Server app. afterwards. Then I just
  - opened the settings of the server, set up a local network (xxx.local)
  - activated push-notification and got a ceritficate
  - started the profile manager
  - started open directory
  - started started the DNS server
  - started file sharing (creating a new folder on the MacMini, offering user folders via SMB or AFP (tested both))
  - started the other services (calendar, contacts, etc.)
  - opened ports for the public services on the AirportExtreme
  - set up a testuser (network user), giving access to all services
  - gave the test user access to the network folder created
  On the Macbook Air i used for testing I registered the network account server (getting a green light afterwards), put the hook at "allow network users to sign on" (I even coot see the test users name there).
  But after switching to the login I only got normal users on the MacBook Air. Switching the "allow network users to sign on" sometimes resulted in a third user "other" where I could enter the Username and password - but : no result - just as explained several times in this thread ... :-( :-(
  The last three days I tried several setups, switch and renamed, issued certificates, tried out the profile manager and registered the MBA, set up the user folder via AFP and SMB, ...
  But : no access to the network user granted ...
  Just read the last lines of the Protokoll after my last attempts and could read "connection invalid" and "connection denied" several times in it ... does anyone have an idea what`s going wrong here ?!?!??!
  I really need to set up this server a.s.a. possible and am really frustrated about this really not Apple like behaviour of this software *eyesroll* ...
  Any help appreciated !

  Hi,
  sorry, but frustration continues ... here`s what I did :
  - complete did the forth reinstall of the MacMini, new Maverick, all updates. Then installed the server.app
  - delete all network connections except the Ethernet, gave it a static IP 10.0.1.201
  - started the server app, renamed the computername and the hostname
  Result :
  - This automatically started the DNS server - i just checked this and found a server.dizwo.private entry pointing at the 10.0.1.201. According to your proposal I entered a second entry with "dizwo.private" pointing at the same IP 10.0.1.201 (named "server") - as you didn´t respond to my request above the entries are only guesses
  - on the AirportExtreme I opened the ports for all necessary services
  - I created a public user folder with all necessary access types (using SMB for the user folder)
  - created network user pointing at this folder
  - checked whether it has access to all services (was already  preset) and gave him access read/write to the user folder
  - last but not least i started the OpenDirectory server showing availibility of the OD server at server.dizwo.private
  ... and then ?
  On the MacBook Air and on another iMac I first had a look whether I get access to the user folder on the server. I could see it in the finder windows and got access, okay - fine.
  Then I want to set up the OD server in the user settings on the clients - but in contrary to my earlier tries I didn`t got the OD server name, but simply a "server.local".
  Trying to enter the "server.dizwo.private" simply resulted in a "host not found" ??!?!
  You can imagine how frustrated I`m now about all this stuff - I`m Apple user since more than 20 years and haven`t seen such weird behaviour of an Apple software before - not user friendly in any matter ... .
  This server software is advertised and looking like to be an easy to use front end to create a server, even the "manuals" (not that I would tell them so ...) do so. But it looks like it`s really more a trial and error thing when you do the installation ...
  So : what I did I do wrong now ? Is there anything that I missed ? Is it a certificate thing (I didn`t set up a custom one but used the intermediate one preinstalled) ? Or another network issue ? The DNS server ? The OD server ? The naming of the server ?
  I really urgently need help - need to set up this server the next 2 weeks !!
  any help appreciated !!

• LDAP network users/automount points doesn't work after power failure

  Hi,
  I have a lab of about a dozen Mac Mini clients that boot to their own local HDs and pull their user accounts from a MacPro tower running Mac OS X Server 10.4.9.
  Last week there was a power outage. The power was restored a couple hours later, but the clients would not mount any of the automount points from the server and could not log into the network user accounts. The login window showed "No Network Accounts Available".
  I went into Directory Access on each client, turned off LDAP and the line item for the open directory server, restarted the clients, then turned the LDAP on and enabled the open directory listing inside Directory Access. As soon as I turned LDAP back on, the mount points showed up, I logged out of the local user account and was able to log into the network user accounts.
  It appeared to be fixed, but now the clients apparently lose their directory binding again after the client is restarted. I go back and toggle LDAP off, restart, toggle it back on and it all works again.
  Any ideas on how I can get the setting to "stick" again? And why would the power outage cause this across the board for all the clients? Seems strange to me...

  Hi David:
  On the clients log in as administrator, launch Net Info Manager, authenticate, select Config and delete the mcx_cache. Restart the client, remove the configuration in Directory Access again as well as the entires in the Authentication and Contacts field. Save the change, redo the configuration and try again. Was the Server also involved in the power outage?
  Hope this helps – Tony

• Network user can't see local home directory

  Hi there,
  I have a Mac Mini running Lion Server with Directory Services turned on. I've been using this to allow network users to log into Lion clients, as well as set up mobile accounts. This has been working fine.
  Now I've just created a new network user for use with a Mountain Lion client and have experienced some strangeness with this new user's home directory. The binding to the directory was fine, and the credentials for the network user were fine. However, when logged in, this new user has his home drive mapped to /Network/Servers/<servername>/Users/<username> rather than the expected /Users/<username>. This has bad side-effects. For instance, Chrome tries to save downloads to the server instead of locally.
  What I can't work out is why the home directory isn't pointing to a local location. The other users (on Lion) have the same home directories defined in their Open  Directory profiles. The only difference is the new user is on Mountain Lion, but I don't think this has any bearing to the problem.
  Can anyone offer some advice?
  Benjamin

  So I took my Mac Mini running OS X 10.8 Server, along with two client laptops: one exhibiting the problem I described, and the other where network logins and home directories worked as intended.
  Long story short, the guys at the Bar couldn't figure it out. The user definitions in Open Directory seemed ok, but they still couldn't work out why no local home directories were being created. Not sure if this helps, but in trouble-shooting, we also discovered that trying to login with a network user on the problematic laptop didn't work when the server wasn't on the network. It's as if the server is required to be present.
  Anyway, the case has been referred to the business team, which is supposed to have more expertise with OS X Server.

