Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Incorrect: multiple AD logins are allowed with FUS' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Incorrect: multiple AD logins are allowed with FUS
Authored by: Jaharmi on Jun 06, '04 07:56:19AM

I haven't tried this with LDAP logins, but if your directory service is Active Directory, you can have multiple directory logins simultaneously. I haven't stressed the limits, but with FUS, I have personally had about 10 AD users logged into my Mac at the same time.

This is something that I don't believe Windows XP can do with Active Directory, but you can do it on Panther!

You have to make sure, then, that you only grant admin access to those AD groups who really need access to that computer. Why? Because if you grant admin access to a group in AD, they can use this feature -- which I approve of -- to get into a system. This is a godsend in public/shared environments; we need to have the ability to get into a screensaver-locked system on a pretty regular basis.

To do this with LDAP-based logins, you might have to do a lot of scripting at the loginhook. In my experience, the LDAPv3 plugin is a lot less flexible than the AD plugin. The AD plug creates new local home directories (by default) at first login time for each user, based on their short AD username. It also will created a local NetInfo entry for each user if you turn on cached accounts (and that entry stays synchronized to AD, so it's very different than a normal NI local account).

Jaharmi



[ Reply to This | # ]