11 Replies Latest reply: Feb 6, 2013 7:37 AM by Sergio Ruiz
Sergio Ruiz Level 1 (0 points)

Hi everyone,


I have a weird situation with some SL 10.6.8 clients being managed by a 10.7.5 Lion Server OD Master. The local admin account created manually on the clients gets Parental Controls when the computer is binded to the directory, so my local admin cannot open apps, system preferences or anything. I've checked that no settings in Workgroup Manager are responsible for this behaviour... Any ideas?

Mac mini, Mac OS X (10.7.3)
  • Sergio Ruiz Level 1 (0 points)

    Here's a screenshot of the system preferences Accounts pane (in Spanish), where you can see that the admin account has the word "Gestionada – Managed" attached to it, which I had never seen before (how can an admin account be managed??), nor was set up in the server, and the Parental Controls are activated for it too...

    Where did this all come from?





  • iToaster Level 3 (735 points)

    Does the admin account exist in the OD

    Since it's only effecting some clients check there is nothing I the computer or user groups causing it

  • Sergio Ruiz Level 1 (0 points)

    The account is a local admin account. There's no account with that name in the OD. I checked the settings in Workgroup Manager to make sure there's nothing causing it, and to my knowledge, there's nothing unusual...

  • iToaster Level 3 (735 points)

    User in OD with same user ID or UUID as the local admin ?

  • Sergio Ruiz Level 1 (0 points)

    How do I check user IDs in local machines?

  • Antonio Rocco Level 6 (10,517 points)



    "How do I check user IDs in local machines?"


    A number of ways you can do this:


    Launch Terminal and issue:


    dscl . /Users UniqueID


    Will give you the full list of all local users with their unique IDs. Or you can view the information using Directory Utiltiy > Directory Editor. Or whlst the user is logged in launch Terminal and issue:







  • Sergio Ruiz Level 1 (0 points)

    Well, after applying the command in terminal, it seems that local admin has uid=501, and there is no server account wiht that id...

  • Sergio Ruiz Level 1 (0 points)

    Well, I actually found that ther's a local admin in the server with the same name and ID (501) as the local admin in client machines... How does that affect the problem I have and how can I try to solve it?

  • Sergio Ruiz Level 1 (0 points)

    Still stuck with this...

  • iToaster Level 3 (735 points)

    it shouldn't


    The local admin account on the server shouldn't be in the OD and isn't from what you've posted

    because its's not in the OD it shouldn't be available to the client machines that are using OD for authentication


    because you say it only effects some clients makes me think it's possibly a managed computer group

    or maybe something left over from being connected to another server or older server migration to 10.7


    if you unbind the machine are the managed settings removed


    sorry I've run out of idea's

  • Sergio Ruiz Level 1 (0 points)

    Still working on this... And needing help!