Upgrade Local User to Network User for PHD

Similar Messages

• How to use different (not local) user for NTLM auth in Authenticator?

  Hi All,
  I use custom authenticator to provide user / passwords to connect to .NET Web Services. I overloaded function getPasswordAuthentication() that returns right user / password combination for the requested URL. It all works perfectly for many kinds of HTTP connections: basic, ntlm, ntlm-v2, through proxy, ssl, etc.
  My problem is that during NTLM authentication from Windows computers JVM uses credentials of the currently logged in domain user instead of calling Authenticator to get other user / password provided by the user. In case when local user credentials fail to authenticate, JVM calls my Authenticator but in case authentication is successful it does uses local domain user and never calls my Authenticator. The issue is when this local domain user does not have enough permissions but authenticated correctly there is no way to supply JVM with another user to begin with.
  What can I do to force JVM to ignore local domain user and to use Authenticator to collect credentials during NTLM authentication requested by the server in case the software runs on a Windows box with currently logged in domain user?
  I am looking for the answer for a long time already but found only questions and suggestions to switch server from NTLM authentication which is not an option for me. From the developer's view it has to be pretty simple change for Sun to do in Java networking API. Is there any way to escalate it to Sun support? Maybe there is some property in some JRE patch level that allows to do this?
  Thank you very much!
  Mark

  Thank you for the reply. I have kind of an opposite problem. I can perfectly connect from Linux computers to Microsoft IIS servers using NTLM or even NTLMv2 authentication. My problem is connecting from Windows client computer joined to the same domain as IIS server with the domain user logged in to this computer. In this case this user account will be used in any HTTP connections I initiate to this IIS server instead of the one that I want to supply in my custom Authenticator.
  I have graphical interactive application that connects to IIS Server. When user runs it and connects to IIS server I want to prompt for the user/password regardless whether JRE may correctly authenticate using current user account credentials. The current user may not have enough permissions in IIS application so I want to use different user to login to IIS application.
  Thank you anyway,
  Mark

• Vsftpd: How to mix virtual and local users for pam?

  Hello,
  I've been stumped on this for many days, hope someone could shed some light for me.
  vsftpd.conf
  pam_service_name=ftp
  local_enable=YES
  chroot_local_user=YES
  guest_enable=YES
  guest_username=virtual
  virtual_use_local_privs=YES
  /etc/pam.d/ftp
  auth sufficient pam_userdb.so db=/etc/vsftpd_login crypt=hash
  account sufficient pam_userdb.so db=/etc/vsftpd_login crypt=hash
  auth required pam_unix.so
  account required pam_unix.so
  since /etc/pam.d/vsftpd is missing, I've grabbed some from /etc/pam.d/login
  The thing is that, when I login with local user, I got chrooted to virtual home instead. If anyone can give me some advice, that would be great, thanks.

  *bump*
  cookies for anyone who can answer

• Standardise Local User Set

  Hi all,
  We're looking at moving over into an ADOD environment having previously only had local users on each machine. We have about 100 or so Macs all with various different local users on them (some with admin access and some without).
  We'd like to standardise the local users to just two for each machine (each with a standard password) one 'Local User' for them to use if the network is down, and one 'Administrator' with local admin access.
  We'd prefer to do it over Apple Remote Desktop if possible?
  Cheers

  I can tell you right now this will be a nightmare to setup, but it can be done if you're careful and take the time.
  The issue is one of user IDs - even tough you see yourself as a username, everything on the inside uses an associated user ID to keep track of permissions - every file is 'owned' by a specific user ID (not a user name). When you create local accounts on a machine, the OS always starts at the same User ID number.
  This means that on one machine, user Joe may have UID 501.
  On another machine user Jane may also have UID 501.
  That's OK as long as the machines are separate, but if you try to unify them there's no way the OS can tell who should own the file - as far as the OS is concerned the file is owned by user ID 501, and you can't have both Joe and Jane using the same ID.
  So what you're going to have to do is create all the users in the main directory and note the user ID that's assigned (or assign a specific one for each user if you prefer).
  Then when you bind the client system to the directory server you need to do several things.
  First you need to change the ownership of all the files in the user's home directory to their new UID. For example, if user 'joe' on the machine has a new central account with UID 12345 then you could:
  sudo find /Users -user joe -exec chown 12345 {} \;
  The above command will find all files in /Users that are owned by 'joe' and change them to be owned by user 12345
  Then remove the existing user account from the local directory (via System Preferences -> Accounts)
  Then bind the client system to the directory server using /Applications/Utilities/Directory Utility
  Now users should be able to log on using the central account.
  Note, though, that this doesn't deal with using network home directories. In this scenario Jane won't be able to log onto the machine previously used by Joe and see her files because they'll be stored on some other machine.
  If you're planning on implementing network home directories then there's an additional step of moving each user's data to the corresponding directory on the network file server that's storing home directories.

