Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Our Archives > General Archives > Servers > Trouble with "local-only" accounts

 
Trouble with "local-only" accounts
Thread Tools
DayLateDon
Dedicated MacNNer
Join Date: Nov 2000
Status: Offline
Jan 20, 2004, 12:41 PM
 
Hello ...


I having trouble wrapping my mind around configuring "local-only" accounts to interact properly with our server setup. In most cases, I run into an inconvenience (and a security hazard); on one client Mac, I run into total system lock-up.

All of our clients have three "on-board" accounts: "Administrator" (for me), "Teachers" (for teachers), and "Students" (for ... well ... you figure that out). Obviously, I've assigned different privileges to the various accounts. (I particular, "Students" cannot "Connect to Server ...".) My account lets me tinker with the Mac as needed; the "Teachers" and "Students" accounts are to let users have a fall-back way to use the computers in case they forget their password or the network goes down or whatever.

Of course, I also have the Macs set to connect to our Xserve to tap "Other ..." accounts. The Xserve (running Mac OS X Server 10.2.x) manages the accounts, which are separated into groups "Teachers", "Grade 8 Students", "Grade 7 Students", ..., "K Students", "Pre-K Students", where again, I've assigned different privileges.

The problems I'm having seem to stem from the fact that logging in to the "on-board" accounts requires (or allows) users to select a workgroup as defined for the server-based accounts. A student logging into the "Students" on-board account --with its limited access-- can in fact choose to be in the "Teachers" workgroup and remove the access limits. (Conversely, before I renamed "Teachers" to "All Teachers", that workgroup was listed last alphabetically, and our teachers tended to select the "Grade XYZ Student" account corresponding to their grade level, thus losing some of their power.) So far, I don't believe any students have exploited this (knock wood), but clearly I don't want this to continue.

On one Mac in particular, trying to sign into the "Students" on-board account gets as far as the Workgroup selector pane; once a selection is made, however, the Mac enters an interminable "logging in ..." process, from which the only escape is a hard restart. Interestingly, if I change the "Students" account to an Administrator account, the process goes through just fine; I'm glad it works, but I obviously can't make that fix permanent.



So ... how do I get the Workgroup manager pane out of the log-in process for "on-board" accounts? And/or how to I keep users from getting into the wrong workgroups?


Thanks,

DayLateDon
     
 
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -5. The time now is 09:49 AM.
All contents of these forums © 1995-2011 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.7 © 2000-2011, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2