10.2 Macintosh End User Tasks

10.2.1 Accessing Network Files

Macintosh users can use the Chooser option to access files and directories.

  1. In Macintosh OS X, click Go > Connect to Server.

  2. Specify afp://IP address of the OES 2018 or later server or afp://DNS name of the OES 2018 or later server, then click Connect.

  3. Specify the user name and password, then click Connect.

  4. Select a volume to be mounted on the desktop.

    Although you now have access to the files, mounting the volume to the desktop does not make it available after rebooting. You need to create an alias to make it available after rebooting.

  5. (Optional) Create an alias to the desired volume or directory:

    1. Click the Linux server icon.

    2. Click File > Make Alias.

      The alias icon appears on the desktop.

  6. (Optional) To access AFP share via the terminal, execute the following command:


    The following example illustrates how to mount the afp volume server.company.com/volumename/ at the mount point /Volumes/mntpnt:

    mkdir /Volumes/mntpnt

    mount_afp afp://username:userpass@server.company.com/volumename/ /Volumes/mntpnt

10.2.2 Logging In to the Network as a Guest

If the network administrator has set up the Guest User object account as described in Configuring a Guest User Account, Macintosh users can log in to the network as a Guest.

  1. In Macintosh OS X, click Go > Connect to Server.

  2. Type the IP address or DNS name of the Linux server, then click Connect.

  3. Click Guest Login > Connect.

The Guest user has rights to access network resources as configured by the network administrator.

10.2.3 Changing Passwords from a Macintosh Computer

Macintosh users can change their passwords. When they change the simple password, the eDirectory password is automatically synchronized.

  1. In Macintosh OS, click the Apple menu > Chooser > AppleTalk > Server IP Address.


    In Macintosh OS X, click Go > Connect to Server.

  2. Type the IP address or DNS name of the Linux server, then click Connect.

  3. Specify the user name.

  4. Click Change Password.

  5. Type the old password and the new password, then click OK.

10.2.4 Changing Expired Passwords from a Macintosh Computer

When the existing user's password expires, a pop-up is displayed as a reminder to change the password. Change the password from the Mac computer.

10.2.5 Assigning Rights and Sharing Files from a Macintosh Computer

Although using iManager is the recommended method for managing rights, Macintosh users have some file sharing and management capability through Chooser.

NSS Rights versus Macintosh Rights

Using Chooser/Finder to access network files and folders is consistent with the Macintosh environment, but there are some differences between NSS and Macintosh file sharing. Macintosh users can view the sharing information about specific folders by clicking Get Info/Sharing.

Inherited Rights and Explicit Rights

The Macintosh file system uses either inherited rights (which use the enclosing folder's privileges) or explicit rights (which assign rights to a group or user). A folder in the Macintosh file system cannot have both inherited and explicit rights.

NSS uses both inherited and explicit rights to determine the actual rights that a user has. NSS allows a folder (or directory) to hold file rights for multiple groups and users. Because of these differences, Macintosh users will find that access rights to folders and files might function differently than expected.

NSS uses inherited rights, so the Macintosh Use Enclosing Folder’s Privileges option is automatically turned off. When a Macintosh user views the Get Info/Sharing dialog box for an NSS folder, only the User/Group assignments are visible if there is an explicit assignment on the folder. If the NSS folder inherits User/Group rights from a parent group or container, those rights are not displayed in the dialog box, nor is there any indication that the folder is inheriting rights from a group or container.

Owner, User/Group, and Everyone Rights

Because NSS allows multiple groups and users to have rights to a single folder, users cannot delete rights assignments by using the Apple Macintosh interface. Users can add assignments to allow basic file sharing, but more complex rights administration must be done through iManager. When specifying Owners, Users, and Groups, there is no way to select from current groups. You must specify the correct Linux name and context (fully distinguished eDirectory name).

HINT:No context is required if the context is specified in the context search file.

Owner Rights

In the Apple File Sharing environment, an owner is a user who can change access rights. In the NSS environment, users can change access rights if they have been granted the Access Control right for the folder. In NSS, an owner is the user who created the file. An NSS owner has no rights by virtue of ownership. In the NSS environment, the owner is the current user if he or she has access control rights to the folder.

If the user has access control rights, then he or she is shown as the owner of the file. If the user does not have access control rights, the actual NSS owner is shown as the owner. However, for directories, the NSS owner is always displayed.

In Apple File Sharing, there can be more than one owner. If you change the owner, access control rights are added to the new owner, but are not removed from the current owner. In NSS, there are two ways to have access control rights: 1) have the Access Control right and 2) have the Supervisor right. Adding a new owner only adds the Access Control right, not the Supervisor right. If the current owner already has the Supervisor right through other management utilities, that right remains. The Supervisor right also gives full file access rights. This means that if you are the current user and have the Supervisor right, you also have read/write access and you cannot change those rights.

The display only shows one owner. If multiple users have file access rights, only the current user is shown in the Owner field.

User / Group

Only one user or group can be displayed for a folder.

If both users and groups have access to an NSS folder, groups are displayed before users. The group with the most access rights is preferred over groups with fewer access rights. Only users or groups with explicit rights (not inherited rights) are shown in the User/Group field. Users and groups with inherited rights are not shown in the dialog box, nor is there any indication that there are users and groups with inherited rights.

Rights set through this interface are inherited by the folder’s subfolders. It is impossible to manage all inherited rights from the Macintosh interface. (Although it is not recommended, you could set the inherited rights filters from the management utilities to turn off inherited rights.)


Assigning rights to Everyone acts like the Macintosh user expects, with the exception that Everyone’s rights are inherited. Everyone’s rights can change from folder to folder, but when they are set, they are inherited by subfolders.