AD Login Failure

tthiry
New Contributor

Hi All,

I have an odd issue. I converted a local account to a mobile account on a Macbook Pro running 10.13.2. It is joined to the domain. When I attempt to login using the converted account I get denied (shaken off). I am able to login using my domain credentials. The "converted" account still allows authentication with the local credentials even though the account is marked as mobile. If I run "sudo kinit <username>" and "sudo klist" for the user in question, I see a kerberos ticket present. dsconfigad -show also shows proper information. I have verified the time is correct and DNS is functioning properly. I have also tried creating a local account, moving the users data to the local account and converting it again to a mobile account with no luck. The script I am using has worked successfully on 20 other systems.

Any ideas?

Thanks,
Tony

2 REPLIES 2

LRZ_Jamf
Contributor

Did you "allow Network Accounts to login"? within the Loginoptions?

tthiry
New Contributor

Yes, and "All network Users" is selected.