<div>Under Leopard (10.5.5), if you have a network account, and check the box in System Preferences to make it an admin account, the account becomes a member of the admin group (80) on the local machine.<br></div>
<div><br></div><div>If you run "dscl . read /Groups/admin" on a the same computer, the shortname of your network account should appear in the "GroupMembership" line of dscl's output.</div><div><br>
</div><div>I'm not sure I'm understanding the "double entries" part. Can you send a screenshot of the output you're referring to?</div><div><br>----------<br>Miles A. Leacy IV<br><br> Certified System Administrator 10.4<br>
Certified Technical Coordinator 10.5<br>
Certified Trainer<br>Certified Casper Administrator<br>----------<br>voice: 1-347-277-7321<br><a href="mailto:miles.leacy@themacadmin.com" target="_blank">miles.leacy@themacadmin.com</a><br><a href="http://www.themacadmin.com" target="_blank">www.themacadmin.com</a><br>
<br><br>
<br><br><div class="gmail_quote">On Wed, Dec 10, 2008 at 4:15 PM, Thomas Larkin <span dir="ltr"><<a href="mailto:tlarki@kckps.org" target="_blank">tlarki@kckps.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">That is what I thought but wasn't 100% on it. Everyone is part of staff (20) but this is reading it off the directory LDAP. So, if a user goes into System Preferences, and checks the box that says allow this user to administer this computer on their mobile account, will it add the admin group, or will it list the user under /Groups/admin on the machine locally?</font> </p>
<br>
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">As far as I can tell it doesn't do either. When I invoke the dscl command it lists no one under the /Groups/admin on that machine locally. When I run the id command on a user it pulls up their info from LDAP, not the local machine.</font> </p>
<br>
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">I guess is what I am trying to get to the bottom of is, how do I tell if a user has checked the box to flag them as an administrator for just that machine in System Preferences? Perhaps that is why I am getting the double entries in the JSS inventory? </font> </p>
<br>
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">Thoughts?</font> </p>
<br>
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">Thanks again for reading and helping with this,</font> </p>
<br>
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">Tom</font><br><br>>>> "Miles Leacy" <<a href="mailto:miles.leacy@themacadmin.com" target="_blank">miles.leacy@themacadmin.com</a>> 12/10/08 3:06 PM >>></p>
<div><div></div><div><br>I don't know if I'm misunderstanding your message, but it sounds like you're saying that membership in admin (80) is inherited by membership in staff (20). </div></div>
<p></p><div><div></div><div>
<div http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p style="margin-top:0;margin-bottom:0">
<br>
</p>
</div>
<div>
<p style="margin-top:0;margin-bottom:0">
I don't believe that's the case. All accounts are members of staff by default. Only admin users are members of admin. An account can be a member of staff but not be a member of admin. </p>
</div>
<div>
<p style="margin-top:0;margin-bottom:0">
<br>
</p>
</div>
<div>
<p style="margin-top:0;margin-bottom:0">
The output is showing you the following: </p>
</div>
<div>
<p style="margin-top:0;margin-bottom:0">
uid=<the account's user ID> gid=<the account's "primary group ID", as seen in Workgroup Manager, Groups tab> # What follows is a list of all of the groups that the account in question belongs to, including the "primary group". This is why you see "staff" appear twice in the command's output. The first instance lets you know what the account's "primary group" is, and it appears again when listing all groups that the account is a member of. </p>
</div>
<div>
<p style="margin-top:0;margin-bottom:0">
<br>
</p>
</div>
<div>
<p style="margin-top:0;margin-bottom:0">
My apologies if I misunderstood your message. </p>
</div>
<div>
<p style="margin-top:0;margin-bottom:0">
<br>
