Mac OS X Server 4.0: User & Group Accounts

Similar Messages

• How to divide Mac OS X Server for two users?

  How can I make Mac OS X (Tiger) server to serve two separate users separately. What I mean is that server should have separate places for testing various stuff on it and room for presentations and such stuff. They should be separately so I wouldn't mess up something with presentation part. Should I create virtual disk or make some kind of dual boot for it and how should I do it. I hope the text is understandable.

  It's not clear at all what you are trying to do.
  Mac OS X Server is not designed to be used with
  multiple logins at the computer itself, unlike OS X
  "client" (the standard, non-server Mac OS X).
  Why are you running OS X Server, it sounds like what
  you want is regular Mac OS X (client, not server) and
  multiple local user accounts.
  If you want the features that Mac OS X server
  offers (file services with users & groups and
  granular permissions (via ACLs), centralized
  authentication, NetBoot, etc. , then perhaps start by
  reading the documentation:
  http://www.apple.com/server/documentation/
  I want to set up Debian Linux on My Mac OS X Server and make it into dual boot machine is it possible at all???I have made separate partitions for Mac OS X and Linux on the server.

• Will deleting user & group accounts make server inoperable or damaged? See ScreenShots

  Should I delete the unknow users and groups below?  I have no idea what there purpose or intent is.

  Those entries are related to various operations operations of your system and your server.  If you scroll down through that user list, you'll find the web server user; the environment that runs the Apache web server, for instance.
  Bad Things will happen if you start deleting those users and those groups.  OS X intentionally hides a number of users (technically those with user IDs below 500) just because folks were modifying or deleting them and getting into trouble.  Some deletions might not be noticed, or might not be a problem until you need the associated component, and deleting certain other users could cause immediate problems.
  If you wish to learn more about the Unix underpinnings of OS X (and OS X Server) and about the environment that these users operate in, then that will probably best be via the command line and Terminal.app and more direct exploration of the Unix command line and operating system. 
  Otherwise, you will probably want to disable viewing the system accounts, and leave those existing entries unmodified. 
  In general, I'd avoid deleting and modifying bits, at least to start with.  If (when?) you do decide to start making to hidden users and Unix-layer settings, either use a test system, or have a backup should the modifications not work out, or both.  Have a path to recover your data.

• Reinstalling lion server but keeping users/groups including their home folder, mail, etc

  I need to reinstall my lion server due to some changes in the DNS. I have a time machine backup of the server.
  Is there an easy way to transfer/migrate only user data (home folder, mail, calendar, address book).. I do not need to recover the whole server as some services need to be reconfigured.
  Can I use the installtion program as there is an option to migrate from other serves? If so, can I select what to migrate?
  Thanks

  Migration can be handled by the installer or run post-installation by launching /Applications/Utilities/Migration Assistant.app. You'll get three checkboxes: User accounts, applications and "other data." You can exclude certain users from migration, but you can't otherwise alter the list of files brought in from your backup.
  You might choose to migrate users and applications, then, post-install, mount your Time Machine backup as a volume and copy over whatever arbitrary data you want to recover. Don't forget to turn Time Machine off so you don't risk clobbering your backed-up data.
  Best of luck.

• SYSTEM PREFERENCES MBP 2008 15" MAC OS X 10.8.2 USERS & GROUPS PREFS CRASH BUG. HELP NEEDED

  For some reason System Preferences "Unexpectedly Quits" every time I try to go to the users preferences.
  Here is a link to a video to it: http://youtu.be/bw2erpe0B8s
  Also here is a link to the debug info: http://www.mediafire.com/view/?peju2065ktrphqn
  THANKS!

  For some reason System Preferences "Unexpectedly Quits" every time I try to go to the users preferences.
  Here is a link to a video to it: http://youtu.be/bw2erpe0B8s
  Also here is a link to the debug info: http://www.mediafire.com/view/?peju2065ktrphqn
  THANKS!

• TMG2010 - Exhcange 2010 - Restrict User Groups

  Hey Guys, 
  We have TMG2010 currently reverse publishing OWA however no Pre-Auth is being used, the Exchange 2010 Auth Form is being used. 
  The TMG box is not Domain Joined, however if we joined it to the domain would we be able to use AD Security Groups to restrict access to certain services such as OWA?  Without enabling the "Pre-Auth" Functions of TMG? 
  Thanks, 
  Robert 
  Robert

  Hi,
  yes it is possible to restrict access to specific services like OWA/EAS/OA on the TMG Server for specific user/groups if the TMG Server is a member of the domain. You can also use pre-auth if the TMG Server is a member of a workgroup if you use LDAP
  on the TMG Server:
  TMG publishing:
  http://www.microsoft.com/en-us/download/details.aspx?id=8946
  TMG and LDAP:
  http://www.isaserver.org/articles-tutorials/configuration-general/Microsoft-Forefront-TMG-Using-LDAP-RADIUS-Authentication.html
  regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.galileocomputing.de/3570

• User group policy turns "display last user" to "ON"

  Hello to all,
  I distribute a simple local user group policy to turn off the "Action Center" at the System tray.
  Every time I do this, the "last...

