Google Groups

Re: Enable Guest Account


Matthew Kunesh Aug 7, 2013 11:33 AM
Posted in group: OSX user group/apples4ed



Got this back from Enterprise Support.  Apparently enabling the account also actually creates the account.  I did not realize that was the case.  The defaults write command is proper for enabling the account, but Guest needs to be created in the DS local node first.

#!/bin/bash
#Create Guest Account in the DS Local Node
dscl . -create /Users/Guest
dscl . -create /Users/Guest dsAttrTypeNative:_defaultLanguage en
dscl . -create /Users/Guest dsAttrTypeNative:_guest true
dscl . -create /Users/Guest dsAttrTypeNative:_writers_defaultLanguage Guest
dscl . -create /Users/Guest dsAttrTypeNative:_writers_LinkedIdentity Guest
dscl . -create /Users/Guest dsAttrTypeNative:_writers_UserCertificate Guest
dscl . -create /Users/Guest AuthenticationHint ''
dscl . -create /Users/Guest NFSHomeDirectory /Users/Guest
dscl . -passwd /Users/Guest ''
dscl . -create /Users/Guest Picture "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/UserIcon.icns"
dscl . -create /Users/Guest PrimaryGroupID 201
dscl . -create /Users/Guest RealName "Guest User"
dscl . -create /Users/Guest RecordName Guest
dscl . -create /Users/Guest UniqueID 201
dscl . -create /Users/Guest UserShell /bin/bash

#Create Keychain item password for Guest
security add-generic-password -a Guest -s com.apple.loginwindow.guest-account -D "application password" /Library/Keychains/System.keychain

#Enable the Guest Account
defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool TRUE



--
Matt Kunesh
Hinsdale 181
Sr. System Administrator
cell: 630.390.0671


On Wed, Aug 7, 2013 at 12:12 PM, Matthew Kunesh <mku...@d181.org> wrote:
Michael, thanks for the tip.  I am having trouble getting this to work.  I sanity check that guest is Disabled in System Preferences > Accounts on an unbound client, and then exit sys prefs.  After running the command, I confirm that the Guest user in Accounts is showing as Login Only.  I then attempt to login to the guest user, and it fails.  Alternatively, when I turn off Allow Guests in System Preferences, click show all and then re-enter the Accounts tab to confirm Guest User = Disabled, then re-enable & re-exit Sys Prefs, re-enter Accounts to confirm Guest User = Login Only, I am able to login as the guest user.  Perhaps I am missing a step.  With Guest User = Disabled, I run the defaults write command and it does in fact show in the Accounts tab as Login Only, but the login fails.  Only when I enable it manually does the login succeed.

I did check with Enterprise support on the issue.  The button to Enable Guest Account in WGM does in fact not work on 10.8 clients.  



--
Matt Kunesh
Hinsdale 181
Sr. System Administrator
cell: 630.390.0671


On Wed, Aug 7, 2013 at 11:24 AM, Michael Kuhn <mk...@sps186.org> wrote:
Did some testing and this seems to work:

sudo defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -boolean true

I also took out the Guest User management altogether in WGM by deleting the "Disable Guest Account" key under Preferences > Details > com.apple.mcx but that may be unnecessary.


Michael Kuhn
mk...@sps186.org

Springfield Public School District 186
Computer Services - Stanton Building
3031 Stanton Street
Springfield, Illinois 62703
217/585-5802
www.springfield.k12.il.us

Working Together to Achieve Outstanding Results

On Aug 5, 2013, at 12:39 PM, Matthew Kunesh wrote:




It's definitely set properly as far as I have always done it.  Target client is part of X group, and X group has the login window pref managed to allow guest access.  When I login to target client, and check System Profiler as suggested Randy, I do see the key for DisableGuestAccount under com.apple.MCX and it is set to 0.  If I turn guest access off in WGM, I see it switch to 1.  So that key is definitely making it to the client.  Still, I cannot login as a guest.  



--
Matt Kunesh
Hinsdale 181
Sr. System Administrator
cell: 630.390.0671


On Mon, Aug 5, 2013 at 11:55 AM, Eric Hackl <eha...@district30.org> wrote:
Well, if that isn't doing it and of course you are selecting the correct computer group that tab is managing that particular pref (cause I'm not sure doing the managed pref by user or workgroup would do much), and you've flushed the mcx cache on the local client, I would call enterprise support, but I will forewarn you-- I've spent a significant amount of time on the phone with them for many 10.8 oddities.  Some of the agents I've been working with we're now on a first name basis..... 

Some of the issues have been self inflicted, many not.  One level two engineer said this to me "Workgroup Manager is a legacy piece of software", which he's sort of right, but if they have it as a separate download to run on 10.8, so in my mind, they still should be fully supporting it.  I got the sense they really don't want to support WGM anymore, which means they may or may not help with the MCX stuff much longer if at all.  But given what I've seen these past 6 or so weeks after getting deep into 10.8 managed client, what you are seeing doesn't surprise me that much. Heck, server app itself, which they want us to fully transition to is riddled with odd things.  Some significant, some not so significant.

