Jamf Nation Community

rwinfie · ‎11-14-2016

Im having a very strange issue with a subset of AD users. The users in question have multiple AD accounts with the same Long name but different short names. When they attempt to login to the Mac , they are either not allowed to login or if they have the passwords to the account set the same they are longed in but with the incorrect account. Is there a way to see any auth logs to see what the mac thinks its trying to login with or to fix this issue ?

alexjdale · ‎11-14-2016

Are you mapping UID/GID from AD? If so, do the multiple accounts have the same UID/GID?

rwinfie · ‎11-14-2016

I am not doing those mappings. When i run the ID command it does return the same UID & GID

alexjdale · ‎11-14-2016

That might be the issue. The UID that it derives from AD is the same (there is a default AD attribute it will use as I recall, and your AD might be duping them for the multiple accounts).

I know that in our environment with mapping, if there are two users with the same UID the OS will get confused and sometimes display the wrong name in the menu bar.

rwinfie · ‎11-15-2016

Just checked, this doesn't seem to be an option for me , since we do not have these values set in the Attribute Editor in AD. So i would be mapping to values that don't have content

Jamf Nation Community

AD user logins