Languages

Lion Server: Service Access checkboxes are inactive in Server app

Symptoms

You can choose "Edit Access to Services…" when you Control-click on a user in Server app. This brings up a "Service Access" sheet. In some cases the checkboxes on this sheet may be inactive ("grayed out").

Resolution

The checkboxes will always be inactive if your server is not an Open Directory master. To make your server and Open Directory master, choose "Enable Network Accounts" from the Manage menu or the Next Steps drawer and complete the Open Directory assistant.

In some cases, these checkboxes may be inactive, even on an Open Directory master. To make the checkboxes active you will first need to enable Service Access Control Lists (SACLs) in Server Admin, or use the command-line instructions in the Additional Information section below.

  1. If you do not already have Server Admin installed, download and install the latest version of the Lion Server Admin Tools from Apple Support Downloads.
  2. Open Server Admin and connect to your server.
  3. Click the name of your server in the sidebar and the Access tab at the top of the Server Admin window.
  4. Select the service for which you want to control access.
  5. Add at least one user to the Access Control List.
  6. Repeat steps 4 and 5 for each additional service you want to control.
  7. Click Save.

You can now continue to add users to the Service Access Control Lists in Server Admin, or return to Server app and use the Service Access sheet to control access for each user.

Notes

  • In order to enable the File Service checkbox in the Server Access sheet in Server app, you must enable SACLs in Server Admin for both AFP and SMB.
  • You cannot enable the Podcast or Time Machine checkboxes using the steps above. Instead, you must use the command-line instructions in the Additional Information section below.

Additional Information

Instead of using Server Admin, you can use the following commands to enable the checkboxes in the Server Access sheet in Server app. Each command or pair of commands will enable a single checkbox.

Address Book
sudo dseditgroup -o create com.apple.access_addressbook

File Sharing
sudo dseditgroup -o create com.apple.access_afp
sudo dseditgroup -o create com.apple.access_smb


iCal Server
sudo dseditgroup -o create com.apple.access_calendar

iChat Server
sudo dseditgroup -o create com.apple.access_chat

Mail Server
sudo dseditgroup -o create com.apple.access_mail

Podcast
sudo dseditgroup -o create com.apple.access_podcast

Profile Manager
sudo dseditgroup -o create com.apple.access_devicemanagement

Time Machine
sudo dseditgroup -o create com.apple.access_backup

VPN
sudo dseditgroup -o create com.apple.access_vpn

Last Modified: Oct 17, 2011
Helpful?
Yes
No
Not helpful Somewhat helpful Helpful Very helpful Solved my problem
Print this page
  • Last Modified: Oct 17, 2011
  • Article: TS4084
  • Views:

    28769
  • Rating:
    • 61.0

    (504 Responses)

Additional Product Support Information

Start a Discussion
in Apple Support Communities
See all questions on this article See all questions I have asked