Home Forums OS X Server and Client Discussion Questions and Answers locking user’s home directory.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • February 21, 2008 at 9:58 pm #371633
    jakwong
    Participant

    Server Setup: 10.4.8: Magic Triangle setup: Binded to LDAP and is OD Master. Home directory stored on XSAN served via AFP. MCX settings enforced as well. Quotas (500mb soft/768mb hard) set through Xsan.

    Users can log in to workstations without any problem. The problem in short is that we would like to lock user out but it’s bypassing MCX. Now the problem here is that in Panther we just change the ownership of the home directory and the locked user will be able to log in but nothing appears. In Tiger, if i move the locked user’s directory, I am able to authenticate into workstation and get a error “home folder have been moved or deleted” but am still able to use computer to some degree. Changing the rw permissions on the home directory also bypasses MCX settings and lets “locked” user into workstation with errors appearing here and there.

    We also are seeing that if a user does not have home directory he or she is still able to log in.

    Maybe I missed something when I set the lab up to Tiger because when we were on Panther a user is unable to log in if he or she doesn’t have a home directory also when we change the ownership of the home directory a user is still able to log in but finder and dock were empty.

    Ultimately, what we want is to lock a user’s account so that the user would have to contact IT staff in order to gain access again.

    Thank you
    Jason K

    February 22, 2008 at 12:16 am #371636
    tobyobi
    Participant

    Can you not just disable the account through Workgroup Manager? Under Accounts in the 10.4 version of WGM, select the account and uncheck “access account”.

    Or have I missed something here?

    February 22, 2008 at 12:48 am #371638
    Greg Neagle
    Participant

    If the account is actually on the LDAP server and not the OD master, just change or disable their password.

    February 22, 2008 at 3:19 am #371641
    jakwong
    Participant

    [QUOTE][u]Quote by: tobyobi[/u][p]Can you not just disable the account through Workgroup Manager? Under Accounts in the 10.4 version of WGM, select the account and uncheck “access account”.

    Or have I missed something here?[/p][/QUOTE]

    I tried this previously thinking the same thing but I keep getting this error. I haven’t looked to deep into it since I didn’t want to write anything back to LDAP.

    2008-02-21 22:05:42.829 Workgroup Manager[21181] Got unexpected error of type eDSInvalidAttributeType (-14131) on line 3318 of /SourceCache/ServerManagerUserGeneral/ServerManagerUserGeneral-193.4.1/UserAdvancedPluginView.mm

    Also this would lock the user out of the workstations but i have about 5000+ user in our LDAP system and rough 800 of those users should be accessing the workstations. It would be nice to disable all but the 800 or even allow those who have only home directories on the xserve to log in.

    -jakwong

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.