• Script to Temporary Elevate the admin rights to local user

  Hi Friends
  i believe this topic was already discussed , however i could not find a solution ..  please help
  i need a script ( vb/power shell/bat ) etc which will run on local user with admin privilege ( will package and make it available in application store / software center ( sccm 2012 ) , it will run with admin rights on local computer ) and grant admin privilege
  to the local user for 24 hours
  My previous org had same, however the source is a .exe file, so not very sure if they have converted script to exe for privacy
  Thank you
  Tanoj
  OSLM ENGINEER - SCCM 2007 & 2012

  Hi,
  Adds/Delets a global group name or user name to a local group.
  net localgroup [GroupName name [ ...] {/add |
  /delete} [/domain]]
  Reference:
  Net localgroup
  http://technet.microsoft.com/en-us/library/bb490706.aspx
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• How to Move Local Users to Network Domain Users

  Before you follow these instructions...... I'm a rank amateur so I'd check to see if the smart kids have corrected my errors or improved on the method in the replies below
  The reason for the post is I have good and established local user accounts on all the computers and moving them to domain controlled accounts is the one topic I could not find a script to follow that worked for my low level of knowledge of OS X.
  Let me first explain my setup and needs. I'm replacing a Windows Home Server (WHS) with the Mac Mini Server. My goal was to have the Mac Mini as the server holding all our photos, data, etc. and running a user account to run the family iTunes account to feed the Apple TV and be the backup / sync point for a family sized set of iPod Touches, iPads and iPhones. I want to be able to log into each mac and have the same information setting, links, etc........ basically walk around the house, find any mac shaped device not used by someone else, log in and carry on where I was before -  with the MacBook Air having a portable account so it can come travelling with us.
  The key hardware is...
  Mac Mini Server running Snow Leopard 10.6.8
  Apple TV
  2 x iMac Running Lion 10.7.1 [upgraded from 10.6.8]
  MacBook Air running Lion 10.7.1 [upgraded from 10.6.8]
  Normal stuff like wifi, hubs and a router doing the DHCP (and for me reserving IP addresses based on the 'MAC Address' to save me having to manually configure all the IP addresses)
  Key Resources I used as I learnt how to do this; to level set you all, I'm a relative newcomer to OS X having had a Windows life with Linux for fun, so i'm not a mac or IT specialist but like to play around.
  Apple's podcast series 'Apple Quick Tour of Leopard Server'  - this is great, it informed me and kept me motivated through all the bah moments, all 33 episodes and it's in the iTunes store as a podcast.
  The book 'Mac OS X Snow Leopard Server For Dummies' - I bought this about half way through the whole process and wish i'd bought it earlier, my reccomendation would be get the Kindle version so you can search it for advice.
  The excellent information on DNS from Hoffman Labs http://labs.hoffmanlabs.com/node/1436
  The video 'Setting up a primary DNS zone.....' from Lynda.com on youtube  http://www.youtube.com/watch?v=OOEgQY9oFK4
  The Series of PDF document on Snow Leopard Server from Apple http://support.apple.com/manuals#mac%20os%20x%20server%20v10.6
  And finally this excellent post from Joe Ferrante which was the core of what I used http://joeferrante.net/how-to-migrate-local-user-account-to-network-user-account -with-networked-home-folder-on-snow-leopard-server/
  Right off we go....
  Setting up the Server [this took me 6 goes to get it right as I learnt a little each time].
  So i'm not going to go through this step by step because it in the 'dummies' book and the videos from Apple above and those will be better than anything I write but here's my details/advice.
  I split the primary disc into 2 partitions using disk utility so I could reformat the operating system without moving my data.
  100GB for the OS X system
  400GB for user data
  Install OS X from the DVD, press the buttons based on your desires but stop at the bit about naming you computer titled Network Names