  Search policy includes groups.
  User is only in one group.
  Still the same problem.
  The tree is very simple, one O and one OU. All policies and users are in
  the OU.
  Ian
  "Ian Russell" <[email protected]> wrote in message
  news:hn_Tc.3065$[email protected]..
  > Hi Craig,
  >
  > I will check that out. It may be the multiple group membership that is
  > causing the problem....
  >
  > "Craig Wilson" <[email protected]> wrote in message
  > news:[email protected]..
  > > 1) Check to make sure you have a search policy defined and that search
  > policy
  > > includes groups.
  > >
  > > 2) Make sure that ONE and only ONE group a user is assigned to has a
  > policy
  > > assigned. Multiple Group Memberships that contain policies will result
  in
  > > seemingly random results. Due to the complex nature of events when
  users
  > belong
  > > to multiple groups that contain policies, Novell actually recommends
  > against the
  > > use of policies for groups. It can be done, but just be sure the limit
  is
  > > maintained.
  > >
  > > Ian Russell wrote:
  > >
  > > > Hi,
  > > > I have ZfD3.2 (SP3) on a NW 6.0 (SP5) server. The user group policy
  does
  > not
  > > > get applied to members of a NetWare group. If I apply it to a user
  > object it
  > > > works.
  > > > Any ideas?
  > > > Ian
  > >
  > > --
  > > Craig Wilson
  > > CNE3, 4, 5 - MCSE - CCNA
  > > NSC Sysop (http://support.novell.com/forums/)
  > >
  > > Tech Writer - http://www.ithowto.com
  > > (I Peter 4:10)
  > >
  > >
  >
  >

• Mac OSX Lion Server Network User Login Issue

  We have in the office a server running Mac OSX Lion, and several network users who've all been running happily for quite a will.
  About a month ago I was added to the system, and initially we had a few issues relating to the home directory, but we changed 'something' and it all worked.
  Fast forward to now, and we've added a new user - Hannah - to our system.
  I've added her in the Workgroup Manager, and set her up everywhere I can find on the server. Her home directory creates on the server fine.
  She appears in the Logon list on the client machines, and here's where the trouble starts...
  Every time she tries to log on, it fails. The logon box just bounces or wobbles as though the password is incorrect. We've tried changing the password, to no avail. We've tried adding new test users - same problem.
  We've tried sudo kinet on the Terminal as a local user, with variable results.
  I'm at my wits end, and really hoping someone here can help offer some suggestions or advice we can work through to get to the bottom of this.
  Thanks in advance!

  Your problems are likely occurring because you added her to the directory with Workgroup Manager.
  You should really start avoiding WGM when at all possible as Apple is clearly moving away from it. Because of this, things don't always work as expected when using 'legacy' tools like WGM.
  My guess as to what your problem is: When you create a new user in Server.app, two things happen for you automatically that WILL NOT HAPPEN if done from WGM.
  First the user is added to the default "Workgroup" group.
  More importantly (and the source of much confusion), the user is automatically added to SACLs.
  Check the SACL for the user in Server.app, I bet you'll notice that they aren't a member of the File Sharing group like they should be. To solve this problem, you can either delete the user and recreate them in Server.app, or manually add them to the appropriate SACL.
  I would opt for recreating them in Server.app if I were you, as I don't trust user accounts that originate in WGM on Lion Server.

