- Jamf Nation Community
- Products
- Jamf Pro
- Account getting locked out
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Account getting locked out
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2024 09:45 AM
Has anyone run into this issue:
-MacBooks are bound to AD
-User changes password.
-Restarts/locks computer can't sign back in again. States account is locked out for "15 minutes"
-Log in as the local Administrator account and log back out, user can then sign in without issue.
-Change user's password and they can log in but when they restart/shutdown, won't let them back in until we sign in as local admin account.
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2024 10:16 AM
We have been having some consistent issues related to authenticating and login related to secure token. I have no explanation as to why this is happening but turning off and on secure token has consistently resolved ours. Right now we are just using a comman in terminal and don't have anything scripted. We are using MBA M1s. Suspect it has to do with keychain. I would first confirm time and bind are good though.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2024 11:23 AM
What is the command you are using? Can you provide it?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2024 11:28 AM
We use
sysadminctl interactive -secureTokenOff userneedingtoken -password -
sysadminctl interactive -secureTokenOn userneedingtoken -password -
first prompt window will be for your local account that has a token then the second prompt in terminal will be for the users password
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2024 10:29 AM
Sounds like the FileVault password isn't updated. Are you using Apple Kerberos or Jamf Connect to sync password?
https://community.jamf.com/t5/jamf-pro/a-reliable-fix-for-filevault-2-password-sync-issue/m-p/306052
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2024 11:11 AM
Apple stopped developing macOS with domain binding in mind some 10 years ago. The number of issues with domain bound workflows is constantly increasing and will continue to do so.
How exactly are your users changing/syncing their passwords? Sounds like FileVault is not syncing their new passwords.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2024 11:21 AM
System Settings - User & Groups - click on their username - Change...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-10-2024 06:26 AM
My organization's environment also has this issue when our users' passwords expire. We have them set up in Active Directory, and when the login page is supposed to allow them to reset their password when it expires, but recently, they won't be able to use the changed password. we have to set their password remotely and then make the user change it via NoMAD.