  READ UP ON DNS  - this one of the reason I had so many goes as it was the 1st time i've set up a server like this using DNS and guessing didn't get me there.
  If you don't have one buy a domain name for your network it make it much easier in the long run & is $10 well spent
  The name needs to be [the computer name].[your domain name].[com or net or org, etc]
  So if you want you computer to be called fred and you bought or have the domain location.com enter fred.location.com in the primary DNS name box
  This shoud automatically put fred in the computer name box.
  Follow along with the set up guide to finish
  After you have finished the set up test the DNS with NSLOOKUP in a terminal window
  nslookup fred.location.com    in my example and you should get the IP
  Add your servers IP address to the list of DNS servers in network preferences on the client mac.
  Bind [link] the client computers to the server in Accounts on the client computer - I used the 'dummies' book for this but there's lots of data on the web.
  Clean up the user profile on the client to reduce the size of the Home folder as much as possible or the data transfer is loooooooonnnnng - i also connect the iMac on a cable rather than wifi to speed it up.
  Read Joe's post http://joeferrante.net/how-to-migrate-local-user-account-to-network-user-account -with-networked-home-folder-on-snow-leopard-server/ and follow along.useful info I learnt somewhere - to get the paths to the folders correct in the terminal window go to the folder in Finder and then drag it to the terminal window and let go - this will put the correct link in the instruction.
  You now need to be on a terminal window on your server, with a finder window open and logged into the client as the user you are moving
  THE CLIENT COMPUTER NEEDS TO BE LOGGED OUT or logged in as a different user than the one you're trying to move.
  so when you're at the right point - type sudo cp -R then hit the space bar, drag the existing user folder onto the finder window, add the /* and hit space then find the users folder on the server and drag that onto the terminal window to complete the instruction.
  Hit enter and wait a while assuming it starts ok - i used network traffic on the Activity Monitor utility to check if it was working.
  If you got this far and it all worked - login to the profle you moved on any computer linked to the server or the server but not the original client computer to see if it worked and all your setting and data are intact and then delete the profile off the original client if it was ok [archiving the home directory took ages for me].
  As you can probably guess most of this was good learning for me and it worked successfully for me in the end, moving all my history, saved password, etc, etc without any problems.
  Hope this helps other in the same situation & feel free to expand or correct this if I've missed anything.
  Ed

  Hi,
  I was unable to access the Joe Ferrante information (it appears to now requrie a password and was not able to determine how a username and password were assigned)  Would you happen to have a copy of the post that you refer to above?
  I am still at the early stages of this process but am hoping that the steps you refer to are going to get me where I want to be.  Your stated end goal is where I hope to get to.
  Thanks,
  Sean

• Can I have a network user with the same name as a local user?!

  I have just set up Mac OS X 10.8 SErver with Open Directory.  I have about 20 machines that I will be setting up, some which have mainly been used localy and just used to tap into Shared Files, [historically], but am wanting to use network users for better backup and support.
  However some of the legacy accounts were not used on off the server...  What I have is the following :-
  a)    [Person A]  - They are a network user with Password [Password A]
  b)    The computer is [Person A], they have a Password [Password Old] (so it is different)
  I have Network Account Users turned on, with a green dot! (have domain all set up)
  However How do I connect using either a or b.  depending on what i feel like that day!
  ? Help any ideas.
  Ultimately I will have set up all my client machines with a client admin user and standard password... but I am not there yet!

