User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; it-IT; rv:1.8.0.4) Gecko/20060516 SeaMonkey/1.0.2
Hi,
I'm working on a server with Mac OS X Server 10.4.7 configured as Open
Directory Master and some clients with Mac OS X 10.4.7.
I'm reading Apple's "User Management" PDF [1].
Section "Using Local User Accounts" on page 98 explains how to manage
preferences for clients' local user accounts and on the next page there
is a step-based task that should teach you how to accomplish it.
It says:
[BEGIN QUOTED TEXT]
To provide access for users with local accounts:
1 In Workgroup Manager, click Accounts.
2 Select a computer list that supports computers with local users.
To select a list, click the globe and choose the directory domain that
contains the computer list, click the Computer Lists button, and select
the list.
3 To authenticate, click the lock and enter the name and password of a
directory domain administrator.
4 Click Access.
5 Select “Restrict to groups below” to determine which workgroups are
displayed when a local user logs in. Drag groups from the drawer to the
list in the Access pane.
If you select “All groups can use the computer,” users log in without
having to select a workgroup.
6 If you selected “Restrict to groups below,” select “Local-only
accounts pick workgroups from the above list,” to require that users
select one of those workgroups.
The workgroup picker is only displayed if client computers use Mac OS X
version 10.4 or later. Additionally, if there is only one workgroup, the
user will automatically log in as a member of that workgroup.
If you do not select “Local-only accounts pick workgroups from the above
list,” local users do not have to select a workgroup.
7 Make sure “Allow users with local-only accounts” is selected.
8 Click Save.
[END QUOTED TEXT]
I really cannot understand the point of having the “Restrict to groups
below” and “Local-only accounts pick workgroups from the above list”
options.
The definition of workgroup is "A set of users for whom you define
preferences and privileges as a group." and AFAIK it's created in the
server's LDAP domain. So, how is it possible for a local account to be
in a workgroup?
Or is it allowed for a local-only user to choose to be managed with the
preference settings of a workgroup it isn't part of?
If it would be true, wouldn't it break the whole preference management
policy used?
Please point me out to what I am missing.
[1] <http://images.apple.com/server/pdfs/User_Management_Admin_v10.4B.pdf>
--
Andrea "XFox" Govoni
AIM/iChat/ICQ: email@hidden
Yahoo! ID: xfox82
Skype Name: draykan
PGP
KeyID: 0x212E69C1
Fingerprint: FBE1 CA7D 34BE 4A53 9639 5C36 B7A0 605F 212E 69C1
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Client-management mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/client-management/email@hidden
This email sent to email@hidden
