| The Workgroup Manager tool affords a variety of advanced user configuration options that you may find useful. For example, you may not want a user to be able to log in remotely via the command line. Or, if they do have remote terminal access, you can dictate what type of shell they use. This discussion assumes you've already created additional user accounts on your server (refer to Chapter 2). To configure the shell type 1. | In Workgroup Manager, click the Accounts icon in the Toolbar, click the User tab in the account types tab, and click the Advanced tab.
| 2. | Click the directory authentication icon, and select the LDAP directory database from the pop-up menu (Figure 4.19).
Figure 4.19. Select the appropriate directory database from the pop-up menu. 
| 3. | Select the user or users you wish to configure from the user list (Figure 4.20).
Figure 4.20. Choose a user or users from the selected database. 
| 4. | Click the Login Shell pop-up menu, and then choose a default shell (Figure 4.21).
Figure 4.21. Choose an option from the Login Shell pop-up menu. 
The login shell permits users to use the Terminal to access the server remotely via the command line.
| 5. | When you've finished making changes, click Save.
Now, any time this user attempts to launch a command-line interface (generally, using the Terminal application), they will be presented with the shell type defined by this setting.
|
 Tip
Configuring password types Mac OS X Server 10.4 provides a variety of different password types for different services. The default password type for most users is Open Directory, because it provides the greatest security. (See Chapter 3, "Open Directory," for more information.) Occasionally, though, you may wish to change a user's password from one type to another. The most common reason for doing so is backward compatibility when you have older Mac OS computers that need to connect to your Mac OS X Server. The password types are as follows: Open Directory passwords are the default type for Mac OS X Server 10.4, LDAP users. Open Directory provides authentication through a wide variety of other methods, including APOP, NTLMV1 & 2, DHX, CRAM-MD5, LAN Manager, and Web-DAV via Password Server. Open Directory passwords also take advantage of single sign-on features utilizing the built-in Kerberos infrastructure. Shadow passwords are the default type for Mac OS X and are also used by local users on Mac OS X Server. You can edit the methods of authentication for these local accounts by selecting a user from the local database, selecting the Advanced tab, and clicking Security. Crypt passwords are the default type for Mac OS X version 10.1 and earlier. This type of password should only be used for backward compatibility and is available to LDAP users. Both local and LDAP users can use this password type.
To configure the password type 1. | In Workgroup Manager, click the Accounts icon in the Toolbar, click the User tab in the account types tab, and click the Advanced tab (Figure 4.22).
Figure 4.22. Select the Workgroup Manager Advanced tab to change password options. 
| 2. | Depending on whether the user account is in a local or an LDAP directory, select one of the following options from the User Password Type pop-up menu:
- If the user account is in a local directory, the password is a Shadow Password. Your choice is to set the authentication methods using the Security button (Figure 4.23).
Figure 4.23. Local shadow password options. 
- If the user account is in an LDAP directory, your choices of password types are Open Directory and "Crypt password." Open Directory users have the following password policy options, most of which are self-explanatory (Figure 4.24).
Figure 4.24. Viewing Open Directory user password policy options. 
| | | 3. | If you chose to change the Open Directory password to Crypt or just select the different password type and then change the password itself, verify a password, and click OK (Figure 4.25).
Figure 4.25. The password change dialog in the Advanced pane of Workgroup Manager. 
| 4. | When you've finished making changes, click the Save button.
Remember to test authentication from a Mac OS X computer to verify the new password.
|
Tip
Adding comments to a user account As an organizational aide, Mac OS X Server lets you add a comment to any user account. This comment is primarily used for administrators to add notes or information about a particular user. However, you can also use comments as part of your search criteria to find a specific account among a large list of users. (User searches are covered in the task "To search user accounts.") To add a comment to a user account, simply navigate to configure the user's Advanced account attributes as in the previous task, double-click in the Comment field, and enter your comment (Figure 4.26). When you've finished making changes, click Save. You can change a comment at any point by entering new text. Figure 4.26. Double-click in the Comment field, and enter your comment. 
Adding keywords to a user account As yet another organizational aide, Mac OS X Server lets you add keywords to any user account. A keyword provides additional bits of information to enable your user to quickly find specific accounts among a large list of users via the search function. Keywords help further define users through categories you create, such as Temporary worker, or your personal rating system for each user's computer experience and knowledge. Say, for example, that you had 50 users. You could rate them with the following keywords: Novice, Intermediate, Expert, Certified, Mac OS X, Mac OS 9, Windows, and/or Unix. You could take that even further by entering application(s) they know well. You could also enter certifications they've received, such as Apple's ACTC and ACSA. These keywords could be combined to allow you to search accounts for users who were trained or knowledgeable in a specific field. (User searches are covered in the task "To search user accounts.") Initially, no keywords are configured. To add a keyword to a user account 1. | In Workgroup Manager, click the Accounts icon in the Toolbar, click the User tab in the account types tab, click the Advanced tab, and click the plus button to the right of the Keywords window (Figure 4.27).
Figure 4.27. Navigate to the Advanced tab in Workgroup Manager and click the plus button to add keywords. 
| 2. | Click Edit Keywords in the Add dialog (Figure 4.28) and another dialog appears (Figure 4.29).
Figure 4.28. This dialog contains any previously added keywords. 
Figure 4.29. The "Manage available keywords" dialog opens. 
You must first add some keywords before you can assign them to a user.
| | | 3. | Click the plus button and enter your keyword(s) in the field.
| 4. | When finished adding keywords for all users, click OK to return to the Add keyword(s) to selected user dialog.
| 5. | Select the keywords you want to add to the user account, and then click OK (Figure 4.30).
Figure 4.30. Once you add keywords, you can select them to add the selected account(s). 
| 6. | When you've finished making changes, click the Save button and view the newly added keywords (Figure 4.31).
Figure 4.31. View the newly added keywords. 
|
Tips You can always add more keywords at any time, or delete them by clicking the Delete button from within the Edit Keywords dialog. Keywords are case sensitive. In other words, the keyword Temporary is different from the keyword temporary. You can select multiple items in the Select dialog by holding down the Command or Shift key on your keyboard while you make your selections.
Searching user accounts Because Mac OS X Server has the potential to easily host thousands of user accounts, you may find it difficult to locate a specific account in the user list. Workgroup Manager lets you sort through the user list using a variety of search criteria, including Name, User ID, Comments, and Keywords. (For more about adding comments and keywords, see the previous tasks.) While searching user accounts is useful, performing batch edits on those queried accounts reduces the amount of time an administrator spends making user changes. To search user accounts 1. | In Workgroup Manager, click the Accounts icon in the Toolbar, and click the User tab in the account types tab.
| 2. | Click the directory authentication icon, and select the appropriate directory database from the pop-up menu.
| 3. | Click the spyglass icon above the user list (Figure 4.32) and select the search category you wish to use from the pop-up menu, or click Search in the Toolbar to bring up the Advanced Search dialog (Figure 4.33).
Figure 4.32. Select the spyglass icon to choose the parameter you wish to use from the pop-up menu. 
Figure 4.33. Selecting the Advanced Search option opens the Advanced Search dialog. 
| | | 4. | Enter your search criteria in the field above the user list or in the entry field of the Advanced Search dialog (Figure 4.34).
Figure 4.34. When you choose a search pattern, it appears in the Search field. 
As you type, the listin this case the keywordis automatically pared down to reveal the user accounts that fit your search criteria (Figure 4.35).
Figure 4.35. View the results of the search in the user's list. 
| 5. | To bring your list back to its full length, delete the search criteria.
|
Tip
|
