Hello,
We are currently working on configuring Jamf Connect to get away from local AD binding. I have the initial login to macOS working (Google SSO Prompt and Duo MFA is working well.) After initial account creation when you’re prompted by Self Service + to sync your Google Account password to your local account, that is where it fails. The error is: “invalid password.”
In testing... any account outside or bypassed from Duo can query LDAP successfully. Accounts encompassed by Duo receive the same “invalid password” message via Self Service + or when running the LDAP query manually via terminal.
I’ve already spoken with Jamf support. They did some minor config changes, log searching, asked me to speak with Duo and then resolved the ticket. I have a support request into Duo at the moment but haven’t heard back. I’ve looked through both Duo’s policies and in Google Admin and haven’t come up with anything.
What am I missing?
