MAC OS SERVER HELP (5.4)

[DaniRey]

Hi all,

I'm new with macOS server. I've a new requirement in my company due to a security audit and we need to have all in one place. So, i found JumpCloud and it would cover all my needs, except because the lan where i need the management has no internet access. I Only need to manage 10 users for each of the 10 Mac's on the network. I've installed macOS server 5.4, the last version for High Sierra. I have enrolled machines, and i can configure them remotely pushing profiles. All good as far. The difficulty i have now, is i want to add the user accounts to each machine remotely. Is this possible? I want to avoid adding and removing manually all the accounts each time an employee starts working here or leaves the company.

If i add devices to a user, the device belongs only to one user, and i need at least 10 users sharing each computer.
This is the only need we have to manage the network, so AD or more complex solutions are out of my mind if possible.

Thanks a lot for the help, and best regards!

 

[josiemj]

Hi DaniRey - Josie from JumpCloud here. You will definitely need internet access in order to manage systems since the commands are sent from JumpCloud's server to the agent that's installed on the system. This article might help explain: https://jumpcloud.com/product/device-management/

But it sounds like JumpCloud can do everything else you need, as long as you have internet.

You will be able to manage systems and add multiple users to each system. This includes disabling users.

Here's a 10min vid from Greg Keller on managing systems:

Hope this helps!

 

[DaniRey]

Hi DaniRey - Josie from JumpCloud here. You will definitely need internet access in order to manage systems since the commands are sent from JumpCloud's server to the agent that's installed on the system. This article might help explain: https://jumpcloud.com/product/device-management/

But it sounds like JumpCloud can do everything else you need, as long as you have internet.

You will be able to manage systems and add multiple users to each system. This includes disabling users.

Here's a 10min vid from Greg Keller on managing systems:

Hope this helps!

Hi Josie,

thanks for the info. I already have jumpcloud working in the administrative network. The problem is that internet connection in the production network is forbidden due to the security requirements we have. Indeed jumpclod is what we need, but not in the mac network. It needs to be completely isolated from the outside.

thanks again for the answer anyway

 

[DJLC]

Indeed, unfortunately JumpCloud would be an invalid solution to the problem posed by OP.

You'll probably want to use Open Directory to manage user accounts on the restricted production network. Check out this link and let us know if you have issues!

Setup An Open Directory Master In macOS Server 5.4 On High Sierra (10.13) – krypted

 

[DaniRey]

Indeed, unfortunately JumpCloud would be an invalid solution to the problem posed by OP.

You'll probably want to use Open Directory to manage user accounts on the restricted production network. Check out this link and let us know if you have issues!

Setup An Open Directory Master In macOS Server 5.4 On High Sierra (10.13) – krypted

Hey, thanks for the advice. I’m going to check this out next week and let you know.
thanks for the help!

 

[DaniRey]

Hi all,

After go step by step through the link as DJLC suggested i can now see all the network users in the login screen. I'm experiencing some lag on showing the little icon to see all the users, but it is working at the end. So for this issue, thanks a lot. Now, i have the next issue, to bind users to computers. I don't want all the users in the database to be allowed to login in all computers. I need to have users 1 to 5 to be able to access to computers 1 to 3 and users 6 to 10 access to all the computers. Any advice? Is it possible?

Thanks

 

[DaniRey]

Hi all,

Finally i have found how to restrict access to computers for the network users inside the login policies.
Now, surprise, i have found several problems with the server. If i add a new user and for some reason i need to delete it, i go to the server app and remove it from users, but the funny thing is the Profile manager still has the removed user and it will be there no mater what. Only removing the OD and installing it from scratch will solve this.
The second weird behavior is that any change in the password policy makes all the users useless. It will ask for confirmation and after adding admin and password for the OD it says the admin account has been disabled and i need to clear all policies in the terminal to get access to anything.

I don't know. Learning to use this server is a bit of a pain, honestly...

Any idea ?

Thanks a lot