In OS X Lion Server, when I create admin users via the workgroup manager, they are allowed to log in remotely via ssh and they get email served by dovecot. However, if I remove the option "user can administrate this server" in workgroup manager, they can no longer receive email and they get rejected by ssh. Why is that?
Asked
Active
Viewed 178 times
2 Answers
1
Maybe should you have a look to Service ACL (SACL => Server Admin / Access) You can download Server Admin Tools 10.7 at http://support.apple.com/kb/DL1419
Florian Bidabé
- 334
- 2
- 10
-
Hmm. Access to mail is not restricted there, for me. But for SSH it was. So this explains the failure to login thru SSH, but not thru IMAP. – Niko Schwarz Jul 06 '12 at 17:09
-
What's logged in /private/var/log, system.log, mail.log ? Try a unsucessfull connexion, have a timestamp, and look at Console, or logs for instance. Can be related to permissions, or to your OpenDirectory... – Florian Bidabé Jul 08 '12 at 11:15
0
The problem was workgroup manager. While it didn't display the account as inactive, it was in fact inactive. The solution was to turn the account to inactive in workgroup manager, click away a myriad error messages, quit workgroup manager (that was important), start workgroup manager again, set the account to active again. Then things worked.
I could see that the account was inactive in the system log.
Niko Schwarz
- 163
- 5