----------<br>Miles A. Leacy IV<br><br> Certified System Administrator 10.4<br> Certified Technical Coordinator 10.5<br> Certified Trainer<br>Certified Casper Administrator<br>----------<br>voice: 1-347-277-7321<br>
<a href="mailto:miles.leacy@themacadmin.com" target="_blank">miles.leacy@themacadmin.com</a><br><a href="http://www.themacadmin.com" target="_blank">www.themacadmin.com</a><br><br><br><br><br> </p>
<div class="gmail_quote">
<p style="margin-top:0;margin-bottom:0">
2008/12/10 Ryan Harter </p>
<div dir="ltr">
<p style="margin-top:0;margin-bottom:0">
<<a href="mailto:rharter@uwsp.edu" target="_blank">rharter@uwsp.edu</a>> </p>
</div>
<p style="margin-top:0;margin-bottom:0">
<br>
</p>
<blockquote style="border-left:1px #ccc solid;margin-left:0;margin-bottom:0;margin-top:0;margin-right:0;padding-left:0" class="gmail_quote">
<div>
<p style="margin-top:0;margin-bottom:0">
_lpadmin is the CUPS account that correlates to the lpadmin command you find in the terminal. I can't tell you why this account is showing up twice, but since it is a member for the staff group that should make it admin. Our local amdinistrator account is uid=501(adm) gid=20(staff) ... </p>
<div>
<p style="margin-top:0;margin-bottom:0">
<br>
</p>
</div>
<div>
<p style="margin-top:0;margin-bottom:0">
AFAIK the user is not directly a member of the admin group, but staff is, so it's like embedded groups.<br> </p>
<div>
<div style="text-transform:none;font-variant:normal;color:rgb(0, 0, 0);letter-spacing:normal;text-align:auto;word-spacing:0px;white-space:normal;text-indent:0px;font-size:12px;font-weight:normal;font-style:normal;font-family:Helvetica;line-height:normal">
<div style="margin-left:0px;margin-bottom:0px;margin-top:0px;margin-right:0px">
<p style="margin-top:0;margin-bottom:0">
<b style="color:rgb(135, 118, 179);font-size:14px;font-weight:bold"><font size="4" color="#8776B3"><br style="color:rgb(135, 118, 179);font-weight:bold;font-size:14px">
Ryan Harter</font></b> </p>
</div>
<div style="margin-left:0px;margin-bottom:0px;margin-top:0px;margin-right:0px">
<p style="margin-top:0;margin-bottom:0">
<font size="2" color="#8776B3">UW - Stevens Point</font> </p>
</div>
<div style="margin-left:0px;margin-bottom:0px;margin-top:0px;margin-right:0px">
<p style="margin-top:0;margin-bottom:0">
<font size="2" color="#8776B3">Workstation Developer</font> </p>
</div>
<div style="margin-left:0px;margin-bottom:0px;margin-top:0px;margin-right:0px">
<p style="margin-top:0;margin-bottom:0">
<font size="2" color="#8776B3">715.346.2716</font> </p>
</div>
<div style="margin-left:0px;margin-bottom:0px;margin-top:0px;margin-right:0px">
<br>
<div style="color:rgb(0, 0, 238)">
<p style="margin-top:0;margin-bottom:0">
<a href="mailto:Ryan.Harter@uwsp.edu" target="_blank">Ryan.Harter@uwsp.edu</a> </p>
</div>
</div>
</div>
</div>
<p style="margin-top:0;margin-bottom:0">
<br>
</p>
<div>
<div>
<div>
<br>
</div>
<div>
<div>
<p style="margin-top:0;margin-bottom:0">
On Dec 10, 2008, at 2:08 PM, Thomas Larkin wrote: </p>
</div>
<p style="margin-top:0;margin-bottom:0">
<br>
</p>
</div>
</div>
<blockquote type="cite">
<div style="text-transform:none;font-variant:normal;color:rgb(0, 0, 0);letter-spacing:normal;text-align:auto;word-spacing:0px;white-space:normal;text-indent:0px;font-size:12px;font-weight:normal;font-style:normal;font-family:Helvetica;line-height:normal">
<div style="font-variant:normal;margin-left:4px;margin-bottom:1px;margin-top:4px;margin-right:4px;line-height:normal">
<div>
<div>
<br>
</div>
<div>
<div style="margin-bottom:0px;margin-top:0px">
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">everyone,</font> </p>
</div>
<p style="margin-top:0;margin-bottom:0">
<br>
</p>
<div style="margin-bottom:0px;margin-top:0px">
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">So a user has a true flag under their account in the JSS for the inventory of that machine, I will just copy/paste an example, sorry if it doesn't format correctly.</font> </p>
</div>
<p style="margin-top:0;margin-bottom:0">
<br>
</p>
<div style="margin-bottom:0px;margin-top:0px">
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">User in the JSS shows this:</font> </p>
</div>
<div style="margin-bottom:0px;margin-top:0px">
