10.13.2 Cannot enable filevault with AD account?

sabdul
New Contributor II

We just received a new macbook and we enable filevault with AD admin account. When I try to do it now, I receive the following message. How can I resolve this issue?

"Authentication server refused operation because the current credentials are not authorized for the requested operation."

11 REPLIES 11

scottb
Honored Contributor

Interesting, based on the release notes and a message from a colleague that it's now working for him.
I have not myself tested, but have a look.

Release notes:

If you change your Active Directory user password outside of Users & Groups preferences, the new password can now be used to unlock your FileVault volume (previously, only the old password would unlock the volume).

macOS 10.13.2

geoffrepoli
Contributor

Pretty bold for Apple to say that when it appears it only works when you manually run diskutil apfs updatePreboot / after the user's password is changed. Otherwise, FV2 will continue using the original password. Hooray, another unusable version of 10.13!

scottb
Honored Contributor

@doggles -you'll like this then...
High Anxiety, er, Sierra...

geoffrepoli
Contributor

@scottb im digging the marshmallow analogy

MrP
Contributor III

@doggles Explains why policies that create users that should be added to filevault are not and there is an error when adding to FV. Started on 10.13.2

MrP
Contributor III

Policies that do an authenticated restart with FV do not reboot the computer under 10.13.2 in our environment. Noticed on a 10.13.2 system and confirmed there. Had a 10.13.1 system run the policy and it rebooted. Had that same computer update to 10.13.2 and run the policy; result: no reboot occurred.

mbezzo
Contributor III

Yes, I opened a ticket about this with Apple - please do the same if you're able! They do not have an ETA for a fix yet, so I'd love some more pressure on it. They knew about the issue and sort of vaguely alluded to it being a bug, so we'll see.

jakem
New Contributor II

Anyone have any updates on this?

MrP
Contributor III

On 10.13.3, I can't speak to enabling fv yet, but FV authenticated reboots via jamf are still broken, which says to me the underlying issue around FV has not yet been fixed.

dannyba
New Contributor

Hi,

Maybe this will help - https://community.sophos.com/kb/en-us/128052

MrP
Contributor III

Everything still broken on 10.13.4+JSS Pro 10.3.1.