Help

create local user account at login

Not applicable

Posted on ‎03-19-2010 07:33 AM

Hello everyone,

I am new to your community so please excuse me if I am unfamiliar with the posting protocols. Here is my question:

Does anyone have a script that can be implemented as a login-hook to create local accounts on the client computer?

My deployment is roughly 2500 macbooks. I am looking to remove Open Directory from my Mac network, and in turn replace OD's Workgroup Manager with various scripts and management pieces built-in to the Casper Suite 7.2. I am falling short on 1 issue:
I can not find a way to create local accounts at login through Casper. My idea was a login-hook that pointed to my eDirectory server for user authentication and account creation.

Of course I am open to any other ideas...

Thank you in advance to anyone that replies to this post.

Sincerely,
Chris

0 Kudos
3 REPLIES 3

ernstcs
Contributor III

Posted on ‎03-19-2010 07:42 AM

Welcome Chris!

We don’t bite...too hard. Protocols? We have those?

Tip 1: Make sure you trim your replies to the list...some might frown upon not doing that. (HINT: Not Me)

Tip 2: Be complete and detailed as possible with your requests, vague doesn’t really help.

Tip 3: Include what versions of things are you working with. OS, JSS, Application, etc.

Other than that...fair game!

To your question.

I assume that you are running a 7.x version of the Casper Suite, and that all of these 2500 MacBooks are managed in your JSS? Or you haven’t quite gotten that far yet?

If they are already managed in the JSS and you have Login/Logout Hooks enabled in your Management Framework Settings, you could easily create whatever you wanted to run at login then as a policy.

You mention creating a local user account. Does this mean this account would be the same on all of these systems? Your mention eDirectory for account creation so that confused me a little bit.

Thanks,

Craig Ernst
Systems Management and Configuration
+-------------------+
University of Wisconsin-Eau Claire
Learning and Technology Services
105 Garfield Ave
Eau Claire, WI 54701
Phone: (715) 836-3639
Fax: (715) 836-6001
+-------------------+
ernstcs at uwec.edu

0 Kudos

Not applicable

Posted on ‎03-19-2010 07:47 AM

Maybe I'm reading this wrong, but from what I'm reading you are wanting
to leverage Casper to replace OD?

Best option IMO would be to still bind to OD for user authentication
purposes. You can create local user accounts with Casper, but they would
be true local accounts and not be authenticating against your OD server.

If you want to cut back on WGM and use Casper 7.x via MCX controls that
would be ok, but if you already have a large deal of settings applied
via WGM then I would stick with that.

Basically, use Casper as an assist and not a total replacement for what
you currently have in place.

Jason Weber

Technology Support Cluster Specialist

Certified Casper Administrator

Independent School District 196

jason.weber at district196.org

0 Kudos

ernstcs
Contributor III

Posted on ‎03-19-2010 08:25 AM

I wasn’t trying to say you were vague, after all it was your first time posting.

Mobile Accounts to me are accounts authenticated from Active Directory or Open Directory on laptops, and in the bindings for them you have ‘Create mobile account at login’ checked so the systems can still be used and logged into properly when the Directory server is not available to the client. And new in Snow Leopard the ability to have files sync to their “Mobile Homes” as it were at logout, etc.

Centralized user control and authentication is good if you ask me, as Jason already mentioned. If you create a truly local account for just that computer it is no longer a Mobile Account. You have less control over enforcing password policies...a whole bunch of things.

I think you’re just not asking the right question, because you can create a new local account easily with a login hook policy in the JSS.

What is the real problem you’re trying to fix? The why you want to do this we need because I think people will want to give you their opinion on if it’s right or wrong (they like doing that), and at the same time better understand the problem and offer the right solution. Maybe the secondary question is why don’t you want to use OD?

Craig E

0 Kudos