User group management?

Discussion in 'macOS' started by carleton, Jan 8, 2011.

  1. carleton macrumors member

    Joined:
    Dec 26, 2008
    #1
    I am new to Mac, but have used Linux in the past. How does one go about managing the user groups? I need to setup a few special groups to share among different users on the machine.

    Sam
     
  2. calderone macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #2
    Method 1:
    Accounts Preferences
    Creates Groups just as you do users

    Method 2:
    Directory Service Command Line or dscl

    To learn more:
    Code:
    man dscl
    in Terminal.
     
  3. carleton thread starter macrumors member

    Joined:
    Dec 26, 2008
    #3
    Thank you, I used the GUI to create the group. The problem I am having is a bit complicated...

    When I first got the Mac mini, I made the local username the same as what I use to log into Microsoft Active Directory (AD). Once I learned how to add the Mac to the AD, I discovered there was no way to log into the domain with my normal username because it was a local account. (On Windows you always prefix the domain name slash username <domain name>\<user> so that this is not an issue).

    What I did was:

    1. Enabled the root account
    2. Logged in as root
    3. renamed the home directory (user1 to user1Local)
    4. created a new local user account and with the same name as the home directory
    5. deleted the first account

    When this was all done, I was able to log out as root and log in with that new username (user1Local) and all was well. The I was able to log in as user1 with my domain password and it mapped the home directory from the AD!

    This was last week, I have been using user1 since. I did discover a few things though. One was yesterday the computer was not on the LAN and I was not able to log in as user1, I assume because it could not get to the AD. So I tried logging in as user1Local and that didn't work.

    I am back on the LAN and logging in as user1. When I go into the GUI tool, I don't see user1Local, nor can I log in as that user.

    How do I list the local users to see if that account is setup correctly? How do I go about trouble shooting this local account?

    Is my theory correct that OSX does not cache user info to allow AD users to login when the AD cannot be found?

    Sam
     
  4. calderone macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #4
    You can use dscl to determine if there is a user1Local, if it is for some reason and incomplete record it won't show up in the GUI. It sounds like you just don't have the account. If you have the home directory, simply create a new account with that shortname.

    In regards to AD and local user caching. This is an option you set when you bind, but only when you do it through Directory Utility are you given the option. You can modify the way the AD plugin behaves by changing it in Directory Utility.

    You want to set:
    Create mobile account at login

    You can confirm that the account is mobile in Account Preferences. It will say "Mobile" under the name.
     
  5. carleton thread starter macrumors member

    Joined:
    Dec 26, 2008
    #5
    I looked at the man page on dscl but man pages and I never got along all that well, so I was not able to determine how to list the local users. how does one go about doing that?
     
  6. calderone macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #6
    Code:
    dscl . list /Users | awk '!/^_/'
    The awk statement is just removing the majority of the system accounts from the output.
     
  7. carleton thread starter macrumors member

    Joined:
    Dec 26, 2008
    #7
    Ok, I have returned to this little project...

    I did list the user and my user1Local is no where to be found. Is my impression correct that I can log in as root and recreate the account, giving the same home directory name and all should be well with the world?

    Also, this "Directory Utility" to enable mobile accounts. Where exactly do I find this things? I would like this Mac mini to be a sort of laptop, such that I can take it places and not be connected to the AD.

    Sam
     
  8. calderone macrumors 68040

    calderone

    Joined:
    Aug 28, 2009
    Location:
    Seattle
    #8
    1. Recreating the local user

    Yes, you can recreate that account. If it has the same shortname as the existing home folder, when you create it OS X will detect a home folder and adjust the permissions of that home folder (making that new user the owner).

    2. Mobile Account
    Directory Utility is in /System/Library/CoreServices
    Edit the Active Directory plugin and turn on "Create mobile account at login" and "Force local home directory on startup disk"

    Good luck
     

Share This Page