At the risk of just sounding totally stupid... I noticed my AD account locking out randomly lately and was not sure what the issue was, ran a Lock out report on my Domain and it came back blank, Then 2 days ago a co worker of mine also installed Composer 9.1 and is not having the same lock out issues with AD, I see composer is asking for admin rights when it opens and it seems totally strange that Composer would be doing this but now my co workers account is also coming up as a blank report in AD, so we are wondering if anyone has seen this or if this is a bug?
Yeah, sorry, I guess Composer doesn't have that like the others.
So you're just using Composer without Casper? Another place we have lots of lockouts is using our AD cred's on Wifi (internal, secure Wifi).
Do you possibly do that? Since Composer isn't using a saved ID/Pass, I don't know how that would happen.
Composer asks to authenticate locally with Administrator rights.
So, the lockout must be being caused elsewhere.
As @boettchs enquires above, are you sure you're not using your AD creds elsewhere?
I've know people to get locked out after deploying AV clients as they entered in their creds, & post a pw change the clients were using the old pw & therefore locked them out.
Hmm.. OS X 10.9, Composer 8.73 (and tried 8.72) and when I build a package... I get locked out of AD. Composer goes crazy and starts opening shell after shell after shell until I get locked out. This was definitely not an issue pre-10.9. Honestly, I don't know what Composer is doing.. it doesn't hit the JSS at all.
I should note.. this happened on other Macs running 10.9. And it DOES NOT happen if we build the same installer as a DMG. Only as a .PKG. The destination is a local folder, and it doesn't matter where we put it. Even my Desktop borks.
Are you running 10.9 also?
We opened a support ticket with JAMF and as usual they are right on top of it. There's a debug req into the devs. No ETA on a fix.
Side note: if you authenticate initially with root or some other local admin, your AD account won't get locked out and everything will package fine.
So, we have a bug report in with JAMF, so they know about it and the developers will (presumably) fix it in a future version.
Our directives have been the same, use a local admin account to authenticate your Composer app when you run it, and you at least won't get locked out and it will work just fine. Kind of annoying if the meantime between Composer use = brain flush and you forgetfully lock yourself out.
One thing that's really annoying is that when I use Casper Admin, I get a 'casperadmin.ad' kerberos ticket as our casperadmin account is AD. If I need to log into a file-server, I have to nuke that stupid ticket or else I can't get to my shares. I know this was discussed elsewhere, but it's another niggling AD/Casper thing that you have to remember or you bang you head. Again.
I am also experiencing this problem, but I get it no matter WHAT account I authenticate with. This is new to the last week - I have never had any problems with Composer on my normal, AD-bound Mac. Now it looks like I will have to build packages on a machine where I am logged in TO THE MACHINE using a local account. . . as well as using a local account for Composer.
Unfortunately, we are still on Casper 8.73 and can't upgrade quite yet, so unless this is fixed in all versions, there's not much help for us.
This must be yet another Mac OS X 10.9.2 "feature" - could possibly even have to do with the most recent security patch that came out. . . . at least for us.
First post on here -
Just tacking on that this is still an issue as of 9.7. It happens when I build the package in Composer, but not beforehand, while I'm configuring it. I'd call this a bug, since it's clear that "something" in Composer is failing, and the buggy part is that it's blindly retrying it until it causes the AD lockout.