HT203114: If you accidentally lock out an admin in macOS Server
Learn about If you accidentally lock out an admin in macOS Server
-
All replies
-
Helpful answers
-
Dec 27, 2014 7:55 AM in response to chrisfelby forappie,I had the same issue and I suspect it is because we have other OD nodes than the one listed in Apple's article (HT203114).
All my Yoseimte accounts were locked out due to a 'rogue' password policy coming from my home (Mavericks) server (all accounts got disabled at the same time after 1 or 2 restarts/logins). To access a admin account on the machine where you have problems try the following:
- Enable root (start-up in recovery mode by pressing Command-R during start-up, then a) go into terminal b) issue 'reset password' commend c) specify password for 'System Administrator (root)' user)
- restart, login as root and create new admin user in 'Users & groups' system preferences
- restart and login in with new admin account
- disable root: a) goto Users & Groups b) Unlock panel with admin c) Click 'Loging options' d) Edit/join Network Account Server e) Open Directory utility f) Unlock again g) Edit menu --> Disable Root user h) quit Open Directory Utility and Users & groups
- Open Terminal window
- Issue 'sudo /usr/bin/pwpolicy clearaccountpolicies', ie without specifying the OD node. I hoped it would use the active node and it worked for me. The command returns almost immediately with 'Clearing global account policies'
One other successful way for me to enable accounts again was by running the Yosemite installer again. This disabled the 'rogue' password policy for 1 or 2 logins and made all accounts available again. My problems are described in greater detail in 'After upgrading to Yosemite all accounts disabled'. When I'm convinced the problems have been resolved I'll post the solution.
Success