Skip to main content

I'm trying to get auto login to work using an AD account. So far it has been hit and miss. Some work fine, some don't. Here is what I have been doing.



cp -R /System/Library/User Template/English.lproj /Users/student
chown -R student:"Domain Users" /Users/student
/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n student -h /Users/student
Push kcpassword to /private/etc/
defaults write /Library/Preferences/com.apple.loginwindow autoLoginUser student
defaults write /Users/student/Library/Preferences/com.apple.screensaver.plist askForPassword -int 0



Mac are 10.9 and above



Anyone see issues?

Not sure if this is it but in the createmobileaccount help page it says If you do not specify a password, the account's cached password will be created during the account's first log in.



For local accounts the password is hashed in /var/db/shadow/hash, I haven't looked if its the same for mobile accounts but it would be worth checking.



That all being said, you mentioned that it works some of the time which would indicate the syntax is all correct, its just not reliable.



Any chance you could use a local account instead?

Using iBOSS, when an account logs in to AD the IP and user information is passed so the filter knows how to group the user. A local account will be filtered at Default which is not what I would like.



--Scot

Unfortunately, I'm hard pressed to see how it would ever work given that createmobileaccount can't create the password hash, and the reversible format of kcpassword is unrelated to the irreversible shadowed hash format in directory services records. You can't derive the former from the latter.

I'll update the script to use the password for testing purposes and see what happens.



Thanks.

If it's any help you could use the createuserpkg app and pacifist to pull apart the resulting package to see what files are going where.



Might give you some more info.

Update on this... I have found more information and have been successful with auto login since.
The issue seems to be creating the home directory from AD and not setting the password with createmobileaccount. I have edited my script to do the following:



mkdir /Users/student
/System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n student -p {password}
rm -rf /Users/student
createhomedir -c -u student
Push kcpassword to /private/etc/
defaults write /Library/Preferences/com.apple.loginwindow autoLoginUser student
defaults write /Users/student/Library/Preferences/com.apple.screensaver.plist askForPassword -int 0

OOC, how are you generating the kcpassword file? Is student a static account where the password is known?

@joshuasee check out Gavin Brock's perl script for encoding/decoding kcpassword files

Terms & ConditionsCookie settings