Skip to main content

Hello everyone,

I hope to find some help here with our issue. We are using the Kerberos SSO Extension to synchronize the passwords of Mac users with their Active Directory (AD) passwords.

During initial setup, the user logs in with their AD account, followed by a password synchronization window. Here, they enter both their AD password and the Mac password to synchronize them.

This process works initially.

However, we have a department at one location experiencing an issue where the password synchronization window pops up as many as 50 times a day. It doesn’t matter whether a password is entered or if someone just clicks "cancel".

We have reinstalled all the Macs at this location. Everything was fine for about a month, and then the problem gradually started again.

I went to the location with my MacBook and did not experience the problem there. The colleagues also have this issue at home over VPN.

All are using macOS 14.4.1. However, the problem was also present in previous versions, including macOS 12 and 13.

Additionally, while the password synchronization window pops up, if you enter "app-sso -i <DOMAIN>" in the terminal, the "password_changed_date" and the value does not exist.

 

In the JAMF Configuration Profile, we have configured the following:

  • Realm - Our Domain
  • Hosts - Our Domain
  • Request credential on next... - Enforce
  • Automatically use LDAP and DNS... - Enforce
  • Automatic Login - Allow
  • User Presence to access... - Skip
  • Local password sync - Enable

If the macs have been reprovisioned, they are not the issue. If you are not affected, then the network is not the issue. I would focus efforts to see what is going on with their AD/AAD accounts, and if there are any security policies like TLS filters, firewall or VPNs that would affect them and not you.


 


It sounds like something is not talking right between their macs and AD.

I have exact the same issue - we use the extensions since more than two years without any issue. This issue starts with the update to mac OS 14. Anyone which can help here or give a hint?

I have exact the same issue - we use the extensions since more than two years without any issue. This issue starts with the update to mac OS 14. Anyone which can help here or give a hint?


Seems like we have to wait for Microsoft Platform SSO which is in public review right now, but only for Microsoft Entra ID yet. Hope jamf is able to implement it soon.

Reply


Terms & ConditionsCookie settings