Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1379
  • Last Modified:

OS X Server: Problem with login script.

I recently deployed a Mac Os X server and am having quite a bit of trouble with user login scripts.  I've seen quite a bit of information on other users with similar issues (the scripts not running), but all are quite dated.

The issue I'm running into, is that the script isn't being run... these are the steps I've followed thus far:
Server Side:
1) I've placed my script in the Applications/Scripts folder (this folder ISN'T shared)
2) I've given it a ".hook" extension
3) I've given it the appropriate permissions
Client Side
1) set EnableMCXLoginScripts = true in the com.apple.loginwindow.plist
2) set MCXScriptTrust = FullTrust (for testing) in the com.apple.loginwindow.plist

What else could I be missing?

~Greg
0
elbarro
Asked:
elbarro
  • 3
2 Solutions
 
hborisCommented:
Why don't you use launchd instead? Much more control, dependencies control etc.

Boris Herman, ACSA
0
 
elbarroAuthor Commented:
I'd like to use policy to determine what scripts get run on what clients from within the server.  Is this possible using launchd?

~Greg
0
 
hborisCommented:
No, launchd is client side only. However, looking again at your question again I am missing a bit. The FullTrust requires that in In Directory Utility, you select Block man-in-the-middle attacks (requires Kerberos) and Digitally sign all packets (requires Kerberos). Wouldn't for testing purposes Anonymous be more appropriate, because with Trust value name Anonymous the client trusts any directory domain server? It is said that if the clients MCXScriptTrust setting is a level of trust equal to or less than the actual trust value, the client trusts the server and runs its login and logout scripts. If the clients MCXScriptTrust setting is a level of trust more than the actual trust value, the client doesnt trust the server and doesnt run its scripts. The default trust value is FullTrust.

Boris Herman, ACSA
0
 
hborisCommented:
The answer has been provided. The setting MCXScriptTrust must be set to a lower value for the scripts to be run in user's configuration.

Boris Herman, ACSA
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now