Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AD homedir config, group restriction

Hi Ben,

Our AD admins broke groups up into OU's on the server side, which
may be one approach to solving this problem. The primary reason this
was done was to limit Windows guest users to certain computers on the
domain. It quickly proved useful for other purposes. If a user is
mapped to a certain OU, then you may be able to assume certain other
settings. The more you are willing to customize, the more options you
will have. It will probably mean more difficulty when the time comes
for major system upgrade or migration.

Hope this helps,
Charles

On Wed, 21 Apr 2004, Ben Staffin wrote:

> I've got two questions.
>
> 1) How do I restrict which groups of people are permitted to log in to a
> mac attached to AD? I currently use AD for my lab machines, to which
> anyone can log in. That's fine - but for office machines and other
> non-public machines, I'd like to be able to specify which AD groups can
> "log in locally", as Windows would call it.
>
> 2) Is there some way to specify _where_ AD users' home directories are?
> My AD does not specify any homedir. Again, this is fine for my public
> labs, where everybody gets a dynamically-created homedir, but for
> machines in offices and such, people have homedirs on an AFP server.
> Mounting them on login shouldn't be that hard, but afaict, the system
> will still think that the homedir is /Users/username.
>
> Bonus points if you think up a way to have _some_ users have a specified
> AFP or SMB or AFS homedir, and the rest get a generic autocreated
> homedir on login.
>
> --
> /--
> | Ben Staffin
> perpetual nerd |
> --/
> _______________________________________________
> maclabmanager mailing list | email@hidden
> Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/maclabmanager
> Do not post admin requests to the list. They will be ignored.
_______________________________________________
maclabmanager mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/maclabmanager
Do not post admin requests to the list. They will be ignored.

References: 
 >AD homedir config, group restriction (From: Ben Staffin <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.