  Moving from local (legacy) users to network users takes a one-time hassle of moving the contents of their local home folder contents up to the server. Using a finder copy never worked for me. What I finally found worked reliably was using rsync to copy the entire users local folder up to the server. Once on the server, move the files into place (if you didn't rsync them there directly. Finally, Chown all the files (on the server) to associate them with the correct userID on the server. If everything looks right on the server, you can test by trying to login as this user from another local Mac (but now as a network account), and hopefully their home folder looks like they expected.
  Note you will need admin access in the local machine and the server to rsync their home folder. You don't want to be logged into their account while trying to copy their files up to the server.
  If rsync is not your bag, a portable hard disk and/or disk image of their home folder is another way to move their stuff.
  Once you've verified that their network account got to the server ok, then REMOVE the local account.

• Migrate a Local User Account to a Network Account Shell Script

  http://support.apple.com/kb/HT5338?viewlocale=en_US&locale=en_US
  If you are looking for an easy way to migrate local users to network users without losing data, then try this script.
  Follow steps 1-10 in the support link above before running this script.
  1) Open /Applications/Utilities/Terminal.App
  2) Type vi myscriptname.sh
  3) type "i" to edit the document
  4) Copy and paste the following text in the terminal window
  #!/bin/bash
  echo "Go to http://support.apple.com/kb/HT5338?viewlocale=en_US&locale=en_US"
  echo "Complete steps 1-10 before continuing"
  echo -n "Enter 'USER' and press enter:"
  read USER
  echo -n "Enter 'SERVER' and press enter:"
  read SERVER
  sudo scp -Epr /Users/$USER root@$SERVER:/Users/
  sudo mv -f /Users/$USER /Users/$USER.old
  ssh root@$SERVER sudo chown -R $USER:staff /Users/$USER
  5) hit (ESC) then colon : and type wq! and hit return to save the document
  6) In Terminal type: chmod +x myscriptname.sh
  7) in Finder, Right Click or Control+Click myscriptname.sh and select open with
  8) Select "Show All Applications" and Navigate to /Applications/Utilities/terminal.App
  9) in Finder, Right Click or Control+Click myscriptname.sh and select get info / Open with and click "Change All" to open all .sh files in Terminal
  10) Double Click myscriptname.sh
  11) For USER enter the name of the network account
  12) For SERVER enter your server name (server.example.com)
  13) Enter the Admin Pass for the Local Machine, Then the Server, Then the server again
  14) The user folder will be renamed to user.old (bob.old)
  15) When you login as the network user account OS X Server Will copy your data to the local machine with Portable home directories
  16) Once you verify all the info is there you can delete the user.old folder from the /Users/ folder (bob.old)

  replace sudo scp -epr with sudo rsync -auvth if you do not want to waste space copying hardlinks

• Connecting Outlook 2013 for a local user

  We’re having trouble connecting a users connecting a domain user’s Outlook 2013 to our Exchange 2013 server. The user has a domain user account, and an Exchange mailbox.
  However;
   The user in question uses a PC that is physically connected to the network, but isn’t a domain-joined machine. The user is using a locally-provisioned account on the PC.
  The machine can query internal DNS servers, and has network connectivity through to the Exchange server.
  The user can successfully log in to OWA, where everything functions as normal. The user wishes to use Outlook 2013 for archiving of PST files.
  We are having issues creating a mail profile for the user, whether manually configuring or utilising autodiscover.
  With autodiscover, the user enters her name, email address and password in the initial wizard in Outlook 2013. 2 of the 3 steps succeed, before ‘The action cannot be completed. The name cannot be matched to a name in the address list’ error window is displayed.
  Is this because Exchange is having issues with the account being used to create the profile (the local user account on the PC)?
  Now what’s really odd, is that when using Outlook 2013 away from the network (at home), with any PC, the autodiscover method succeeds. What is causing it to fail internally?
  So, with the autodiscover method out of the window, we turned to manually configuring the profile.
  The local name of the Exchange server is entered for the server name, with the user’s email address for the username.
  In ‘More Settings’, the connection tab is configured to ‘Connect to Microsoft Exchange using HTTP’.
  The URL used to connect the proxy server for Exchange, is the external name used for OWA. This is the same address used when the user is using OWA internally/externally, which works without issue.
  Options ‘Connect using SSL only’, along with ‘Only connect to proxy servers that have this principal name in their certificate’ are selected with
  msstd:<external FQDN name> being entered.
  Basic Authentication is selected for the proxy authentication settings section.
  The user is then prompted for credentials. The following formats have been attempted;
  Domain.local\username
  Email Address
  [email protected]
  The correct password is used, but nothing is accepted.
  How can we get Outlook 2013 configured for this non-domain joined PC?
  Many thanks.

