This article has been archived and is no longer updated by Apple.

Mac OS X Server: Full administrators may not be able to authenticate in Workgroup Manager

Users who are designated with full administration capabilities may not be allowed to authenticate in Workgroup Manager.

Use one of the methods below to allow the administrator user to authenticate in Workgroup Manager.

Lion Server

With Lion Server, you can simply enable the "Allow user to administer this server" option in the Server application:

  1. Open the Server application (/Applications/Server.app).

  2. Select the user.

  3. From the Services menu, choose Edit User….

  4. Enable the "Allow user to administer this server" checkbox.

  5. Click Done to save the changes.

Mac OS X Server v10.6

Add the Open Directory Administrators group to the server's local admin group.

Enable the "Show 'All Records' tab and inspector" option:

  1. Open Workgroup Manager.

  2. Choose Preferences from the Workgroup Manager menu.

  3. Enable the "Show 'All Records' tab and inspector" option.

  4. Click OK to save the changes.

Determine the GUID (GeneratedUID) for the Open Directory Admin group:

  1. Make sure you're viewing the Open Directory database (such as /LDAPv3/127.0.0.1).

  2. Click the "All Record Types" button.

  3. Select "Groups" from the pop-up menu.

  4. Locate and select the admin group.

  5. Locate and select the GeneratedUID attribute for this group.

  6. Click Edit. A sheet will appear.

  7. Select all of the text and copy it to your clipboard.

  8. Click Cancel to dismiss the sheet.

    • Add the GUID to the local admin group:

  9. Switch to viewing the local database (/Local/Default).

  10. If locked, click the lock to authenticate against the local domain.

  11. Locate and select the admin group.

  12. Click the "New Attribute…" button to add a new attribute. A sheet will appear.

  13. Select "NestedGroups" from the pop-up menu.

  14. Paste the GUID for the Open Directory Admin group into the text field.

  15. Click Save to save the changes.

Command line (Lion Server or Mac OS X Server v10.6)

You can use Terminal and the command line to add the Open Directory Administrators group to the server's local admin group.

  1. Determine the Open Directory Admin group's GUID with this command:

    dscl /LDAPv3/127.0.0.1 -read /Groups/admin GeneratedUID

  2. Use the following command to add the GUID to the NestedGroups attribute in the local admin group on the server. For example, to add the Open Directory Admin with a GUID of 1076D206-4412-4F35-9FE4-D89488971711:

    sudo dscl . -append /Groups/admin NestedGroups 1076D206-4412-4F35-9FE4-D89488971711

Published Date: