FUT and FEU when the user account isn't in /Users

tlarkin
Honored Contributor

I am pondering something right now....I have a policy that enables clear text passwords in AFP for a legacy network connection at my work. So, I edited the plist, captured it with composer and set it as a start up policy and duped it as a log in hook, but my local admin account lives in /private/var and when I execute the policy (I have a manual trigger too) it runs and it fills all the existing users but I don't think it works on my local admin account because the home directory lives in /private/var instead....

Is this true, anyone else have accounts that are not in /Users and have issues with user based policies not running?

It doesn't need to run on this local account as it is for admin work only, but I am wondering if this is why it isn't working on the local admin account?

Thoughts?

Thanks

Tom



Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry: 913-449-7589
office: 913-627-0351

4 REPLIES 4

Not applicable

I've actually wondered about that too and talked to Jamf a while ago. We use Admit Mac here and put our users in /Domain/uwsp.edu/Users so that we can easily differentiate between domain and local accounts. I haven't though about this in a long time, however, and haven't paid attention to if it's working or not.

I think it really depends on if they're using cp <package contents> /Users/*/ or if they're getting the user accounts out of dscl and populating their list based on the home variable in there.

Anyone have any more light to shed on this?

Ryan Harter
UW - Stevens Point
Workstation Developer
715.346.2716

tlarkin
Honored Contributor

Well composer asks if you want to copy the user data over and it will create mirrors of what you did in /users but I always delete that out of my package because I don't want my local admin account being duped into /users. Then if I do the FUT it should fill out to existing users in /Users. It works, on my mobile accounts but it never works on my local admin, and I guess this is why.



Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry: 913-449-7589
office: 913-627-0351

Not applicable

That's kind of what I was thinking. If I create a package with my domain account Composer will ask if I want to copy it over to /Users. My assumption is that when it drops the contents of that to the client, though, it only fills the directories in /Users/*. This poses some issues for me since, like I said, our domain accounts live in /Domain/uwsp.edu/Users.

Did you find anything more about this?

Ryan Harter
UW - Stevens Point
Workstation Developer
715.346.2716

tlarkin
Honored Contributor

No I haven't because it only affects my local admin accounts that live in /private/var so it is not a big deal as only IT staff use those accounts and IT staff and edit whatever preference they want to make it work.

However, Now that I am thinking about it, Composer captures things in full path, so if you were to edit what it captures by choosing edit the package feature in Composer. You can probably actually edit or replace the user template that it goes off of to reflect your path change. I think that maybe it just reads the info off the user template and uses that. So you may try editing it and see what happens.

http://www.macosxhints.com/article.php?story011010033851924 ( http://www.macosxhints.com/article.php?story011010033851924 )

That is a basic how to edit the user template article.

Let us know if you do anything cool