[Help] Jamf Connect Creates New Profile Instead of Migrating

EddieV2
New Contributor

Hi All,

 

A have a few users (out of 300) that were forced to create a new profile instead of prompting to connect to a local account (Jamf Connect Migration). Is this a bug? How can it be fixed? We're on version 2.4.5 and use Okta as the IdP. 

Below is authchanger -print from an affected user from their local account.

 

authchanger -print
Entry: system.preferences.network
  modified : 656276786.306666
  tries : 10000
  class : user
  group : admin
  comment : Checked by the Admin framework when making changes to the Network preference pane.
  session-owner : 0
  authenticate-user : 1
  timeout : 2147483647
  version : 0
  allow-root : 1
  created : 634501500.507993
  shared : 1
Entry: system.login.console
  shared : 1
  modified : 656276786.287784
  created : 634501500.507993
  tries : 10000
  mechanisms:
   builtin:prelogin
   JamfConnectLogin:Initialize
   JamfConnectLogin:LoginUI
   JamfConnectLogin:PowerControl,privileged
   JamfConnectLogin:CreateUser,privileged
   JamfConnectLogin:EULA
   JamfConnectLogin:DeMobilize,privileged
   JamfConnectLogin:RunScript,privileged
   builtin:login-begin
   builtin:reset-password,privileged
   loginwindow:FDESupport,privileged
   builtin:forward-login,privileged
   builtin:auto-login,privileged
   builtin:authenticate,privileged
   PKINITMechanism:auth,privileged
   builtin:login-success
   JamfConnectLogin:Success
   HomeDirMechanism:login,privileged
   HomeDirMechanism:status
   MCXMechanism:login
   CryptoTokenKit:login
   loginwindow:done
   JamfConnectLogin:EnableFDE,privileged
   JamfConnectLogin:KeychainAdd,privileged
  version : 8
  class : evaluate-mechanisms
  comment : Login mechanism based rule. Not for general use, yet.
Entry: system.services.systemconfiguration.network
  class : rule
  comment : For making change to network configuration via System Configuration.
  rule:
   is-root
   entitled
   _mbsetupuser-nonshared
   authenticate-admin-nonshared
  modified : 656276786.318663
  created : 634501500.507993
  k-of-n : 1
  version : 2

 

2 REPLIES 2

bmortens115
New Contributor III
New Contributor III

check Directory Utility on the client machine, click on the Directory Editor tab, find the user in question, and then check for a "NetworkUser" attribute. if the value is unknown, it's a JC issue, PI-009936: "Unknown" NetworkUser attribute is added to local user record during local login and blocks Migrate
The workaround for this is to run the following command on the machine to delete the attribute, filling in the local username:

sudo dscl . delete /Users/<localusername> dsAttrTypeStandard:NetworkUser


Apparently, jamf connect 2.5 fixed this issue, so you may want to upgrade

thanks @bmortens115, I am currently facing the same issue and unfortunately the workaround is not helping either. We are currently on jc 2.5.0 now too. Any other ideas?