  We’re having trouble connecting a users connecting a domain user’s Outlook 2013 to our Exchange 2013 server. The user has a domain user account, and an Exchange mailbox.
  However;
   The user in question uses a PC that is physically connected to the network, but isn’t a domain-joined machine. The user is using a locally-provisioned account on the PC.
  The machine can query internal DNS servers, and has network connectivity through to the Exchange server.
  The user can successfully log in to OWA, where everything functions as normal. The user wishes to use Outlook 2013 for archiving of PST files.
  We are having issues creating a mail profile for the user, whether manually configuring or utilising autodiscover.
  With autodiscover, the user enters her name, email address and password in the initial wizard in Outlook 2013. 2 of the 3 steps succeed, before ‘The action cannot be completed. The name cannot be matched to a name in the address list’ error window is displayed.
  Is this because Exchange is having issues with the account being used to create the profile (the local user account on the PC)?
  Now what’s really odd, is that when using Outlook 2013 away from the network (at home), with any PC, the autodiscover method succeeds. What is causing it to fail internally?
  So, with the autodiscover method out of the window, we turned to manually configuring the profile.
  The local name of the Exchange server is entered for the server name, with the user’s email address for the username.
  In ‘More Settings’, the connection tab is configured to ‘Connect to Microsoft Exchange using HTTP’.
  The URL used to connect the proxy server for Exchange, is the external name used for OWA. This is the same address used when the user is using OWA internally/externally, which works without issue.
  Options ‘Connect using SSL only’, along with ‘Only connect to proxy servers that have this principal name in their certificate’ are selected with
  msstd:<external FQDN name> being entered.
  Basic Authentication is selected for the proxy authentication settings section.
  The user is then prompted for credentials. The following formats have been attempted;
  Domain.local\username
  Email Address
  [email protected]
  The correct password is used, but nothing is accepted.
  How can we get Outlook 2013 configured for this non-domain joined PC?
  Many thanks.
  The first problem is, if this Exchange 2013 then the server name in Outlook isn't really a server name, it is in actuality the ExchangeGUID of the mailbox.  
  Since you are trying to access the mailbox from a machine that is not on the domain you will need to make sure the externalURLs resolve properly internally.  Meaning either the user can access them by going out to the internet and getting routed back
  in (not ideal) or you configure them to resolve to the internal IPs on your internal DNS servers.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread
  Thank you for your reply.
  As I mentioned, this machine can query internal DNS servers without issue. Autodiscover is working in a fashion, as the name of the mail server is hashed. 
  In an update to the post, I have exported a working profile from the registry of the machine for a domain user, and have imported for a local user. This actually works, but I'd still like to know the reason for not being able to configure it in the first
  instance.

• Copy local user settings to network user account

  I have a local user on my computer here, and I want to transfer all settings to a network account - things such as dock icons, mouse settings, everything so when I log on to the network account everything looks and acts the same. Can I do this. or do I need to start from scratch?

  Hi Brent,
  The following has worked for me.
  1. Login to local machine as a local admin
  2. Delete user's account BUT choose the option to create a dmg of the user data.
  3. After completion, move the dmg to Users/Shared
  4. Log out
  5. Log in as your target OD network user (having created the server account, bound the client, etc)
  7. Open the dmg from /Users/Shared and copy the items from within each of Documents, Library, etc. Do NOT just copy Documents. Library, etc.... make sure you copy the contents
  Everything should be in place at the next login. Have the user change password via System Prefs > Accounts asap and this will fix any keychain issues.
  hth,
  b.

