No caching of AD user permissions when not connected to domain

[carlos77]

Hi all. I have just started testing and rolling out a couple of fully patched Leopard machines that are authenticating to AD with no problems at all. Binding works fine, seamless login to SMB shares, almost too easy! I have encountered one major headache and that is for users with mobile accounts on their laptops when not attached to the domain, whilst AD username and password are cached, permissions are lost, so changing any user prefs etc. needs the local admin password. Has anyone got a fix for this?

[carlos77]

Thanks for the reply Mactroll – could you advise me how to do this or point me in the direction of some instructions on how to do this? I’ve done a fair bit of googling, but can’t find anything useful.

EDIT – OK think I’ve found some stuff now!! Cheers.

[carlos77]

[QUOTE][u]Quote by: carlos77[/u][p]Thanks for the reply Mactroll – could you advise me how to do this or point me in the direction of some instructions on how to do this? I’ve done a fair bit of googling, but can’t find anything useful.

EDIT – OK think I’ve found some stuff now!! Cheers.[/p][/QUOTE]

Nope still stuck! We don’t have the magic triangle setup here (at the moment at least), just the Macs authenticating straight to AD. If anyone could help me here, would be greatly appreciated as I’m not making any progress on this at the moment.

[cashxx]

I may be wrong but I think the easiest way would be to download the Server Tools from Apple and use Workgroup Manager and add the cached user to the local admin group like MacTroll said.

http://support.apple.com/downloads/Server_Admin_Tools_10_5_5

-Dan

[carlos77]

Thanks for the replies. I’m a fairly recent Mac convert who has been thrown in at the deep end, so I’m probably misunderstanding something somewhere. In regard to Server Admin utility, are you saying to install this on the clients and do the user administration that way (we have an OS X server here running 10.4, but it is not an OD master, just used as a file server)?

The command I have been trying to nest the users is

dseditgroup -o edit -a “mac users” -t group -n /NetInfo/DefaultLocalNode admin

where mac users is the AD group.

[macinandy]

“The command I have been trying to nest the users is

dseditgroup -o edit -a “mac users” -t group -n /NetInfo/DefaultLocalNode admin

where mac users is the AD group.”

Add to NetInfo on a fully patched Leopard machine? Am I missing something?
Cheers

[carlos77]

[QUOTE][u]Quote by: macinandy[/u][p]”The command I have been trying to nest the users is

dseditgroup -o edit -a “mac users” -t group -n /NetInfo/DefaultLocalNode admin

where mac users is the AD group.”

Add to NetInfo on a fully patched Leopard machine? Am I missing something?
Cheers[/p][/QUOTE]

I’ve basically just copied the above command from elsewhere on this site, but not with any real understanding of the fundamentals of what it does. So if I interpret what you are asking (in other words that I am doing something wrong in this case) could you tell me where or what is incorrect about the above. Thanks in advance.

[macinandy]

I was just a bit surprised to see Netinfo in the command you’re using on leopard so thought I’d ask.
I’m not too sure myself of what the command would be, maybe
dseditgroup -o edit -a “mac users” -t group -n /Local/Default/Groups/localstudentadmin/

cheers

[macinandy]

after some testing this command should do it
dseditgroup -o edit -a “mac users” -t group -n . -u yoursername -P yourpassword localadmingroup
replacing yourusername yourpassword and localadmingroup with relevant info
cheers

[Author]

Posts