• Mac OS X Server File Shares and Active Directory Users

  About ready to pull my hair out on this one...
  We have a department that only uses Macs. At the moment, it's a hodgepodge of different setups. We were able to convince the department to standardize, and purchase a Mac Mini Server. To keep things a bit simpler, we are setting up their department shares on the server as well.
  To make my life simpler (or so I thought...) I decided to bind the OS X Server to our AD, and use the AD users/groups to allow access to the shares. The OS X Server app lists all of our AD user and groups, and I can apply them to the shares, however, when we try to access the share, it fails.
  I don't think the server is talking to our AD correctly.
  I can login to the Mac Server with my network account, my network account works for accessing Server.app, but nothing I've tried will allow our Mac or Windows clients to access the shares with the AD credentials. The log file comes up with:
  mccsrvrmac.mcc.local smbd[441]: check_account - [7]: [permission denied] pam_acct_mgmt
  Also seeing this:
  mccsrvrmac.mcc.local kdc[57]: Asked for LKDC, but there is none
  A bit of background: We added this Mac to the domain once before, realized that the HDDs weren't setup in a RAID config, so wiped it and reinstalled. I did remove the computer account before rebinding.
  Any help is appreciated!

  I figured this out. In Mountain Lion Server, it doesn't matter if you give the user rights to a shared file or folder, if the user doesn't have access the File Sharing service, they can't get it. I had to find the specific users in the Server app under the AD in the Users tab, and give them rights to the File Sharing service. I think you can do this for a whole AD group as well, but I haven't tried.

• Mac Server 10.6 Wiki groups cross page reference

  I have two user groups on Mac server, lets say group A and group B.  Is it possible to allow group B to only see certain pages from group A's wiki?

  Thanks for the advice. You've pretty much reinforced what I felt was the best option from the research I've done.
  As for expansion/future, we're a new IT support company, focussing on being able to support both Microsoft and Apple platforms. My personal goal is to get to ACSA level, which would include the Open Directory exam which I feel would help with what I am trying to achieve now. Our expansion in terms of the number of clients would almost certainly be using Mac clients and would be a maximum of 2 apprentices and 2 more engineers starting from 6 months time and spread over a 12 to 18 month period. I would imagine that by the time it would be beneficial to have the two domains fully integrated both myself and the Microsoft engineer should be at a level to make it work ourselves. For now I think that setting the two servers up and duplicating the users is the best option, and enables us both to continue training ourselves and supporting the business in the meantime.
  Thanks again and the Mac Enterprise Mailing list looks really useful.

• Mavericks Server – Populate OD with AD Users & Groups?

  Setting up 'Golden Triangle' (or trying to). Mac server and clients bound to both AD and the Mac server, and we've managed to set up some device profiles which have been successfully pushed to the clients.  We can see the AD Users & Groups in the main Mavericks Server window, but have no real clue how to populate OD with them. At the moment Profile Manager by default can only see existing AD Policy groupings, rather than the actual AD Group structure. With well over a thousand AD users, do we have to add them all ONE AT A TIME to become bona fide OD users and groups?

  After re-registring the device, deleting adding user againt from/to group com.apple.access_devicemanagement did the job. No error any more.

• I have a Mac Pro using Lion, with a SSD for system.  Restored drive from backup.  Now logon password doesn't work.  Account password still works.  Changing password in user group preferences no longer works to change logon password.

  I have a Mac Pro using Lion, with SSD for system drive.  Drive stopped booting, but otherwise appeared healthy.  Restored from system backup.  Now drive seems to work properly, BUT my logon password no longer works.  Password OK for account; can access system preferences, and change user password there BUT logon still refuses to accept password.  No luck changing password for that account after adding new administrator account and logging on from that account.  Suggestions?  Thanks.

  If you redirect Accounts to another location (not on the Boot Drive) you need to direct them back there again after a restore.
  SystemPreferences > Accounts/User&Groups > ...
  ... Unlock the lock, then hold down Control as you click on an Account to get access to the Advanced Options pane.

• Integration - Windows Server 2003/2008R2: Creating a login script that attaches programs to a certain user group. Upgrading to Windows 7/8

