Hi everyone,
I have a weird situation with some SL 10.6.8 clients being managed by a 10.7.5 Lion Server OD Master. The local admin account created manually on the clients gets Parental Controls when the computer is binded to the directory, so my local admin cannot open apps, system preferences or anything. I've checked that no settings in Workgroup Manager are responsible for this behaviour... Any ideas?
Mac mini, Mac OS X (10.7.3)
Here's a screenshot of the system preferences Accounts pane (in Spanish), where you can see that the admin account has the word "Gestionada – Managed" attached to it, which I had never seen before (how can an admin account be managed??), nor was set up in the server, and the Parental Controls are activated for it too...
Where did this all come from?
Does the admin account exist in the OD
Since it's only effecting some clients check there is nothing I the computer or user groups causing it
The account is a local admin account. There's no account with that name in the OD. I checked the settings in Workgroup Manager to make sure there's nothing causing it, and to my knowledge, there's nothing unusual...
User in OD with same user ID or UUID as the local admin ?
How do I check user IDs in local machines?
Hi
"How do I check user IDs in local machines?"
A number of ways you can do this:
Launch Terminal and issue:
dscl . /Users UniqueID
Will give you the full list of all local users with their unique IDs. Or you can view the information using Directory Utiltiy > Directory Editor. Or whlst the user is logged in launch Terminal and issue:
id
HTH?
Tony
Well, after applying the command in terminal, it seems that local admin has uid=501, and there is no server account wiht that id...
Well, I actually found that ther's a local admin in the server with the same name and ID (501) as the local admin in client machines... How does that affect the problem I have and how can I try to solve it?
Still stuck with this...
it shouldn't
The local admin account on the server shouldn't be in the OD and isn't from what you've posted
because its's not in the OD it shouldn't be available to the client machines that are using OD for authentication
because you say it only effects some clients makes me think it's possibly a managed computer group
or maybe something left over from being connected to another server or older server migration to 10.7
if you unbind the machine are the managed settings removed
sorry I've run out of idea's
Still working on this... And needing help!
Admin accounts turning to managed accounts???
