Our OSX server 4 Yosemity 10.10 is bound to AD where an unrelated user "operator" exists. Reportedly the OSX server tries to use account "operator" without the proper password, and this action locks the valid AD account "operator".
What service in OSX server needs to authenticate as user "operator" ?
Asked
Active
Viewed 332 times
2
Paul
- 21
- 1
1 Answers
1
operator is a system group with gid=5 at least on OS X 10.10.5, you can find this by running:
dscacheutil -q group |grep -A2 "name: operator"
Which should produce this output on a non-AD linked system:
name: operator
password: *
gid: 5
--
name: operator
password: *
gid: 5
I know that shows the group name not the user, but it is a start in the right direction I think. I am working on figuring out what that group is used for and will update the answer when I have figured it out.
I know that using LDAP it is possible to override certain local user and group settings, one example would be with the %wheel group which is typically gid=10. It should be possible to do something similar with the operator user and/or group with AD but I am not certain what specific configurations on the server and host would be required.
I was able to find a bit more information and historical context for the operator user at this answer. I am still trying to work out if the user is actively used or has been deprecated but is still included.
