Guest account cannot be enabled via Managed Preferences
| Originator: | tim | ||
| Number: | rdar://10644044 | Date Originated: | 04-Jan-2012 04:06 PM |
| Status: | Open | Resolved: | |
| Product: | Mac OS X | Product Version: | 10.7.3 11D36 |
| Classification: | Serious Bug | Reproducible: | Always |
Summary: In Mac OS X 10.5 and 10.6, the Guest account could be enabled using MCX / Managed Preferences. In Lion, the option is still available in Workgroup Manager, but it does not seem to have the effect of enabling the Guest account. The option is no longer selectable in the Users & Groups prefpane (as was the case before), but the checkbox is no longer checked. Guest account logins do not seem to function. Steps to Reproduce: 1. As root, create a guest computer using dscl if one doesn't already exist: /usr/bin/dscl /Local/Default -create /Computers/guest 2. Enable the guest account for the guest computer record: /usr/bin/dscl /Local/Default -mcxset /Computers/guest com.apple.MCX DisableGuestAccount always -bool false 3. Logout, restart or manually refresh MCX using "mcxrefresh -n [a local username]" 4. Verify that the Managed Preference has been set using either System Profiler or mcxquery. 5. Logout, attempt to login using "Guest Account" or "guest." I've attempted to apply the preferences using different methods, outlined below in Notes. Expected Results: Login should succeed. Actual Results: Login is not possible. I can only see these events in the console: Jan 4 11:58:54 test-imac SecurityAgent[738]: User info context values set for Guest Account Jan 4 11:58:54 test-imac SecurityAgent[738]: Unknown user "Guest Account" login attempt PASSED for auditing Jan 4 11:58:56 test-imac SecurityAgent[738]: User info context values set for guest Regression: Worked in Leopard / SL. Notes: I've tried setting this Managed Preference three ways. In all cases I also set the login window to show a list of users (my com.apple.loginwindow has SHOWFULLNAME to true) to verify that the preferences are being loaded. - connecting to an OD master running 10.6.8v1.1 - using a guest computer record at /private/var/db/dslocal/nodes/Default/computers/guest.plist - using a local_desktop computer record containing the en0 ethernet MAC at /private/var/db/dslocal/nodes/MCX/computers/local_desktop, and adding this node to the CSPSearchPath I've also seen it suggested that the new features of FileVault offered in Lion could be related. I tested this with FileVault both enabled and disabled.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!