AD Binding - Password Incorrect - New Mac

lokd
New Contributor

I have a brand new touchID macbook pro with 10.12 Sierra installed. I have tried every single possible way to bind it to AD but no matter how I try or what user account I use it always comes back with 'The username or password provided for the domain is invalid'
We normally just use the directory binding option in JSS and this has worked flawless for all of our macs. This is the first touchID mac we have and the first time I am seeing this issue. The account in question is an account we made specifically for jamf AD binding. I tried resetting the account to an easy password, confirmed I can authenticate using that password, tried to join the mac and same error. JamfPro version: 10.0.0-t1508873342

9 REPLIES 9

osxadmin
Contributor II

make sure the password doesn't have an exclamation.

osxadmin
Contributor II

[D-008806] The dsconfigad binary fails to bind a computer to a directory service if the service account password contains an exclamation point (!).

osxadmin
Contributor II

sdagley
Esteemed Contributor II

@osxadmin That would be news to about 1000 MacBook Airs I imaged in August and bound to AD with a service account that I know contains an exclamation point. Are you sure this wasn't resolved by macOS 10.12.6? (The Apple article you link to was for macOS 10.12.3)

shibao_si
New Contributor II

We see this error mostly caused by the wrong time on the clients. so we have a policy to sync time with AD first then bound to AD.

osxadmin
Contributor II

@sdagley The post mention they are running macOS 10.12; and the "password exclamation" issue is from Jamf (and that hasn't been resolved by Jamf: [D-008806] )

sdagley
Esteemed Contributor II

@osxadmin While Jamf may have a defect with an ! in an AD password, and that may be what @lokd is running into, my point was the problem is not with dsconfigad as it is possible to bind with a password containing an ! because it works in Directory Utility and Deploy Studio.

osxadmin
Contributor II

@sdagley you are correct, that's why I post the known issue number "D-008806" from Jamf:

[D-008806] The dsconfigad binary fails to bind a computer to a directory service if the service account password contains an exclamation point (!).

lokd
New Contributor

Thanks for the posting guys so I don't think the ! is the issue as I reset the password for the join account to strictly [a-Z][0-9] and I am getting the same issue. If I take that account/password and test it against AD it authenticates successfully. I made sure to sync up the time on the mac as suggested but still running into this problem. I have tried running dsconfigad by itself and it gives me the same error message about the password being incorrect. I also went through and checked it any patches were available and it appears to be up to date. Version: 10.12.6 (16G1114)