Life on the bleeding edge! ;-)


Eric



On Mon, Aug 5, 2013 at 11:35 AM, Matthew Kunesh <mku...@d181.org> wrote:



Yep that's where I am managing it from.  However it does not work on 10.8 clients.  The guest account will not login.  Tried refreshing prefs on the client, still nothing.  Only thing that works is manually enabling it on the client itself in System Preferences.



--
Matt Kunesh
Hinsdale 181
Sr. System Administrator
cell: 630.390.0671


On Mon, Aug 5, 2013 at 11:29 AM, Eric Hackl <eha...@district30.org> wrote:
Hey Matt.

Go into the place you manage your staff/machines in WGM (user/group/computer group).   Click on preferences, click the login tab, then click options.  There you should see the enable guest account in the attached screenshot, set the top setting to once or always (make sure you are authenticated), then I think you simply check the box enable guest accounts.

Eric


On Mon, Aug 5, 2013 at 10:51 AM, Matthew Kunesh <mku...@d181.org> wrote:



Hi folks,
I am wondering for those of you on 10.8 client how you enabled the guest account.  I am trying to use the Login Window option in Workgroup Manager to enable it, but for the 10.8 machines it doesn't seem to work.  When I login as admin to a managed client and check Sys Prefs > Accounts, guest is still disabled, and at login window, guest is denied a login.  If I manually enable it in the Accounts tab of sys prefs, the guest login works as expected.  Anyone know an automated way to enable that?
Thanks!


--
Matt Kunesh
Hinsdale 181
Sr. System Administrator
cell: 630.390.0671

E-MAIL CONFIDENTIALITY NOTICE: Illinois has a very broad public records law. Most written communications (including email) to or from school district officials and staff are public records available to the public and media upon request. Your email communications may therefore be subject to public disclosure. Community Consolidated School District 181









Google group - http://groups.google.com/group/apples4ed

Wiki - http://apples4ed.wikispaces.com/

To join the OSX email list send a plain text email from the email  account you want subscribed to osx-su...@sd25.org

To UNSUBSCRIBE send a TEXT email from your account to osx-unsubscribe@sd25.org


If you have any problems, email me at bk...@sd25.org




--
Eric Hackl
Network Manager 
Northbrook/Glenview School District 30
2374 Shermer Road
Northbrook, IL 60062




Google group - http://groups.google.com/group/apples4ed

Wiki - http://apples4ed.wikispaces.com/

To join the OSX email list send a plain text email from the email  account you want subscribed to osx-su...@sd25.org

To UNSUBSCRIBE send a TEXT email from your account to osx-unsubscribe@sd25.org


If you have any problems, email me at bk...@sd25.org



E-MAIL CONFIDENTIALITY NOTICE: Illinois has a very broad public records law. Most written communications (including email) to or from school district officials and staff are public records available to the public and media upon request. Your email communications may therefore be subject to public disclosure. Community Consolidated School District 181









Google group - http://groups.google.com/group/apples4ed

Wiki - http://apples4ed.wikispaces.com/

To join the OSX email list send a plain text email from the email  account you want subscribed to osx-su...@sd25.org

To UNSUBSCRIBE send a TEXT email from your account to osx-unsubscribe@sd25.org


If you have any problems, email me at bk...@sd25.org




--
Eric Hackl
Network Manager 
Northbrook/Glenview School District 30
2374 Shermer Road
Northbrook, IL 60062




Google group - http://groups.google.com/group/apples4ed

Wiki - http://apples4ed.wikispaces.com/

To join the OSX email list send a plain text email from the email  account you want subscribed to osx-su...@sd25.org

To UNSUBSCRIBE send a TEXT email from your account to osx-unsubscribe@sd25.org


If you have any problems, email me at bk...@sd25.org



E-MAIL CONFIDENTIALITY NOTICE: Illinois has a very broad public records law. Most written communications (including email) to or from school district officials and staff are public records available to the public and media upon request. Your email communications may therefore be subject to public disclosure. Community Consolidated School District 181









Google group - http://groups.google.com/group/apples4ed

Wiki - http://apples4ed.wikispaces.com/

To join the OSX email list send a plain text email from the email  account you want subscribed to osx-su...@sd25.org

To UNSUBSCRIBE send a TEXT email from your account to osx-unsubscribe@sd25.org


If you have any problems, email me at bk...@sd25.org






Google group - http://groups.google.com/group/apples4ed

Wiki - http://apples4ed.wikispaces.com/

To join the OSX email list send a plain text email from the email  account you want subscribed to osx-su...@sd25.org

To UNSUBSCRIBE send a TEXT email from your account to osx-unsubscribe@sd25.org


If you have any problems, email me at bk...@sd25.org




E-MAIL CONFIDENTIALITY NOTICE: Illinois has a very broad public records law. Most written communications (including email) to or from school district officials and staff are public records available to the public and media upon request. Your email communications may therefore be subject to public disclosure. Community Consolidated School District 181










Google group - http://groups.google.com/group/apples4ed

Wiki - http://apples4ed.wikispaces.com/

To join the OSX email list send a plain text email from the email  account you want subscribed to osx-su...@sd25.org

To UNSUBSCRIBE send a TEXT email from your account to osx-unsubscribe@sd25.org


If you have any problems, email me at bk...@sd25.org