User accounts on your server let users gain access to services provided by the server. A user account contains the information needed to prove the user’s identity for services that require authentication. A user account also provides a centralized place to store a user’s contact information and other data.
You can add user accounts in the Users pane of the Server app by:
Creating accounts
Granting accounts on a network account server access to your server, if your organization has a network account server (also known as a directory server) that your server is connected to
Importing from a file
The Users pane of the Server app lists local user accounts (including user accounts created in System Preferences), network accounts stored in your server’s network account server, and imported user accounts.
Local user accounts
Users with administrator privileges on their Mac computers can create local user accounts using the Users & Groups pane of System Preferences. These local user accounts are stored on the user’s computer. Local user accounts have home folders on the computer and can be used to log in to the computer. Users can’t use their computers’ local user accounts to access the server over the network. Users can use the server’s local user accounts to access the server over the network.
Like users’ Mac computers, your server has local accounts in addition to server accounts. Your server’s local accounts can be used to log in to the server, and a local account with administrator privileges can be used to administer the server. For information about administrator privileges, see About administrator accounts.
Local network and network directory accounts
Network accounts are stored in your server’s network account server or in a connected network account server. You can use the Server app to enable a network account server on your server. If you don’t enable the network account server, then all accounts you create on the server are stored in the server’s local directory.
There are a few reasons to host network accounts on your server:
Your organization has a network account server, also known as a directory server, and you want people to use their existing network accounts with your server.
You plan to have multiple servers and want each user to have one network account that works with all your servers.
You want to use Profile Manager to manage Mac computers with OS X and iOS devices such as iPhone, iPad, and iPod touch.
Types of user accounts
Your server can have its own network accounts or use accounts from an existing network server.
Here’s a comparison of the three types of accounts:
Feature | Local accounts | Local Network accounts (on your server) | Network accounts from an existing network server |
|---|---|---|---|
Where the account is stored | Local directory | The server’s Open Directory | Another network server |
Who creates this | You (a server administrator), using System Preferences or the Server app | You (a server administrator), using the Server app | The network account server’s administrator |
Membership in network groups | Allowed | Allowed | Allowed |
System Preferences support | Allows editing (including changing the password), local group membership | Can change password | Can change password |
Local access to server’s services | Full access | Full access | No access. Service access must be granted. |
Remote access to server’s services | Full access | Full access | No access. Service access must be granted. |
Access to group shared folders | Full access | Full access | If member of group, full access |
Home folder on server | Yes | Yes | No |