Losing 'Other...' login option on OD master

Question

Level 1

0 points

Losing 'Other...' login option on OD master

I have a mac mini running Lion Server which is an OD master. It is setup to authenticate against it's own OD service. However I can only do this when the machine first boots up. If I go back to the login window after the first login event, either logging out or using the fast user switching menu, the 'Other...' option dispears leaving me with option to login as the local admin & the currently logged in network user (if a network user is logged). I can't find any reason for this behavior & in all honesty I have no idea where to start looking to solve this problem.

A possibly related thing is I'm currently unable to get a ubuntu file server authenticate against the OD server. However, I've not put any effort into fixing this as it's not a serious problem.

Mac mini, Mac OS X (10.7.3), 2.7GHz i7, 16GB ram, 2x 512GB SSD

Posted on May 5, 2012 12:05 PM

Reply

Answer 1

gracoat

Level 3

673 points

May 5, 2012 9:53 PM in response to G Bell

It's a security thing.

A server should remain on all the time. That's kinda what it's designed for.

The first time you log in after a restart, it'll allow you to authenticate as anyone in case there's a problem.

After that, only the admin user is allowed to log in. That way network users can't 'do stuff' on your server willy nilly. Even though they may not have admin access to stuff, logging in via the GUI is the first step to being able to mess things up. The server should always remain on and remain at the login screen unless you're working on it.

HTH

-Graham

Reply

Answer 2

G Bell Author

Level 1

0 points

May 6, 2012 12:58 AM in response to gracoat

Can I configure it to not do this?

The machine is as a workstation with some services to keep coherency across a few machines rather than a dedicated server. The only reason for going to Lion Server was to give GUI admin to dns, dhcp & ldap which I was previously using the CLI for.

Reply

Answer 3

gracoat

Level 3

673 points

May 6, 2012 8:36 AM in response to G Bell

I don't believe so. Perhaps you could create a local user with a home folder that exists on your network share?

It's a stretch, but it might be possible.

In system prefs. Create a new user. Ensure that they're an administrator.

Open up Server.app In the file sharing section, you'll need to give your new user full access to the home directory in question.

Back in System Prefs.

Right click on your new users' name.

Choose advanced options.

Under the home folder location field, type the path to your user's new home folder.

Click okay, and restart.

Hope it works!

-Graham

Reply

Answer 4

G Bell Author

Level 1

0 points

May 6, 2012 9:37 AM in response to gracoat

Oddly, this almost solved my problem. Instead of giving a local user permissions to access to a given home directoty I gave the local user the same uid as a network user. The local user dispeared at login. I did the same to my local admin user, giving in the uid of the ldap administrator, I now always get only the 'Other...' prompt at the login screen.

EDIT: And the numptie of the week award goes to ME! I didn't think about switching the login prompt to the user/password boxes, which also solved the problem.

Reply

Answer 5

gracoat

Level 3

673 points

May 6, 2012 10:05 AM in response to G Bell

Just a heads up. This will probably get 'fixed' by apple as it's kind of a security work around.

Hehe... But I'm glad it's working for the mean time!

-Graham

Reply