|
#1
August 7th, 2008, 04:32 PM
| |||
| |||
| Limiting which Active Directory users can login
Computer running OS X 10.4.11, authenticates via MS Active Directory. I only want users in certain AD groups to be able to use the machine. I know how to limit logins with Group Policy on Windows XP boxes, but there is preference to the newest limited-access being OS X. I haven't been able to figure out how to do it. If needed, I can hard code an AD user list (rather than an AD group), but I'd prefer to use groups for consistency with other machines & simpler upkeep. All I've come up with is a LoginHook that checks usernames & promptly logs off if the usernames doesn't match a given list. That's really clunky & hacked together (and resulting in support calls from people who don't realize they aren't supposed to be able to login). I'm hoping for a cleaner solution.  |
|
#2
August 17th, 2009, 04:58 PM
| |||
| |||
| Service ACL
In case someone comes across this page looking how to do this (like I did)... Under Mac OS X Server 10.5 (I don't know about 10.4), there is something called a Service Access Control List (SACL). This allows you to specify which users/groups (local or from an external source like Active Directory) are authorized to use a specific service (AFP, SSH). You can configure this through the Server Admin application. Open Server Admin Go to: Settings -> Access tab -> Services When you click the + button under the "Name" area, you can search for a group from AD or locally. (this of course assumes you've already joined the computer to the Active Directory domain) |
 |
| Bookmarks |
| Tags |
| acitve directory, login, os x |
| Thread Tools | |
|
|
All times are GMT -5. The time now is 08:46 AM.
