Solved

OS X Server: Problem with login script.

Posted on 2009-04-06
6
1,329 Views
Last Modified: 2013-11-11
I recently deployed a Mac Os X server and am having quite a bit of trouble with user login scripts.  I've seen quite a bit of information on other users with similar issues (the scripts not running), but all are quite dated.

The issue I'm running into, is that the script isn't being run... these are the steps I've followed thus far:
Server Side:
1) I've placed my script in the Applications/Scripts folder (this folder ISN'T shared)
2) I've given it a ".hook" extension
3) I've given it the appropriate permissions
Client Side
1) set EnableMCXLoginScripts = true in the com.apple.loginwindow.plist
2) set MCXScriptTrust = FullTrust (for testing) in the com.apple.loginwindow.plist

What else could I be missing?

~Greg
0
Comment
Question by:elbarro
  • 3
6 Comments
 
LVL 6

Accepted Solution

by:
hboris earned 500 total points
ID: 24091596
Why don't you use launchd instead? Much more control, dependencies control etc.

Boris Herman, ACSA
0
 

Author Comment

by:elbarro
ID: 24092380
I'd like to use policy to determine what scripts get run on what clients from within the server.  Is this possible using launchd?

~Greg
0
 
LVL 6

Assisted Solution

by:hboris
hboris earned 500 total points
ID: 24093745
No, launchd is client side only. However, looking again at your question again I am missing a bit. The FullTrust requires that in In Directory Utility, you select Block man-in-the-middle attacks (requires Kerberos) and Digitally sign all packets (requires Kerberos). Wouldn't for testing purposes Anonymous be more appropriate, because with Trust value name Anonymous the client trusts any directory domain server? It is said that if the clients MCXScriptTrust setting is a level of trust equal to or less than the actual trust value, the client trusts the server and runs its login and logout scripts. If the clients MCXScriptTrust setting is a level of trust more than the actual trust value, the client doesnt trust the server and doesnt run its scripts. The default trust value is FullTrust.

Boris Herman, ACSA
0
 
LVL 6

Expert Comment

by:hboris
ID: 24409128
The answer has been provided. The setting MCXScriptTrust must be set to a lower value for the scripts to be run in user's configuration.

Boris Herman, ACSA
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
time machine 8 46
OS Sierra Time Machine 6 89
Mac Infection 16 46
Best tool to rename photos by date name in Mac and PC 26 55
Are you new to OS X?  This helpful advice could get you quickly up to speed if you are making the transition from windows or totally new to OS X. Finder gives you the visual connection between you and the files located on the hard drive of your A…
The /etc/authorization file in Mac OS X 10.x can be used to control access to the various panes of the System Preferences amongst other things. It’s used by some of us Mac Sys Admin’s to give Standard Users access to System Prefs panes that only adm…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now