- Jamf Nation Community
- Products
- Jamf Pro
- AD Binding - Password Incorrect - New Mac
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
AD Binding - Password Incorrect - New Mac
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-05-2017 11:27 AM
I have a brand new touchID macbook pro with 10.12 Sierra installed. I have tried every single possible way to bind it to AD but no matter how I try or what user account I use it always comes back with 'The username or password provided for the domain is invalid'
We normally just use the directory binding option in JSS and this has worked flawless for all of our macs. This is the first touchID mac we have and the first time I am seeing this issue. The account in question is an account we made specifically for jamf AD binding. I tried resetting the account to an easy password, confirmed I can authenticate using that password, tried to join the mac and same error.
JamfPro version: 10.0.0-t1508873342
Labels:
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-05-2017 01:11 PM
make sure the password doesn't have an exclamation.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-05-2017 01:13 PM
[D-008806] The dsconfigad binary fails to bind a computer to a directory service if the service account password contains an exclamation point (!).
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-05-2017 01:16 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-05-2017 08:04 PM
@osxadmin That would be news to about 1000 MacBook Airs I imaged in August and bound to AD with a service account that I know contains an exclamation point. Are you sure this wasn't resolved by macOS 10.12.6? (The Apple article you link to was for macOS 10.12.3)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-06-2017 12:47 AM
We see this error mostly caused by the wrong time on the clients. so we have a policy to sync time with AD first then bound to AD.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-06-2017 06:05 AM
@sdagley The post mention they are running macOS 10.12; and the "password exclamation" issue is from Jamf (and that hasn't been resolved by Jamf: [D-008806] )
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-06-2017 08:43 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-06-2017 08:50 AM
@sdagley you are correct, that's why I post the known issue number "D-008806" from Jamf:
[D-008806] The dsconfigad binary fails to bind a computer to a directory service if the service account password contains an exclamation point (!).
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-07-2017 09:23 AM
Thanks for the posting guys so I don't think the ! is the issue as I reset the password for the join account to strictly [a-Z][0-9] and I am getting the same issue. If I take that account/password and test it against AD it authenticates successfully. I made sure to sync up the time on the mac as suggested but still running into this problem. I have tried running dsconfigad by itself and it gives me the same error message about the password being incorrect. I also went through and checked it any patches were available and it appears to be up to date. Version: 10.12.6 (16G1114)
