We are trying to get binding working through Big Sur. Our configuration profile for binding worked previously in Catalina, but now it doesn't work on Big Sur.
When looking at Active Directory, the machine says it's binded but we can't seem to log in with our domain accounts.
Does anyone have this issue in Big Sur? Any suggestions/tips would be appreciated.
I have found that recent versions of Big Sur and Monterey are working well when bound to AD - including many M1's.
Some things to check...
Is your AD forest and domain functional levels current?
Are your Macs set to use domain controllers for DNS?
What are your Macs set to for a time server? Is the client time aligned with your domain time?
Have you checked the service principal attribute on your Mac AD computer objects? What do those look like?
You say you can't login, but can you use dscl to query AD?
Example: dscl /Search read /Computers/"adComputerName" RecordName
I have tried all the above to no avail. We thought the keychain issue was related to AD binding and using mobile accounts, but the keychain issue is still there (not binded to AD, and we created a local account).
What we have noticed is if we don't enroll the device in JAMF, the keychain issues disappear. As soon as we enroll the device, the login keychain folder disappears and we start receiving keychain errors.
So we started from scratch. Wiped the hard drive, and reinstalled Monterrey. No application deployments, no policies, no configurations. After a reset, the only thing happening is the MDM profile installation, and the keychain issues start; if we remove the MDM profile, keychain issues go away.
I have tried all the above to no avail. We thought the keychain issue was related to AD binding and using mobile accounts, but the keychain issue is still there (not binded to AD, and we created a local account).
What we have noticed is if we don't enroll the device in JAMF, the keychain issues disappear. As soon as we enroll the device, the login keychain folder disappears and we start receiving keychain errors.
So we started from scratch. Wiped the hard drive, and reinstalled Monterrey. No application deployments, no policies, no configurations. After a reset, the only thing happening is the MDM profile installation, and the keychain issues start; if we remove the MDM profile, keychain issues go away.
It sounds like you have a different issue than what was being discussed in this thread. I would try working with Jamf Support.
I posted in this thread a while ago having issues. We had a large shipment of the M1 iMacs. None of them would bind to AD out of the box. They would only bind after re-imaging them. Very strange. But instead of binding, we're using NoMAD (https://nomad.menu/products/) (which the JAMF Connect product evolved from). But like I said, out of the box, we couldn't get any of these iMac's to bind, NoMAD wouldn't work either. Using the kinit command to test pulling kerberos tickets, no dice. Couldn't contact AD.
I'll admit NoMAD is sort of a 'ghost' product at this point that doesn't get much support, but it works great for us creating local accounts for people, no issues of people coming unbound anymore, etc. Working on latest versions of Big Sur and Monterey. Just FWIW.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.