• Migrating local users to network users

  Hi - I have seen answers for past versions of the server, but none seem to work.
  I have 5 macs, 4 users.  I want them to be able to log in from any mac and have their home screen/files appear as if it was on their (former) local machine. Also want to set up group folders that can be accessed as well.  The latter part is no problem setting up, but how can i migrate the local home folders to the network easily.
  I have set up user accounts, bound local machines to the server, tried mobility settings but can't get it to work.
  I read somewhere that if the shortname is the same on the local machine as the server that may cause problems.
  Also - is there any advantage to setting up machines vs users in workgroup manager?
  Thanks

  Hello,
  if you want your users to be able to login from any machine on the network, then your users must exist in the OD on the server and the client machines must be bound to to the server. Client machines must be set to use network accounts.
  If the client machines are not portable (MB, MBP, Air etc), set you users as _plain_ network users, otherwise use Mobile accounts. The difference is that in case of mobile account are user credentials cached on the client, so they are able to login even when they are on another network (so the server is not available to authenticate).
  Next you need to set up network home for network your users. Start up Server Admin, select a sharepoint and enable automount as User home folder.
  Next, in the workgroup manager select your users, and assign them new home folder paths. As a last step copy contents of local homes to the new network location.

• Migrating Local Users to Network/Mobile Home Directories

  Hey Everyone!
  A Happy Holiday's to you all! I'm in the midst of building a new system for my new clients. They had nothing but static IP numbers and no actual servers in a 50+ Mac environment. MacBook Pros, G5's and PowerBook G4s up the yang.
  What I'm looking to do is migrate as seamlessly as possible, all of the existing local users to network users and then some of those network users will become mobile accounts. I have Open Directory authenticating properly so...
  Here's my plan:
  1) Finish creating new builds for the MacBook Pro's, the G5s, and the PowerBook G4s.
  2) Create the users in OD and assign them to groups for permissions.
  3) Drag and drop entire home directory from each computer to a shared folder on my OD Server.
  From here I want to run chown, I'm guessing, to change the user:group for the home folders I copied over so that they match the ID's created by OD. I figure when I do that, then I can simply replace the OD created home folders in my server's Users folder with the copied and permission modified home directories from each local user.
  My guess is that would be the fastest way to migrate the users to the network.
  My question is are the terminal commands I need to run on each folder in order to make this as seamless as possible?
  chown -R username:newgroupname /~path to copied local home directory
  Is that syntax right?

  The command is correct!!!
  But my quess is if you use ACL's to set the permissions you won't need to run the command on every folder
  Best Regards

• Best way to migrate local users to the network - move home folders?

  Hi everyone,
  I am about to set up my Mac mini server (Snow Leopard Server). I have one iMac with three user account on it (local), another iMac that we just bought and my MacBook Pro with my admin account on it (Snow Leopard). So all have Snow Leopard.
  What would be the best way to move the three local accounts AND their home folders to the server?
  What would be the best way to make my portable user account into a mobile user account on the server?
  I am planning to create all users on the server (with the same username and passwords etc.) then move the local home folders from the iMac to the server through some direct wired connection. My concern is with this move - will there be permissions mismatch issue? I am sure there will be as the UID would be different for the same accounts (pre-existing and newly created, eventhough their username and passwords are the same).
  Any best practices? strategies?
  Does Apple have any documentation on this specific topic? - that is moving local user accounts and their corresponding home folders onto the server?
  Thanks much!
  Kenneth

  Hi again,
  I haven't gotten round to it - but may have an alternative route in the mean time: the brand new 27" iMac just arrived, and rather than doing a full 'migration assistant' setup, I am going to try the following:
  1. on the new iMac: only create a local Admin account, user name totally unrelated with any other account name;
  2. on the server: settle all the network user account settings, portable home directories, managed preferences etc. for each user;
  3. on another computer: log on under the corresponding local user account, and copy one's home folder entirely to an external drive - do not use this machine again under this user account;
  4. on the new iMac: log in as a network user, make sure the home folder and library syncing works as desired, set some preferences (and check that this gets synced to the server drive); copy the parts of the home folder & library for this user from the external drive - wait until it all gets synced back and forth - and check any permissions, preferences whatever issue (the local account on the other computer is available for cross-checking, just don't change any documents or settings on that one)
  5. if all works well on the new iMac: delete this local user account on the other computer.
  6. repeat steps 3-5 for each other computer where this user has a local account (one 'old' iMac, one 13" MB) - will also allow to check and filter any duplicate documents which have accumulated over the different machines.
  7. create the network accounts for this user on the other computers, and check the syncing etc.
  8. repeat for each user (4 in total for us).
  I think this might just work, since the new iMac at present has no accounts - so no possible issues with similar account names & passwords etc - and you keep the 'old' local account on the other machine as a safeguard anyway.
  Any particular thoughts or comments on this proposed process??
  How about permissions: does the copying to an external disk, and then back onto another computers disk solve that??

