+3We just received a new macbook and we enable filevault with AD admin account. When I try to do it now, I receive the following message. How can I resolve this issue?
"Authentication server refused operation because the current credentials are not authorized for the requested operation."
+18Interesting, based on the release notes and a message from a colleague that it's now working for him.
I have not myself tested, but have a look.
Release notes:
If you change your Active Directory user password outside of Users & Groups preferences, the new password can now be used to unlock your FileVault volume (previously, only the old password would unlock the volume).
+7Pretty bold for Apple to say that when it appears it only works when you manually run diskutil apfs updatePreboot / after the user's password is changed. Otherwise, FV2 will continue using the original password. Hooray, another unusable version of 10.13!
+9@doggles Explains why policies that create users that should be added to filevault are not and there is an error when adding to FV. Started on 10.13.2
+9Policies that do an authenticated restart with FV do not reboot the computer under 10.13.2 in our environment. Noticed on a 10.13.2 system and confirmed there. Had a 10.13.1 system run the policy and it rebooted. Had that same computer update to 10.13.2 and run the policy; result: no reboot occurred.
+17Yes, I opened a ticket about this with Apple - please do the same if you're able! They do not have an ETA for a fix yet, so I'd love some more pressure on it. They knew about the issue and sort of vaguely alluded to it being a bug, so we'll see.
+9On 10.13.3, I can't speak to enabling fv yet, but FV authenticated reboots via jamf are still broken, which says to me the underlying issue around FV has not yet been fixed.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
