Posted on 03-07-2018 07:01 AM
Hello, we have a local admin account for troubleshooting purposes on our macOS systems. We're seeing that we can login to a small percentage of some of them. No error message, just the password field shake. These accounts are not setup manually, so we're fairly certain that the password is correct.
Logged in from another user, we can run "dscl . authonly <USER>" and then enter the password for the account when prompted.
If we enter a purposefully incorrect password we get:
Authentication for node /Local/Default failed. (-14090, eDSAuthFailed)
<dscl_cmd> DS Error: -14090 (eDSAuthFailed)
If we enter the correct password we get:
Authentication for node /Local/Default failed. (-14167, eDSAuthAccountDisabled)
<dscl_cmd> DS Error: -14167 (eDSAuthAccountDisabled)
So from here it sounds like the account was disabled somehow. But if we run:
dscl . -read /Users/<USER> AuthenticationAuthority | grep DisabledUser
it doesn't have it flagged as Disabled there. I have also run:
pwpolicy -u <USER> -getpolicy
and it doesn't show it as disabled or having any policy set there.
So how can I get this account re-enabled without straight re-creating it?
Posted on 06-03-2020 02:45 PM
Posted on 12-15-2022 06:54 AM
Getting the same issue. We use sysadminctl to update our default account password and its failing with the same error: <dscl_cmd> DS Error: -14167 (eDSAuthAccountDisabled)