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">Username</font> </p>
</div>
<div style="margin-bottom:0px;margin-top:0px">
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">Real Name</font> </p>
</div>
<div style="margin-bottom:0px;margin-top:0px">
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">UID</font> </p>
</div>
<div style="margin-bottom:0px;margin-top:0px">
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">Home Directory</font> </p>
</div>
<div style="margin-bottom:0px;margin-top:0px">
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">Home Directory Size</font> </p>
</div>
<div style="margin-bottom:0px;margin-top:0px">
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">Admin</font> </p>
</div>
<div style="margin-bottom:0px;margin-top:0px">
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">File Vault Enabled</font> </p>
</div>
<div style="margin-bottom:0px;margin-top:0px">
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">Mia Green 22221 /Users/11miagre 5.28 GB true false</font> </p>
</div>
<div style="margin-bottom:0px;margin-top:0px">
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">11miagre Mia Green 22221 /Users/11miagre 5.28 GB false false</font> </p>
</div>
<div style="margin-bottom:0px;margin-top:0px">
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">student KCK Student 505 /Local/Users/student N/A false false</font> </p>
</div>
<p style="margin-top:0;margin-bottom:0">
<br>
</p>
<div style="margin-bottom:0px;margin-top:0px">
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">For some reason it shows the user name twice and on the top one it says True False, the First True being the admin flag</font> </p>
</div>
<p style="margin-top:0;margin-bottom:0">
<br>
</p>
<div style="margin-bottom:0px;margin-top:0px">
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">Now, when I ssh into said client machine and do some digging I find this:</font> </p>
</div>
<p style="margin-top:0;margin-bottom:0">
<br>
</p>
<div style="margin-bottom:0px;margin-top:0px">
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande"> id 11miagre</font> </p>
</div>
<div style="margin-bottom:0px;margin-top:0px">
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">uid=22221(11miagre) gid=20(staff) groups=20(staff),98(_lpadmin),101(com.apple.sharepoint.group.1),104(com.apple.sharepoint.group.2),1042(allstudents),1053(washington_2011)</font> </p>
</div>
<p style="margin-top:0;margin-bottom:0">
<br>
</p>
<div style="margin-bottom:0px;margin-top:0px">
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">GID 98 shows as _lpadmin what the heck is that? Google says it configures the print system, so I must assume it is a daemon from the OS? </font> </p>
</div>
<p style="margin-top:0;margin-bottom:0">
<br>
</p>
<div style="margin-bottom:0px;margin-top:0px">
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">Anyone else see this stuff? Also dscl does not list this user under /Groups/admin either</font> </p>
</div>
<p style="margin-top:0;margin-bottom:0">
<br>
</p>
<div style="margin-bottom:0px;margin-top:0px">
<p style="margin-top:0;margin-bottom:0">
<font size="3" face="Lucida Grande">Thanks</font> </p>
</div>
<p style="margin-top:0;margin-bottom:0">
<br>
___________________________<br>Thomas Larkin<br>TIS Department<br>KCKPS USD500<br><a href="mailto:tlarki@kckps.org" target="_blank">tlarki@kckps.org</a><br>blackberry: 913-449-7589<br>office: 913-627-0351<br>
<br><br><br><br><br> </p>
</div>
</div>
<div>
<p style="margin-top:0;margin-bottom:0">
<ATT00001.txt> </p>
</div>
</div>
</div>
</blockquote>
</div>
<p style="margin-top:0;margin-bottom:0">
<br>
</p>
</div>
</div>
<p style="margin-top:0;margin-bottom:0">
<br>
_______________________________________________<br>Casper mailing list<br><a href="mailto:Casper@list.jamfsoftware.com" target="_blank">Casper@list.jamfsoftware.com</a><br><a href="http://list.jamfsoftware.com/mailman/listinfo/casper" target="_blank">http://list.jamfsoftware.com/mailman/listinfo/casper</a><br>
<br> </p>
</blockquote>
</div>
<p style="margin-top:0;margin-bottom:0">
<br>
</p>
</div>
</div></div></div>
</blockquote></div><br></div>