brycesteiner
Level 1 (37 points)
Mac OS X

Q: How do I stop Apple ID users from logging in to server?

We are a small business who uses a Mac Mini Server. We just did clean install to 10.11.4 on new SSD's I installed.

 

After setting up shares, anyone can log in even when they don't have a user name or password and it's because they are using the same iCloud account as the server (we do this to keep all calendars, reminders, mail, etc in sync), but it's automatically all having them log in as the same user to the file shares. I didn't have this issue before. And I certainly don't want everyone logged in as the same user. The guest user is disabled.

 

I searched and searched for the answer and found it on previous OS's but not El Capitan.

 

So, How do I disable login with the Apple ID?

Mac mini, OS X El Capitan (10.11.2), 2011 Mac Mini Server

Posted on Mar 26, 2016 5:02 AM

by brycesteiner,Solvedanswer
brycesteiner brycesteiner
Level 1 (37 points)
Mac OS X
A:

I found the solution and I want to share it.

 

 

 

If you have Server it's under

Accounts:Users

Then you right click the user and select advanced options. If you have anything in Aliases, that would be the cause if the user logging in with an Apple ID. This could be true for any user, not just the one logged in locally.

 

If you don't have server and you are sharing from the settings:

System Preferences then Users & Groups. Then you will have to unlock at the bottom. Then you right click the user and choose advanced options and you if you have anything in aliases, they could log in without a user name and password if they are logged in to the appleID already.

 

I hope this helps you.

Screen Shot 2016-03-26 at 11.26.21 AM.png

Posted on Mar 26, 2016 8:37 AM

Close
brycesteiner

Q: How do I stop Apple ID users from logging in to server?

  • All replies
  • Helpful answers

  • by brycesteiner,Solvedanswer

    brycesteiner brycesteiner Mar 26, 2016 8:37 AM in response to brycesteiner
    Level 1 (37 points)
    Mac OS X
    Mar 26, 2016 8:37 AM in response to brycesteiner

    I found the solution and I want to share it.

     

     

     

    If you have Server it's under

    Accounts:Users

    Then you right click the user and select advanced options. If you have anything in Aliases, that would be the cause if the user logging in with an Apple ID. This could be true for any user, not just the one logged in locally.

     

    If you don't have server and you are sharing from the settings:

    System Preferences then Users & Groups. Then you will have to unlock at the bottom. Then you right click the user and choose advanced options and you if you have anything in aliases, they could log in without a user name and password if they are logged in to the appleID already.

     

    I hope this helps you.

    Screen Shot 2016-03-26 at 11.26.21 AM.png

  • by cdhw,

    cdhw cdhw Mar 26, 2016 11:10 AM in response to brycesteiner
    Level 4 (2,668 points)
    Servers Enterprise
    Mar 26, 2016 11:10 AM in response to brycesteiner

    Sharing an apple-id between multiple users is a really bad idea. Calendars, email, etc, can all be shared using other methods. Unless you are in the fortunate position whose employees never leave and are completely trustworthy and will never fall for any sort of malware or phishing scam (hint: you're not) you are in an extremely vulnerable position.

     

    C.

  • by brycesteiner,

    brycesteiner brycesteiner Mar 26, 2016 2:07 PM in response to cdhw
    Level 1 (37 points)
    Mac OS X
    Mar 26, 2016 2:07 PM in response to cdhw

    What exactly do you mean? How can it be vulnerable since workers cannot taking it home nor do they have the passwords. This way the emails can be set up automatically and they don't need the passwords.

     

    This has worked well for years, but I would love to know more if this is very vulnerable so I can make changes.

     

    thanks,

  • by cdhw,

    cdhw cdhw Mar 26, 2016 3:50 PM in response to brycesteiner
    Level 4 (2,668 points)
    Servers Enterprise
    Mar 26, 2016 3:50 PM in response to brycesteiner

    How do individual users authenticate? Or do you have a system where anybody can sit down at any machine and use it to access your systems without logging in?

     

    C.

  • by brycesteiner,

    brycesteiner brycesteiner Mar 26, 2016 6:17 PM in response to cdhw
    Level 1 (37 points)
    Mac OS X
    Mar 26, 2016 6:17 PM in response to cdhw

    The computers turn themselves on 10 minutes before people arrive and auto login as their user and have just their access they are allowed on the server. Each person then sits at the computer they use. They could sit at another, but it wouldn't make much sense because the software on that computer is customized for that person (designer has Indesign; typesetter uses Libreoffice; Accounting accesses their software; etc).

     

    I do it this way so they don't have to know passwords or have to think about anything but what they know, yet I can tell by the logs on the server when and where the files are being accessed. It also makes it so they can't install anything because they don't have the access.

     

    All computers also have time-machine backup to the server (except one iMac that refuses).

  • by cdhw,

    cdhw cdhw Mar 27, 2016 3:02 AM in response to brycesteiner
    Level 4 (2,668 points)
    Servers Enterprise
    Mar 27, 2016 3:02 AM in response to brycesteiner

    Auto-login is insecure because (a) anybody with physical access to the machine can use it and (a) stores the password in a manner that allows it to be recovered as plain text. There are various scenarios where this can be exploited, but the most plausible one is that a machine is stolen.

     

    Anyway, this is not the place to discuss such matters in detail; I have no wish to educate crooks. In my opinion, any system that does not start by giving each user their own individual set of credentials and/or allows the use of auto-login is not secure.

     

    C.