You have the Local Password Sync option enabled in the Configuration Profile?
In the Guide it says:
"The Kerberos SSO extension can set the local account password to match a user’s Active Directory
password. Enable this feature by setting “syncLocalPassword” to TRUE in the Custom Configuration
section of your Kerberos SSO extension configuration profile."
so guessine you need to add a custom plist to profile:
com.apple.AppSSOKerberos.KerberosExtension
@SCCM The payload is available in the JP gui so no custom plist should be needed.
So I after some painstaking, step by step work I was able to get it working. I'm really not sure if it was a conflicting setting or just a bad profile in general. I did indeed have the "Local Password Sync" option checked even in the very beginning.
I basically step by step, rebuilt the profile and tested each feature until it worked. Once I did that, I finally got the prompt to work. This was all using the built in Kerberos payload, not SSO with the identifiers and such. I really don't know what fixed it unfortunately.
HI @user-cCnXnCpGDx iam working on setting up a configuration for kerberos authentication, if possible can you please share your configuration profile ( Screenshots )
thanks
So I after some painstaking, step by step work I was able to get it working. I'm really not sure if it was a conflicting setting or just a bad profile in general. I did indeed have the "Local Password Sync" option checked even in the very beginning.
I basically step by step, rebuilt the profile and tested each feature until it worked. Once I did that, I finally got the prompt to work. This was all using the built in Kerberos payload, not SSO with the identifiers and such. I really don't know what fixed it unfortunately.
Hi @user-cCnXnCpGDx , I'm trying to configure the SSO Kerberos with a CAC card would you please provide me the steps on how do I configure it?
So I after some painstaking, step by step work I was able to get it working. I'm really not sure if it was a conflicting setting or just a bad profile in general. I did indeed have the "Local Password Sync" option checked even in the very beginning.
I basically step by step, rebuilt the profile and tested each feature until it worked. Once I did that, I finally got the prompt to work. This was all using the built in Kerberos payload, not SSO with the identifiers and such. I really don't know what fixed it unfortunately.
Hi @user-cCnXnCpGDx, I am having the Extension Identifier error can you tell me what did you type here?
Hi @user-cCnXnCpGDx, I am having the Extension Identifier error can you tell me what did you type here?
I used the Kerberos function, i did not set up an extension identifier. I've since moved to Jamf Connect though.
I used the Kerberos function, i did not set up an extension identifier. I've since moved to Jamf Connect though.
Curious how you like Jamf Connect? We are getting ready to trial it and i'm going back and forth on Jamf Connect vs the Kerberos SSO extension.
Curious how you like Jamf Connect? We are getting ready to trial it and i'm going back and forth on Jamf Connect vs the Kerberos SSO extension.
It all depends on your needs, but both really don't serve the same purpose. Kerberos SSO is mainly used for AD or LDAP on premises directory services and can only service already created local accounts. Jamf Connect is meant for those with an idP like Okta, Azure, Google, etc. and can create a local account using that modern auth pluss some other features.
If your workforce is mobile or WFH then Jamf Connect may be a good idea. if not then like above use your own judgement if both types of services are available to you and pick what meets your needs the best.
