+ Post New Thread
Results 1 to 2 of 2
Mac Thread, Login/Logout Hooks for a shared user account with Active Directory. in Technical; Greetings, We are a former MacAdministrator school (their lack of support for 10.6 being the primary reason). In it's place, ...
  1. #1
    Bushido's Avatar
    Join Date
    Apr 2010
    Location
    sbailey@mfa.org
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Login/Logout Hooks for a shared user account with Active Directory.

    Greetings,

    We are a former MacAdministrator school (their lack of support for 10.6 being the primary reason). In it's place, we're planning on using Mac OSX Server and ARD to manage clients, authenticating through Active Directory. We'd like to emulate how MacAdmin functions for a few features. One is the static home folder for all users. We've been successful setting that up so that a new user is presented with a fully customized starting environment, dock layout and first application runs already in place. We used this walkthrough to achieve these results. "Michael's Mac - Create a Custom Environment for Leopard's New Guest User"
    We have run into some issues that we are close to solving but are hoping someone has run into and can help us resolve.

    The login.keychain file need to be deleted on logout otherwise the next user gets a keychain error on login. (Continue to login, Change Keychain PW, and Use new Keychain are options on error window)

    We think creating a logout hook to delete this and any other files we want replaced with defaults is possible, however we have not found out how to implement this yet.

    We have seen scripts that destroy the user on logout however we would like some persistence of files so that if a user inadvertently forgets to backup files they would be able to get it off the local machine after a reasonable amount of time.
    We have found the following resources on logout/login hooks but could use a bit more hand holding in creation and editing of these scripts.
    At this point we don't know how to get the scripts into the machine so they run on logout as well as the exact wording of the scripts.
    "System Startup Programming Topics: Customizing Login and Logout"
    "Bombich.com: Mac OS X Management Custom Shell Script Library"
    "Bombich.com: Implementing Login and Logout hooks for System Management"

    Thanks!

    Stephen Bailey
    Media Services Coordinator,
    School of the Museum of Fine Arts

  2. #2
    TomH's Avatar
    Join Date
    Jan 2010
    Location
    Nottingham
    Posts
    47
    Thank Post
    0
    Thanked 5 Times in 5 Posts
    Rep Power
    11
    Instead of scripts, why not just use mobile accounts that never sync (or if they do just sync preferences) and set a timeframe after which the local account is deleted.

    This way every user gets a loal home folder, that is created from the default templates and deleted after a period of time, no need to worry about keychains etc.

    Can all be done and managed through Workgroup Manager and is much simpler and efficient.

    Tom
    Last edited by TomH; 13th April 2010 at 07:08 AM.

SHARE:
+ Post New Thread

Similar Threads

  1. Best Practices: LDAP/Active Directory and Account Provisioning
    By cgabbadon in forum How do you do....it?
    Replies: 5
    Last Post: 16th December 2010, 10:48 AM
  2. Replies: 4
    Last Post: 14th July 2010, 03:16 PM
  3. Using Active Directory to Login to a website
    By uraknai in forum Windows Server 2000/2003
    Replies: 6
    Last Post: 4th February 2009, 04:04 PM
  4. Replies: 6
    Last Post: 31st July 2008, 03:25 PM
  5. Find the location of a user account in Active Directory
    By FN-GM in forum Wiki Announcements
    Replies: 0
    Last Post: 26th March 2008, 11:58 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •