I've added MacOS Sierra machine to a corporate Active Directory domain and have enabled the remote login for several users in an AD group.
Those users can log in locally via UI and even can log in via opened SSH to mac.
The business requirement that this was done for is to allow users to connect to a Xamarin Build host from Visual Studio to develop for iOS, but this is outside of the scope of this question. So ultimately the connection from Visual Studio is done via pure SSH. Once the remote MacOS machine accepts the ssh credentials that are entered in VS UI, it tries to deploy a program part required by VS to perform needed tasks, a Broker application. The log of the attempt is the following:
Starting connection to Mac mac.mydomain.net... Starting Broker
4.3.0.795 in port 58116...
The user must be logged in on the Mac in order to execute an SSH command.
Disconnected from the Mac mac.mydomain.net (IP of mac.mydomain.net)
The problem is this entry:
The user must be logged in on the Mac in order to execute an SSH command.
Basically, if I go onto the MacOS via UI and login that user, then using Fast User Switching I will just move the screen back to login window, while maintaining the user's UI session on, I would be able to connect via Visual Studio just fine.
So ssh login is not the same as UI login. How can I set up the events or something, so that upon SSH login, a user would be "as in in UI" logged in as well?
Update: Probably duplicate of https://superuser.com/questions/39322/induce-mac-graphical-login-from-ssh
Best Answer
Short term, you will probably have to limit the logged in users to one or two since Mac OS doesn't implement a terminal services model of many remote users. Not only does your setup likely violate the explicit terms relating to Remote Desktop functionality in the software license (assuming your company didn't negotiate a custom license agreement with Apple), many subsystems, tuning parameters and scripts are designed for one primary user at a time.
Long term, you'll probably choose to re-architect your build toolset to set up some mix of:
TLDR; the system wasn't designed for 5 remote users - you'll experience oddities and issues if you run that way for long