Help

10.13.2 Cannot enable filevault with AD account?

sabdul
New Contributor II

Posted on ‎12-08-2017 11:56 AM

We just received a new macbook and we enable filevault with AD admin account. When I try to do it now, I receive the following message. How can I resolve this issue?

"Authentication server refused operation because the current credentials are not authorized for the requested operation."

Reply
11 REPLIES 11

scottb
Honored Contributor

Posted on ‎12-08-2017 12:27 PM

Interesting, based on the release notes and a message from a colleague that it's now working for him.
I have not myself tested, but have a look.

Release notes:

If you change your Active Directory user password outside of Users & Groups preferences, the new password can now be used to unlock your FileVault volume (previously, only the old password would unlock the volume).

macOS 10.13.2

Reply

geoffrepoli
Contributor

Posted on ‎12-08-2017 01:42 PM

Pretty bold for Apple to say that when it appears it only works when you manually run diskutil apfs updatePreboot / after the user's password is changed. Otherwise, FV2 will continue using the original password. Hooray, another unusable version of 10.13!

Reply

scottb
Honored Contributor

Posted on ‎12-08-2017 03:45 PM

@doggles -you'll like this then...
High Anxiety, er, Sierra...

Reply

geoffrepoli
Contributor

Posted on ‎12-08-2017 06:22 PM

@scottb im digging the marshmallow analogy

Reply

MrP
Contributor III

Posted on ‎12-11-2017 08:01 AM

@doggles Explains why policies that create users that should be added to filevault are not and there is an error when adding to FV. Started on 10.13.2

0 Kudos
Reply

MrP
Contributor III

Posted on ‎12-11-2017 11:20 AM

Policies that do an authenticated restart with FV do not reboot the computer under 10.13.2 in our environment. Noticed on a 10.13.2 system and confirmed there. Had a 10.13.1 system run the policy and it rebooted. Had that same computer update to 10.13.2 and run the policy; result: no reboot occurred.

0 Kudos
Reply

mbezzo
Contributor III

Posted on ‎12-11-2017 12:13 PM

Yes, I opened a ticket about this with Apple - please do the same if you're able! They do not have an ETA for a fix yet, so I'd love some more pressure on it. They knew about the issue and sort of vaguely alluded to it being a bug, so we'll see.

0 Kudos
Reply

jakem
New Contributor II

Posted on ‎01-02-2018 12:25 PM

Anyone have any updates on this?

0 Kudos
Reply

MrP
Contributor III

Posted on ‎01-31-2018 07:17 AM

On 10.13.3, I can't speak to enabling fv yet, but FV authenticated reboots via jamf are still broken, which says to me the underlying issue around FV has not yet been fixed.

0 Kudos
Reply

dannyba
New Contributor

Posted on ‎02-22-2018 12:30 PM

Hi,

Maybe this will help - https://community.sophos.com/kb/en-us/128052

Reply

MrP
Contributor III

Posted on ‎04-10-2018 09:30 AM

Everything still broken on 10.13.4+JSS Pro 10.3.1.

0 Kudos
Reply