Posted on 05-23-2019 01:37 AM
Hello,
we are more or less new to Jamf Pro and rollout our first managed Macs in a friedly user phase.
Main Problem:
AD usernames with - or _ in it like "muller-riha.marc" will not work. It is shaking like the password is wrong.
Does anybody know anything about it?
Best
Tristan
Solved! Go to Solution.
Posted on 05-23-2019 04:53 AM
blame on us
We thought, that our Macs using the "User logon name" at AD.
But it's using the "Display Name".
If we have a normal user account and an admin account with the same "Display name", the password window will shake. In our friendly user phase are admins the only ons with "-" in the name.
Posted on 05-23-2019 03:02 AM
Hey,
Shaking on the Mac Login window? Mac is AD-bounded? Users like mike.mustermann is working?
Best Thorsten
Posted on 05-23-2019 03:06 AM
yes
Posted on 05-23-2019 03:16 AM
Both are valid characters in an AD environment.
Are date and time correct?
Have you verified your machine is bound successfully?
Log in using local user and open terminal:
id muller-riha.marc
If you see any output other than ‘no such user’ then the Mac is bound.
Posted on 05-23-2019 03:16 AM
Hmm, tested it here but no problems. Possible that the mac is not bound correctly?
Posted on 05-23-2019 04:13 AM
We also use "_" in some of our usernames (mine has one) and we never had that problem.
I would also suggest du check the AD bound status. Deppends on the AD configuration but in our AD the Macs have to be in a special group. If a Mac (or a Windows PC) is not in the correct group the login won't work because of security profiles.
BR
Danie
Posted on 05-23-2019 04:23 AM
So I’m probably not much help here but I recall back to 2003 (yeah not terribly timely) that we had a problem with that on the Windows computer side of the house. Our solution back then was to reissue new logins to about the 200 accounts we had. We’ve since grown obviously and that solution wouldn’t be viable today.
Again not timely as AD has evolved greatly, but Windows computers had a problem with underscore logins at one time too.
That incident though was why we have a standing order to our AD admins not to allow underscores in login names to this day.
Posted on 05-23-2019 04:53 AM
blame on us
We thought, that our Macs using the "User logon name" at AD.
But it's using the "Display Name".
If we have a normal user account and an admin account with the same "Display name", the password window will shake. In our friendly user phase are admins the only ons with "-" in the name.