Child pages
  • Unlocking MacOSX Open Directory users
Skip to end of metadata
Go to start of metadata

MacOSX locks users for several reasons, for example too many login attempts.

To check and unlock these accounts withour using the GUI Workgroup Manager:

check

borg:~ root# pwpolicy -u <username> -getpolicy
Getting policy for xxx
isDisabled=0 isAdminUser=0 newPasswordRequired=0 usingHistory=0 canModifyPasswordforSelf=1 usingExpirationDate=0 usingHardExpirationDate=0 requiresAlpha=0 requiresNumeric=0 expirationDateGMT=12/31/69 hardExpireDateGMT=12/31/69 maxMinutesUntilChangePassword=0 maxMinutesUntilDisabled=0 maxMinutesOfNonUse=0 maxFailedLoginAttempts=0 minChars=0 maxChars=0 passwordCannotBeName=0 requiresMixedCase=0 requiresSymbol=0 notGuessablePattern=0 isSessionKeyAgent=0 isComputerAccount=0 adminClass=0 adminNoChangePasswords=0 adminNoSetPolicies=0 adminNoCreate=0 adminNoDelete=0 adminNoClearState=0 adminNoPromoteAdmins=0

set

borg:~ root# pwpolicy -a diradmin -u <username> -setpolicy "isDisabled=0"

see also: http://serverfault.com/questions/61214/how-can-i-disable-a-user-account-from-the-cli-with-mac-os-x-server