Is this what you are experiencing: users can login if they are not part
of any group;
users cannot login if they are part of a group (other than the default)
which is not managed;
users can login if they are part of a managed group (a workgroup)?
What happens if you manage a preference for one of the workgroups?
On Feb 21, 2005, at 11:30 PM, if wrote:
Now I am planning a new lab, all G5 iMacs with a G5 server acting as a
replica. These machines all will have 10.3.8 on them, as well as a
fresh build of all our apps and drivers. My problem is that none of my
users can log in to the new G5 clients, either through the replica or
directly through the master directory server. The only exception to
this are users with NO GROUP AFFILIATION.
That is, if I assign a user a group to be in, even if there are no
preferences set for that group, that user cannot log in to the new G5
clients. If I remove the group affiliation, bingo! the log in succeeds
and the home folder mounts correctly.
BTW, I can reproduce this error from scratch with the new server. As a
test I used the new server -- fresh from the box -- as a directory
master, added some new test users, created a new group, gave some of
the users the group affiliation and bingo! same set of results. Remove
the group affiliation, the new users mounted their home folders ok.
And I used a brand new iMac fresh from the box with only the Directory
Access file set to point to the new server.
Has anyone seen anything like this? I am really stumped as to what it
could be. I'm thinking now that my earlier problem was not a DNS
timeout error but was related to this group affiliation block on the
home folders mounting correctly. But I have no idea how to fix this.
Even Apple doesn't know what to make of it.
ADDENDUM: I have spoken to Apple tech support in the last few hours
and they still believe it is a DNS lookup issue. Except the DNS and
DHCP are controlled by the university and not by me and I am not
allowed to start up these services on my Xserve. What do I do?
Anybody?
"User Management Admin.pdf" says:
When a managed client computer starts up, a login dialog appears.
Depending on the login settings selected, a user either types his or
her user name or chooses it from a list. The user name and password
are verified by directory services (configured using the Directory
Access utility), and then the server returns a list of workgroups for
that user and the user selects a workgroup. The user’s environment,
privileges, and preferences are determined by the settings chosen for
that user, the selected workgroup, and the computer he or she uses.
When you create user accounts, the login settings determine the user
experience. If you allow simultaneous login, the user can log in to
more than one computer. Note: Simultaneous login is not recommended
for most users. You may want to reserve simultaneous login privileges
only for technical staff, teachers, or other users with administrator
privileges. For local users, the workgroups list contains all
workgroups assigned to that computer. For network users, list of
workgroups includes both the workgroups assigned to the user account
and the workgroups assigned to the computer in use. If a user has
access to no workgroups or only one workgroup, the workgroup
selection dialog is skipped and login proceeds automatically.
Arek Dreyer - Dreyer Network Consultants, Inc
Chicago-based 773-251-8931 email@hidden
Apple Certified Trainer, Apple Certified System Administrator
