+ Post New Thread
Page 4 of 4 FirstFirst 1234
Results 46 to 55 of 55
Mac Thread, New Imacs/Minis/Mac Pro's & AEBS/Time Capsule in Technical; Originally Posted by HodgeHi How did you create your user accounts and how are they managed? OD or AD users? ...
  1. #46
    rolfea's Avatar
    Join Date
    Nov 2008
    Location
    Hereford
    Posts
    682
    Thank Post
    66
    Thanked 50 Times in 25 Posts
    Rep Power
    21
    Quote Originally Posted by HodgeHi View Post
    How did you create your user accounts and how are they managed? OD or AD users?
    Their profiles are stored where?
    How did you create the OS X profiles?

    I have changed users passwords (in AD) and IIRC they have updated in the keychain also. The only issues i had is when users chose to remember the Proxy password and then their password had been changed.

    I haven't looked at the issue for yonks though so not sure where it is at now.

    How i created my accounts is like this. I created a temp user, like you would when creating mandatory profiles. Log in as this user and configure the system as you would. Delete the keychain and then logout.

    Then using terminal copy the users home dir onto the server. Copy the temp users home dir into the default home template. When users log in this is the template that they should get, unless they are AD users who have force local home dir turned on. I think then they get the local system template home. I can't guarantee that though. Someone would need to confirm.

    Hope this helps a little
    Users are in OD, made by importing a CSV file so it was possible to mass import them all.
    Home areas are all stored on our XServe which was all done through WGM

    In order to unlock the keychain you need the "first ever" password used on the Mac admin account. I'm under the impression the old password is this password.

    Quote Originally Posted by DMcCoy View Post
    Run it as a login item and keychain minder will prompt to change the password, if they don't know, it starts a new keychain in the users folder.
    So is this more of a roaming keychain rather than a local?

  2. #47
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,446
    Thank Post
    10
    Thanked 491 Times in 431 Posts
    Rep Power
    111
    Quote Originally Posted by rolfea View Post
    Users are in OD, made by importing a CSV file so it was possible to mass import them all.
    Home areas are all stored on our XServe which was all done through WGM

    In order to unlock the keychain you need the "first ever" password used on the Mac admin account. I'm under the impression the old password is this password.



    So is this more of a roaming keychain rather than a local?
    All users will have a keychain file in their local Library ~/Library/Keychains/

    It gets opened automatically when the users login, unless the password no longer matches the login password (one reason is manually changed password by an admin). If this is the case they will no longer be able to save any passwords to the keychain until its password matches the login one or a new keychain is created with the correct password.

  3. #48

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,190
    Thank Post
    299
    Thanked 215 Times in 185 Posts
    Rep Power
    56
    Can you not just delete the keychain itself?
    Doesn't os x re-create the keychain with the users login credentials?

  4. Thanks to HodgeHi from:

    rolfea (11th March 2009)

  5. #49
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,446
    Thank Post
    10
    Thanked 491 Times in 431 Posts
    Rep Power
    111
    Quote Originally Posted by HodgeHi View Post
    Can you not just delete the keychain itself?
    Doesn't os x re-create the keychain with the users login credentials?
    You can, I just use keychain minder to prompt the user if they wish to change the password or delete it as soon as they login.

  6. #50
    rolfea's Avatar
    Join Date
    Nov 2008
    Location
    Hereford
    Posts
    682
    Thank Post
    66
    Thanked 50 Times in 25 Posts
    Rep Power
    21
    I don't understand, when we have had the problems with the keychain, I allowed the keychain utility in WGM and unlocked, but I've had to use the first admin password, not the first user password.

    We set all the passwords to the same thing and prompted the users to change the password on login. However not all users have the problem.

  7. #51
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,446
    Thank Post
    10
    Thanked 491 Times in 431 Posts
    Rep Power
    111
    Quote Originally Posted by rolfea View Post
    I don't understand, when we have had the problems with the keychain, I allowed the keychain utility in WGM and unlocked, but I've had to use the first admin password, not the first user password.

    We set all the passwords to the same thing and prompted the users to change the password on login. However not all users have the problem.
    There are several different keychains. In keychain utility:

    login
    System
    System Roots

    The login keychain resides in each users Library folder, and is for individual users. To unlock this keychain it should be the the current logged in users password. Unlocking the system keychain will require the password for the first admin account on the machine, it may be an old password as it doesn't get synchronised with the password changes afaik.

    Users will never need the system keychain to be unlocked. When users first login they will not have a personal login keychain and it will be created with the current login password, should a user change their password or an expire force a change then when logging in the password will be updated on the login keychain.

    Should a user forget their password and it is reset by an admin then when logging in the keychain cannot be opened (as it no longer matches the current password) so doesn't get updated with the new password and remains locked - this is where odd things like not being able to save internet and other passwords happens.

    All the keychain minder is doing is noting when the keychain is not unlocked at login and asking the user to either update the password (requiring the old password is impossible if they forgot) or deleting their login keychain file and creating a new one.

  8. 3 Thanks to DMcCoy:

    HodgeHi (11th March 2009), mac_shinobi (11th March 2009), rolfea (11th March 2009)

  9. #52
    rolfea's Avatar
    Join Date
    Nov 2008
    Location
    Hereford
    Posts
    682
    Thank Post
    66
    Thanked 50 Times in 25 Posts
    Rep Power
    21
    I understand now, thanks DMcCoy

    I'll try the Keychain Minder out and see if it helps with some of the problems we are having here.

  10. #53

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,729
    Thank Post
    3,252
    Thanked 1,049 Times in 971 Posts
    Rep Power
    364

    keychain minder download link ?

    anyone got a keychain minder download link ?

  11. #54
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,446
    Thank Post
    10
    Thanked 491 Times in 431 Posts
    Rep Power
    111
    Quote Originally Posted by mac_shinobi View Post
    anyone got a keychain minder download link ?
    AFP548 - Keychain Minder 1.5

  12. #55
    rolfea's Avatar
    Join Date
    Nov 2008
    Location
    Hereford
    Posts
    682
    Thank Post
    66
    Thanked 50 Times in 25 Posts
    Rep Power
    21
    Just tried the Keychain Minder.

    So far so good!
    Only tried it on one machine on one user for now
    but it is looking good.

SHARE:
+ Post New Thread
Page 4 of 4 FirstFirst 1234

Similar Threads

  1. Replies: 5
    Last Post: 3rd June 2011, 11:01 AM
  2. PC Pro's attempts at the ICT GCSE
    By RobC in forum General Chat
    Replies: 15
    Last Post: 18th June 2008, 07:48 PM
  3. Transfer Files & Settings From PC To Mac
    By GlennT in forum Office Software
    Replies: 5
    Last Post: 16th February 2008, 12:30 AM
  4. iMacs & Airport/Wireless
    By tech_guy in forum Mac
    Replies: 3
    Last Post: 11th December 2007, 03:40 PM
  5. For those with Mac Minis
    By Ric_ in forum General Chat
    Replies: 1
    Last Post: 24th November 2005, 07:46 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •