Local Users Not Allowed to Log In

nwebster
New Contributor II

Hi everyone,

I work for a High School and I'm having a hard time figuring out the root of this issue. They authenticate via Google, then type their local password, to get an error message saying  "You are not allowed to log in at this time". 

Screen Shot 2021-12-14 at 9.22.26 AM.png

Though, this is working on a few users of the same groups and all, so the inconsistency is throwing me for a loop. 

When I call for JamfConnectLogin.log, I get: authorizationhosthelper.x86_64[4394:7709] [com.jamf.connect.login:KeychainAdd] Tried to get the login name but couldn't find it.

 

macOS Version: 11.6.0
JamfConnect 2.6

 

Anyone have any ideas? Would be much appreciated.

1 ACCEPTED SOLUTION

rabbitt
Contributor II
Contributor II

Look for a configuration profile applied to the machine with a Login Window payload.  Under Access, there is an option to deny login for any local users:

Screen Shot 2021-12-14 at 10.31.10 AM.png

 This may have been applied to the machine if it was once bound to an on-premises Active Directory server.  Turn the first option - "Local-only users may log in" - back on OR unscope the config profile from target machines.

View solution in original post

2 REPLIES 2

rabbitt
Contributor II
Contributor II

Look for a configuration profile applied to the machine with a Login Window payload.  Under Access, there is an option to deny login for any local users:

Screen Shot 2021-12-14 at 10.31.10 AM.png

 This may have been applied to the machine if it was once bound to an on-premises Active Directory server.  Turn the first option - "Local-only users may log in" - back on OR unscope the config profile from target machines.

nwebster
New Contributor II

Nailed it! I had set an inactivity log-out under "options" in that config, and had that "Local-only users may log in" setting turned off. Appreciate you!