RE: [Fed-Talk] Password policy for non-networked Macs
RE: [Fed-Talk] Password policy for non-networked Macs
- Subject: RE: [Fed-Talk] Password policy for non-networked Macs
- From: "Valentine, Ruth Ann B." <email@hidden>
- Date: Thu, 9 Sep 2010 16:20:36 -0400
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] Password policy for non-networked Macs
I have had varying mileage with pwpolicy.
I am also in the middle of configuring non-netowrked computers. I am avoiding global policy because I have had that totally lock users out in the past.
I have not gotten user policy to recognize requriesAlpha requiresNumeric and minChars to work at the "macintosh" level.
I have gotten it to recognize newPasswordRequired manMinutesUntilChangePassword and maxFailedLoginAttempts at the regular apple loginwindow, and later inspection of the user's policy shows that, for example, the newPasswordRequired value is appropriately re-set.
As for the error, what are you putting in for the node?
I used /Local/Default
Last but not least, if you do not run sudo, you can get an error when all is really ok, but just because you don't have permission.
Example
Sudo /usr/bin/pwpolicy -a adminname -u username -n /Local/Default -setpolicy "things you want to apply"
Hope this helps some.
-----Original Message-----
From: fed-talk-bounces+ruthann=email@hidden [mailto:fed-talk-bounces+ruthann=email@hidden] On Behalf Of Matthew Smith
Sent: Thursday, September 09, 2010 3:36 PM
To: Fed Talk
Subject: [Fed-Talk] Password policy for non-networked Macs
We have a number of Mac Pros we just got for our organization. We need to require 14-character passwords with upper and lowercase letters and a symbol and a number as might be expected. However, no Macs are allowed on the base network, and there will be no server linking these. I have tried to locally use the pwpolicy CLI tool to do this, but I keep getting:
***Error: eDSAuthFailed : (-14090) for dsDoDirNodeAuth
Method = dsAuthMethodStandard:dsAuthSetPasswd
when I try any commands for global or even individual users. I'm putting in my admin password when asked for a password to execute the command. When I do a -getglobalpolicy, I do see all the default settings though. I feel there's some step I'm missing to either setup or activate the password server so I can make changes to it... any advice?
Yours,
TSgt Matthew Smith
The USAF Band
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden