Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
User group management?
- Thread starter carleton
- Start date
- Sort by reaction score
Thank you, I used the GUI to create the group. The problem I am having is a bit complicated...
When I first got the Mac mini, I made the local username the same as what I use to log into Microsoft Active Directory (AD). Once I learned how to add the Mac to the AD, I discovered there was no way to log into the domain with my normal username because it was a local account. (On Windows you always prefix the domain name slash username <domain name>\<user> so that this is not an issue).
What I did was:
When this was all done, I was able to log out as root and log in with that new username (user1Local) and all was well. The I was able to log in as user1 with my domain password and it mapped the home directory from the AD!
This was last week, I have been using user1 since. I did discover a few things though. One was yesterday the computer was not on the LAN and I was not able to log in as user1, I assume because it could not get to the AD. So I tried logging in as user1Local and that didn't work.
I am back on the LAN and logging in as user1. When I go into the GUI tool, I don't see user1Local, nor can I log in as that user.
How do I list the local users to see if that account is setup correctly? How do I go about trouble shooting this local account?
Is my theory correct that OSX does not cache user info to allow AD users to login when the AD cannot be found?
Sam
When I first got the Mac mini, I made the local username the same as what I use to log into Microsoft Active Directory (AD). Once I learned how to add the Mac to the AD, I discovered there was no way to log into the domain with my normal username because it was a local account. (On Windows you always prefix the domain name slash username <domain name>\<user> so that this is not an issue).
What I did was:
- Enabled the root account
- Logged in as root
- renamed the home directory (user1 to user1Local)
- created a new local user account and with the same name as the home directory
- deleted the first account
When this was all done, I was able to log out as root and log in with that new username (user1Local) and all was well. The I was able to log in as user1 with my domain password and it mapped the home directory from the AD!
This was last week, I have been using user1 since. I did discover a few things though. One was yesterday the computer was not on the LAN and I was not able to log in as user1, I assume because it could not get to the AD. So I tried logging in as user1Local and that didn't work.
I am back on the LAN and logging in as user1. When I go into the GUI tool, I don't see user1Local, nor can I log in as that user.
How do I list the local users to see if that account is setup correctly? How do I go about trouble shooting this local account?
Is my theory correct that OSX does not cache user info to allow AD users to login when the AD cannot be found?
Sam
You can use dscl to determine if there is a user1Local, if it is for some reason and incomplete record it won't show up in the GUI. It sounds like you just don't have the account. If you have the home directory, simply create a new account with that shortname.
In regards to AD and local user caching. This is an option you set when you bind, but only when you do it through Directory Utility are you given the option. You can modify the way the AD plugin behaves by changing it in Directory Utility.
You want to set:
Create mobile account at login
You can confirm that the account is mobile in Account Preferences. It will say "Mobile" under the name.
In regards to AD and local user caching. This is an option you set when you bind, but only when you do it through Directory Utility are you given the option. You can modify the way the AD plugin behaves by changing it in Directory Utility.
You want to set:
Create mobile account at login
You can confirm that the account is mobile in Account Preferences. It will say "Mobile" under the name.
Code:
dscl . list /Users | awk '!/^_/'The awk statement is just removing the majority of the system accounts from the output.
Ok, I have returned to this little project...
I did list the user and my user1Local is no where to be found. Is my impression correct that I can log in as root and recreate the account, giving the same home directory name and all should be well with the world?
Also, this "Directory Utility" to enable mobile accounts. Where exactly do I find this things? I would like this Mac mini to be a sort of laptop, such that I can take it places and not be connected to the AD.
Sam
I did list the user and my user1Local is no where to be found. Is my impression correct that I can log in as root and recreate the account, giving the same home directory name and all should be well with the world?
Also, this "Directory Utility" to enable mobile accounts. Where exactly do I find this things? I would like this Mac mini to be a sort of laptop, such that I can take it places and not be connected to the AD.
Sam
1. Recreating the local user
Yes, you can recreate that account. If it has the same shortname as the existing home folder, when you create it OS X will detect a home folder and adjust the permissions of that home folder (making that new user the owner).
2. Mobile Account
Directory Utility is in /System/Library/CoreServices
Edit the Active Directory plugin and turn on "Create mobile account at login" and "Force local home directory on startup disk"
Good luck
Yes, you can recreate that account. If it has the same shortname as the existing home folder, when you create it OS X will detect a home folder and adjust the permissions of that home folder (making that new user the owner).
2. Mobile Account
Directory Utility is in /System/Library/CoreServices
Edit the Active Directory plugin and turn on "Create mobile account at login" and "Force local home directory on startup disk"
Good luck