Recently I have tried to get our 40+ OS X client lab machines to
authenticate 400 users to the server on boot with Netinfo. The client side
works flawlessly however, our netinfo database seemed to only be local (it
was in /netinfo/root/servername). Therefore, nothing truly authenticated.
The one administrative user in /netinfo/root authenticated just fine.

Apple told me the solution was to export all the users from
/netinfo/root/servername and import them into /netinfo/root. They said
passwords would be lost. An inconvenience, but acceptable. I exported some
users and imported them and by hand changed all their passwords to something
simple. Clicking save, the passwords looked like they took, however upon
trying to log into a client machine they would not accept the passwords, the
client would only log in with a blank password. Any users created directly
in /netinfo/root would work with passwords, and I could change their
passwords as I saw fit through workgroup manager.

I thought it was a permissions problem, so I repaired the permissions on the
server, however the problem was still there. After working to no avail apple
then suggested that I use the program passenger. Passenger would export the
users with its own created and encrypted password, however once imported to
/netinfo/root I could not change the password passenger gave it via
workgroup manager. However, I could log into a client machine and change the
password via "my account." this is not acceptable b/c people (and I'm
talking 8 year olds) continually forget their password, so they couldn't log
in to change it in the first place.

Passenger support claims it is an OS X Workgroup manager problem. Apple then
said our only option is to enter 400+ users by hand into /netinfo/root.
However you cannot enter users into /netinfo/root unless you delete them in
/netinfo/root/servername. Upon deleting them in the latter it will set their
home folder's permissions to the administrator, meaning when I recreate them
in /netinfo/root they cannot write to their home folder upon logging into
the client. This would call for a whole lot of "chown."

My question to you is has anyone gone through this before? Am I doing
something horribly wrong? Apple said that 1) helping us move our db via
command line tools, thus preserving the passwords is beyond the scope of
their support and 2) please stop calling for help.

If anyone has any help for me whatsoever, I would be appreciative. You may
reply to this, or email me directly at [email]bplattemerson-school.org[/email].

Thanks for your help,


Beth