• Migrating local user accounts/home directories to network user accounts

  Hi,
  I am planning on moving the user accounts from several Mac OS X client machines to a new Mac OS X Server machine (Quad core Xeon MacPro). I am very familiar with OS X client in a support environment, but do not have extensive experience with Server.
  I read over the instructions in this article
  http://docs.info.apple.com/article.html?path=ServerAdmin/10.4/en/c6um3.html
  and it appears to be fairly straight forward, although I do have some questions regarding the existing data (home folders) and how to set the clients to log in to the network account.
  Previously, in the event that I have needed to move a person's home directory to a new computer or recover from a corrupt OS (and Archive&install was not an option), in OS X client I would:
  1) Back up the home directory.
  2) Erase/reinstall OS X client.
  3) Log in as Root.
  4) Go into "Accounts" pref pane and create user with same short name as original/backed-up home directory.
  5) Replace the newly created home directory with the backed-up home directory.
  6) Go into Terminal and chown/chgrp the home directory to username/staff, respectively.
  This would result in a perfectly migrated user account. All settings and files working just as they did on the previous system/install of OS X.
  First Question: Could I employee a similar method to retain the content and settings from the local user accounts on the server as I migrate them to network users? Moving the user accounts to the server as described, then running terminal to set proper ownership...
  Second Question: What do I do on each client system to tell it to recognize the networked home directory for each user? Do I just change the user's home folder path in Netinfo Manager to the automount location?
  Thanks in advance for any help you can offer,
  -David
  MacPro 2.66 Quad Core (MA356LL/A)     Mac OS X Server 10.4.8

  A network account is really existing only on the server but if you use "portable homefolders" (Tiger client and server) you could "migrate" the local account to a "server" one by:
  Login locally as another user with administrative rights.
  Change the name of the old account folder in /Users.
  Remove the "old" account locally (woun't remove the "old" folder as you changed the name) only Netinfo data.
  Login using the serveraccount login/password thus creating a homefolder on the server.
  Logout and back in, enable portable homefolder.
  Logout and then in as a local admin and remove the new user folder.
  Change the name on the old userfolder to what the new one had.
  I'm not a 100% sure Netinfo has the server account UID now (added by logging in and creating the portable account?) but if it does:
  (http://forums.macosxhints.com/archive/index.php/t-12077.html)
  "Finding and changing UIDs across the filesystem is a one-liner command:
  sudo find / -user UID -exec chown userName {} \;
  (replace UID with the old UID number and userName with the new user name to associate file ownership.)"
  (A portable account must have got some "kind" of UID?)
  Let the machine "sync" with the server account.
  If you want an "on network only" account I don't know what you need to remove locally afterwards.
  HTH

• SSO for application systems with local users?

  Hi all,  I'm new to Oracle Identity Management.  My company is going to implement SSO for inhouse applications.  However, some applications have their own local users (e.g. admin, guest, etc.) who have to login to the application system through the same interface.  We put all organization users in an Oracle enterprise Directory server, which is the authentication backend of the Access Manager.   After implementing webgate, such local users can't get authenticated.  I'd like to know if it's possible to configure particular users/applications to bypass SSO and use local authentication?     Thanks.
  Rgds
  /ST wong

  Possible solution is to create a new entry point for local users. Create two proxies one for actual user entry and another for local user. You can restrict n/w access to proxy with local login so that only few hosts based on your requirement who needs to access system with local accounts. This way you will have two web sites for single application.