Designating administrators, Setting up user accounts – Apple Mac OS X Server (Administrator’s Guide) User Manual

270

Chapter 6

Step 3:

Make sure users and their home directories exist

Use Workgroup Manager to set up user accounts and home directories. Once users are
created in Workgroup Manager, they are ready to be managed on Mac OS X clients. You can
set up various privileges (such as print or mail quotas) for users as you create them.

Home directories can be stored on an Apple Filing Protocol (AFP) server. You can set up
group volumes as AFP share points and add additional share points if you need them. Each
user you want to manage must have a home directory. If no home directory exists for a user,
he or she cannot log in.

See Chapter 3, “Users and Groups,” for information about how to create users, define user
privileges, and set up home directories.

Designating Administrators

For Mac OS X clients, the server administrator has the greatest amount of control over other
users and their privileges. The server administrator can create users, groups, and computer
accounts and assign settings, privileges, and managed preferences for them. He or she can
also create other server administrator accounts, or give some users (for example, teachers or
technical staff ) administrative privileges within certain directory domains. These “directory
domain administrators” can manage users, groups, and computer accounts within the limits
assigned to them by the server administrator.

For more information about assigning administrative privileges to users with network
accounts, see Chapter 3, “Users and Groups.”

Setting Up User Accounts

If you use Workgroup Manager to manage your OS X clients, you can set some privileges
when you set up accounts. You can use “presets” like templates and apply various settings
automatically when you create an account. See Chapter 3, “Users and Groups,” for more
information about how to set up user accounts.

Depending on your needs, you may want to set up local user accounts in addition to network
user accounts. A network user has a user account associated with Mac OS X Server and you
can allow that user to log in from various computers on your network. A local user has an
account associated with a specific client computer, and his or her local account is
independent from any network user account and other local accounts on other computers.
An individual user may have both a network account that provides access to network services
and a separate local account on a specific computer. You can set up managed preferences for
any user with a network account, but the most convenient way to manage network users is
by managing preferences for groups to which they belong. This makes it easier to manage
users regardless of which computer they use.