• Not able to log in as an AD Network User

  Hey guys,
  I am sure this has been beaten to death but I can't seem to be able to authenticate as an AD network user to my os x 10.5.7 system.
  I see that my domain controller is responding normally inside of the Directory Utility but when I try to log in as a network user, I get the login shake telling me that access is denied.
  Is there an additional step that I missed? Or something that the readings have not let on? Is there a specific way I need to specify that I am a network user when I try to login?
  Any help is greatly appreciated

  Hi,
  I am having the same problem
  Did you manage to solve the issue?
  TIA
  Giorgio

• Network users can not read Applications or Library

  Not sure exactly where to post this but I think the server section will have more expertise than the desktop section.
  We have 10.5.4 clients authenticating against a 10.4 Open Directory master. Prior to upgrading the clients to 10.5.5 everything was working fine. After upgrading the clients network users could no longer read the Applications or Library folders. When logging in all the icons in the dock would be replaced with the generic application icon and when trying to launch one the system reports the application could not be opened because it may be damaged or incomplete.
  Viewing the iMac hard drive in a Finder window the Applications and Library folders have the do not enter sign on them. Viewing Sharing & Permissions under the Get Info window as the local admin user shows Read & Write for system and admin and Read only for everyone. This looks correct.
  An `ls -l` on the root directory in Terminal as a network user reports that Applications and Library do not exist (no such file or directory). When running `ls -l` as the local admin the two folders appear and have a + sign after their permission strings which indicates extended security attributes (an ACL). I cannot find a command line tool to display or manipulate ACLs (such as getfacl and setfacl in Solaris) other than fsaclctl which enables and disables ACLs for an entire filesystem.
  I disabled ACLs for the root fileystem (sudo fsaclctl -p / -d) and then network users could read the Applications and Library folders without problem. So there must be something in the ACL for those two folders that is restricting network users.
  One other thing I noticed was that I tried to add a network user to Sharing & Permissions under the Get Info window, I could search for network users in the pop-up window but they would not get added to the list when I clicked select. So perhaps the problem is not with the ACL on Applications and Library but with 10.5.5 somehow not recognizing network users.
  Installing Security Update 2008-007 does not resolve the issue. In fact it re-eanbles ACLs and they have to be disabled again in order for network users to work properly.

  I eventually managed to fix it again - don't know exactly what broke it and what resulted in a fix.
  Check what groups your network users are in, in a terminal enter the command:
  groups <username>
  My machine was only reporting the primary group of the user - none of the secondary groups were listed. This machine has a Open Directory custom mapping to force local home folders (a special case, we generally use NFS homes), and when I removed and re-added this mapping (rebooting in between changes) the groups command began to work correctly again and access to these folders was restored.
  I was able to confirm that the ACL was the problem, removing it allowed the network users to gain access, restoring it broke it again.
  BTW, the error messages you got when you ran the ACL removal chmod command are nothing to worry about, these are just device special files (representing hardware devices in the filesystem), I doubt that ACLs can be setup for these.

• Can not make network user accounts

  After upgrading from 10.6.8 Server to 10.8 and installing server tools, I can not make network user accounts.  All of my old network user accounts migrated to the new OS and work properly, I just can not seem to make new accounts under 10.8.
  Under 10.6.8 I would log into Workgroup Manager as diradmin and I could pretty easily make new users.
  Under 10.8.2 I launch the server app and click on "users".  The addition (+) symbol in greed out for making new users.  I can make local users via System Preferences, but I can not see any way to change local users to network users via either System Preferences or the Server app.
  I have logged into the server app using a local administrator account, the diradmin account, and the root account.  None of the accounts allow access to create new network users (addition symbol is greed out).
  Is there a trick to making network users in 10.8 that I am missing?
  (as an aside, I have noticed I can log into Directory Utility as diradmin and can view the node with all my network accounts.  It seems like I might be able to manually create a user account this way, but I'm not quite sure how to make the user record)

  Open Directory service is started and functional for all the pre-existing network user accounts that were made under 10.6.8 and earlier.  I just can not seem to create new netowork user accounts.
  I followed the steps on this page and managed to make a user record that appeared as a network user in the Server app, but I still can not seem to log in under the user I made in this fashion (dscl command via terminal).
  http://www.deadmarshes.com/Blog/20111105010130.html

• How can I restrict Lion to only allow certain network users to login when bound to an Active Directory?

  Hi,
  I'm trying to find a way to configure which network users can login to a lab of iMacs running 10.7.4. They're being deployed using DeployStudio, and the Macs are bound to an MS Active Directory by a script that runs as part of the workflow. I'd like to have another script run after the AD binding to permit only users in certain AD groups to be able login to them.
  I'm halfway there, in that using dseditgroup I can easily add AD groups or individual users to the relevant group (deseditgroup -o edit -a <domain\\group name> -t group com.apple.loginwindow.netaccounts. After running this I can see the desired groups added to the list in Sys Prefs -> Users & Groups -> Login Options -> Options. However, membership of this group is deemed irrelevant by the fact the radio button above this list for 'Allow these users to log in at login window' is still set to 'All network users' and not 'Only these network users'.
  Does anyone know of a way to enable the 'Only these network users' option via the Terminal/a shell script?
  Thanks,
  Chris

  I tried that, thinking it was exactly what I wanted, but it still sends stuff as SMS (green bubble).