  We are currently running a windows server 2003 environment with a 2003 server being the DC. We have a couple of 2008 r2 servers that are member servers.
  OK...
  Our users are primarily operating off of windows xp clients/workstations in which they use RDP to connect to the newer member servers that are windows 2008. With their base profile in xp I am using roaming profiles via server 2003. I am looking to begin
  upgrading all of the workstations to all-in-one windows7/8 boxes partially because of cosmetic reasons(#weird) and partially because we will eventually begin using the camera options that are in the all-in-one's.
  Also..I must do this one at a time as we don't have the money to do a complete overhaul of all client workstations..If that was the case, I could just redo the network and make those members servers the DC and backup DC as well as add a virtual server
  in which everyone can access those legacy programs that are still needed...
  As you guys know windows 7/8 boxes will not work with server 2003 and roaming profiles. The reason we don't completely upgrade to 2008 r2 environment is because we are still holding on to a legacy program that requires server 2003 and these programs are
  vital to our operation.
  So..broken down even further...
  A: User is part of a 'LocalAdmins' group that makes them automatically a local admin upon any system within our domain.
  B: User  logs in to windows xp with credentials in which a tailored made per user roaming profile comes up from server 2003
  C: User then logs into one of the two terminal servers via RDP with same credentials and accesses new primary application. To access the legacy applications, they merely minimize their RDP session to get back to the windows xp session.
  Ultimately..
  1. I'd like to begin replacing option B: with windows 7/8 all-in-ones and and have the RDP saved sessions,that talk to the 2008 member servers, as well as, a few vital ie shortcuts automatically come to all users that are apart of that "LocalAdmins
  group period.
  2. Setup 1 server 2003 box that runs that legacy program and allow everyone access via a Virtual Environment..
  3. If they log into a windows xp box, or a windows 7/8 box, I want them to have access to the same icons.
  I guess this is a lot to digest, but my question is, what script could I make that would essentially allow uniformity for both my xp workstations and newly added windows 7/8 boxes? What script could I create that would,I guess reside on server 2003, that
  brings all the neccessary icons to the users that are apart of that "LocalAdmins" group despite having a windows xp, 7, or 8 workstation?

  " I don't see what the issue is because a logon script will still be managed by Group Policy and will have to be applied using GP rules.  In the end you still have to write the script."
  You basically contradicted the smug part of your rant and multiple answers with this statement!!! You just recognized that some sort of script would be necessary if I chose to use it via group policy. 
  But according to you..
  "It is not and has never been done via a script."
  Clearly it has a section per user for a "profile path" and a "logon SCRIPT". Which warrants my creation of this post since I have currentely implemented
  roaming profiles. That is how I am manipulating what users can have on their desktop because of course, we have different users that have different needs. But out of all the users, there are programs that need to be laced and seen upon immediate login.I
  will consult other people as this is only preliminary planning but about half of your statements are completely unwarranted and UNNECESSARY!
  This statement also proves your additional inaccuracies...
  "All of the profile things are handled by Windows and have nothing to do with scripts.  You define all of that in Group Policy."
  That's just silly talk. I told you in my initial break down of my scenario in an entirety that I am using "tailored made per user roaming profiles" to control desktop environments not group policies in this case. But you just made an absolute statement in
  saying "You define all of that in Group policy" which is completely wrong...
  Do me a favor, please don't respond to this post anymore. I'd love to see if any other partner, staff or whatever mind responding. Thank you for your help anyway. I will use what is useful in your post and discard the rest.
  Thanks

• Server App not seeing external LDAP users & groups

  I have a clean 10.8.2 + Server install set up with our standard external LDAP directory (Novell's eDirectory in our case) configuration that is known to support Lion & Mountain Lion client LDAP authentication. With this same configuration on OS X 10.8.2 Server both Directory Utility and WGM can see all the LDAP users and groups as expected.
  When I look for the external users & groups in the LDAP domain under the Server App "Accounts" heading I cannot see any entries in either users or groups lists. Should I be able to or is this a Server App quirk?
  I can add individual LDAP users to a local group and enable access to individual services. How can I give access to services to all LDAP users without having to build & maintain a massive "All LDAP Users" local group?
  Is there a published list of required LDAP attributes for users & groups for Mountain Lion Server? I suspect there are new requirements over and above those for 10.6 server but I have failed to find a good reference. I've noticed I get different behaviours for LDAP templates that includes a mapping for GeneratedUID to one which does not for example.
  This is all so much more opaque than our superbly reliable Snow Leopard servers!
  TIA

  Ok, and again:
  You want to see Users and Groups , which are stored in an third Party directory service like OpenLDAP, in your Server.app? This is what you have to do:
  Connect the third party ldap to your server
  Have all your external LDAP entries made so you can see them in the Workgroup Manager and are able to Login with them
  When you see your LDAP-entry in the Directory Manager, change it from "From Server" to "RFC2307"
  Edit the entry, add the following mapping to it:GeneratedUUID maps to apple-generateduuid
  To your group and user entries in the external LDAP add the follwing attribute:apple-generateduuid gets the value taken from the output of "uuidgen"
  Feel lucky
  And there ist ist; now you are able to use The accounts taken from an external LDAP.

• If I install the Mail server on a Mac Mini as a server, can my users utilize Outlook as their mail client and how will it be different for them?

  If I install the Mail server on a Mac Mini as a server, can my users utilize Outlook as their mail client and how will it be different for them?

  Your users can utilize Outlook no matter where your email is hosted at.
  how will it be different for them
  different from what?