[Magus255]

I work at a school (k-12) and our problem was students were putting work in teacher drop boxes and teachers couldn’t delete it. We just used ACLs to give teachers full control of their own drop box and had the ACLs inherit to the files and folders inside. After doing it I realized that it probably would have been easier to just use ACLs on the whole home folder and give them full control of everything in their home, but that wasn’t a problem so it wasn’t needed.

[Magus255]

I am guessing you are using 10.4. You could set up ACLs through the command line. It is kind of a pain to do on home directories. We set it up to force the issue on drop boxes and it has been working well for about a month. The changes could be scripted if you are doing it on 10.4 server. Probably on 10.4 client too, though I’ve only found need to do it on server.

[Magus255]

Are you having problems with all mcx settings or just user/group? I was just setting up a mobile lab and found the wireless took a bit to connect but mcx settings worked fine. They were set on the computer level though and from 10.4.11 server. Logins were also about the same speed as the 10.4 clients.

[Magus255]

This should give you everything you need.
http://docs.info.apple.com/article.html?artnum=106439

[Magus255]

1. Yes
2. I haven’t found it if there is 1. Though you could probably use workgroup manager. Command line is rather easy though.
3. sudo dscl .
> change /Users/USERNAME UniqueID old# new#

you an also check knowmad’s post and just use change with old value and new value instead of create

4. Easier to just move it to /var or something like that. Same as above command only use NFSHomeDirectory and paths instead of UniqueID

5. Doesn’t matter if you change plist with defaults first or if you change ID first.

[Magus255]

First, yes you end up with a home dir /Users/bob with no bob user, really it should be bob’s dir that was moved. Second, You log out of admin and login to the network account of the user. Yes the mobility preference, if you don’t have it set to sync then it will just make a new user and not copy server files, so your choice. Once you login and have created the account you can just move the home folder back, either overwriting the 1 it created or with rsync. If you move it back before you make the account it should sync the changes with the server and upload the local stuff to the server. Either way you will probably have to log back in as admin and fix the permissions on the folder.

[Magus255]

We recently reinstalled our server and have had to deal with the same kind of thing. I have found that the easiest way seems to me to login with a local admin account and move the user home directory, then delete the user, then move the files back. Logout and login as the user and make a new mobile account. Then just check to make sure everything went well. For your steps 1, yes od master. 2 create user, same username and password is easier but you can still make it work without same info. 3 you might need to turn syncing on, without syncing it will just cache login info which should work for you but maybe not. 4 works.

with the network home not available message, did you remember to set a home directory location and all that for the ldap user?

[Magus255]

Not sure if this will work with your panther clients but it should work for tiger. You want to manage voiceover in WGM. Select whatever you want, group, users, computers.. and go to preferences. Click on details then click the add button. Browse to your Library/Preferences and pick the com.apple.universalaccess.plist file (if its not there you may have to change your settings in system prefs to make the file). Then double click the file or click it and hit edit. It should have Once, Often, and Always. Remove everything from that is currently in there since they are your settings and not what you want to push out but leave the Once Often and Always catagories. Then click on Always and click New Key, if it’s grayed out click the arrow by Always. Name the key voiceOverOnOffKey in the class list find Boolean and then set the value to Yes or No for on or off.

[Magus255]

What type of index file are you using? htm, html, php? We had the same problem when trying to use 1 of those 3 that wasn’t default, forget which one. Check your index file type and check the default index types on the general tab wen editing your site in server admin. You could also try typing in the index directly to see if that works.

[Magus255]

When you say Samba is that the built in Windows sharing service Samba or did you install/upgrade Samba seperatly?

[Magus255]

Easiest would be to use the managed prefs to block access to the Universal Access sytem pref panel and also go to the universal access managed prefs and disable keyboard shortcuts on the options tab.

[Magus255]

ARD 3 has Curtain which locks the screen of the computer your are controlling. It will just show a big lock not what you are doing.

[Magus255]

You could list the directory and then pipe it though grep to filter out unwanted stuff then us awk to call mv with the proper fields.

ls -l | grep somefilter | awk ‘{system(“mv ” $9 ” ” $4 “/”)}’

$9 ends up being file name and $4 is the group ownership from the permissions.

[Magus255]

I have 1 with a similar setup and like jerkyjerk said it depends on what you want to do with it. If you have a server license you will probably want to run dns and maybe dhcp, also some file services. If you don’t have server then you can just let your router do the dns and dhcp like before and setup the simple file sharing in the client version, it will work for most any home setup. As for VPN, do you really need it? If you map ports you can access afp or smb, or you could just use ssh and scp. My setup runs dns, dhcp, afp, and windows sharing on server, but its really a bit of overkill.

[Magus255]

If the computers are managed you could just edit the homesync pref file under detials in the preference pane, or you could push out the file with ARD though the manage prefs should replace it if its managed. That said, anything I have read says 3600 seconds is the max. So it might now work if you go above it.

[Author]

Posts