Tuesday 23 August 2011

Guest Account on Mac OS X 10.6 and Guest1 problem

So after re-imaging half of the Apple Macs I look after I've found a problem logging into them as Guest. In the image I forgot to turn the Guest facility on and so using Workgroup Manager (found in this post) I used the preference MCX editor to enforce the Guest policy (only works on Workgroup Manager 10.5 and upwards).

After turning this on in the server, I found I could not log in using the Guest account by typing in Guest in the Username/password dialogue box. I later found this was due to the fact that the account was now called "guest1". After reading a few posts I found that there is probably some residual 'guest' account somewhere and hence the operating system calls the new account "guest1".

So my next question was "how do I revert it back to "Guest", as the login screen requires you to 'type' your username and password. Well, this post describes a process where you delete all mention of the old Guest account (switch off Guest account first) using the command:

sudo dscl . delete /Users/Guest


But it would be wise to also delete the newer Guest1 account:


sudo dscl . delete /Users/Guest1


I re-interpreted this post to try and find a quicker fix. I first turned off guest account on the server, deleted the guest account using the command above, rebooted and turned guest back on on the server but it still reverted to "guest1".


The only thing that has worked so far is using the dscl command above and then manually turning guest on, on that machine. It appears if I try and turn the Guest facility on, on the server the problems appear. It might be due to the fact that on Active Directory there is already an account called Guest which can't be deleted. This might conflict the local machines ability to make a new Guest account? But this seems unlikely as the local machine should be able to prioritise its' local accounts over any networked accounts!


So, for the time being, I'm going to:

  1. turn off login window control on the server.
  2. Delete the guest user account using sudo dscl . delete /Users/Guest
  3. Manually turn on the Guest facility on each machine.
Now I have noticed that there is a plist file which controls the login window and also controls whether or not the guest facility is enabled. This is:

/Library/Preferences/com.apple.loginwindow.plist
NOPE, this is actually com.apple.MCX.plist

I can send a unix command to machines to turn this on. Something like:

defaults write /Library/Preferences/com.apple.MCX.plist       blar blar blar

Just need to figure out the end bit. I'll update this post when I have the answer.




So, the next day and it appears this problem only happens when setting Workgroup manager to control or "switch on" the guest user. If I do it manually, everything's fine!


I shall next attempt to send the above unix command to see if this works. I'll also re-test the theory that the Guest1 error only occurs when controlling it from the Xserver (OS X Server 10.4.11)

No comments:

Post a Comment