How do I authorize OpenDirectory accounts to use ShareScreen?

Question

How do I authorize OpenDirectory accounts to use ShareScreen?

A previous network administrator had set the old Mac Servers so that they can be administrated using ShareScreen. Any user marked as an administrator in OpenDirectory was able to log into the ShareScreen feature of the Mac Servers.

I have upgraded the systems, and now our network is running Mac OS X 10.9 with Server 3.0.2, but I am not able to log into these servers without using one of the local accounts on each machine. How does one change the settings of each of the Maverick's machines so that I can allow network users to log in without giving them a list of the local administrator account names and local administrator passwords for every machine that they need to log into?

Mac mini, OS X Mavericks (10.9.2)

Posted on May 28, 2014 10:43 AM

Reply

Answer 1

Best reply

Strontium90

Level 5

4,821 points

May 28, 2014 7:43 PM in response to Jared Clemence

You need to enable directory-based authentication on the ARD client. Then you need to create special groups (ard_manage, ard_interact, ard_reports, and ard_admin) in your Open Directory. Apple has a guide here http://images.apple.com/ca/fr/remotedesktop/pdf/ARD3_AdminGuide.pdf Start on page 60.

A quick one liner to enable directory-based auth is:

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/k ickstart -configure -clientopts -setdirlogins -dirlogins yes

Read the documentation and avoid the section on using MCX.

R-

Apple Consultants Network

Apple Professional Services

Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

Reply

Answer 2

Jul 10, 2014 1:56 PM in response to Strontium90

Sorry for the late response. I overlooked your response earlier, and I am looking into the article now! Thank you for giving me a direction to search in.

Reply