Help

Directory Binding in 9.96 on Sierra

Go to solution
Randydid
Contributor II

Posted on ‎09-12-2016 03:10 PM

Hello,

I find myself ahead of the curve-a rarity! My existing AD Bindings in JSS that work on El Cap and older configs do not seem to function on Sierra. I am using the macOS Sierra GM seed. Anyone else try this or have issues?

Oh, and running JSS 9.96

TIA,

/randy

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
nvts
New Contributor II

Posted on ‎09-12-2016 09:11 PM

Our initial testing on the Sierra GM (with JSS 9.9) is working for AD binding from the JSS.

In the past, we have had to re-enter the credentials to the AD binding service account in the JSS after upgrades. Something about the hashed password not surviving the upgrade process, and needing to get blown out.

View solution in original post

0 Kudos
6 REPLIES 6

Go to solution
retroroscoe
Contributor

Posted on ‎09-12-2016 08:47 PM

Hi Randy,

I've tested in my enviroment and it seems to have worked fine. My test machines have been Pre-Enrolled then join AD using a Config Profile or done in the Pre-Enrollment

0 Kudos

Go to solution
nvts
New Contributor II

Posted on ‎09-12-2016 09:11 PM

Our initial testing on the Sierra GM (with JSS 9.9) is working for AD binding from the JSS.

In the past, we have had to re-enter the credentials to the AD binding service account in the JSS after upgrades. Something about the hashed password not surviving the upgrade process, and needing to get blown out.

0 Kudos

Go to solution
mkremic
New Contributor III

Posted on ‎09-12-2016 10:00 PM

I've been testing Directory Bindings on 10.12 with weird results. Was testing with 9.93 and just upgraded to 9.96.

I'm using a script to bind macs to our AD domain so can't comment on the JSS' built in directory binding but seeing the following:

When logging in a prompt for "workgroups for <username>". Doesn't matter if I click "continue" or "Remember and continue", it keeps popping up every logon. This happens for local mac accounts and AD domain accounts.

When logging in with a Domain Account, it isn't creating a mobile account. There is a button in Users & Groups to convert it to a mobile account (despite having the "create mobile account at login" checkbox checked). Clicking this button to create a mobile account was working on the last dev preview I had tested, but it seems to not be on the GM release. The AD settings seem to be ignored by macOS 10.12 at this moment.

We're not using portable homes i.e. syncing the home to a network server, just local directories on the mac.

I'm just trying out our build process with 9.96 to see if there's any change but I doubt it. Anyone else see anything similar? 05d12c630b8344ad9f043bb0a4a54e64

0 Kudos

Go to solution
Randydid
Contributor II

Posted on ‎09-13-2016 08:16 AM

@nvts That was it! Thanks. Sounds like a bug report is in order on this one.

Thanks!

/randy

0 Kudos

Go to solution
robby_c137
New Contributor III

Posted on ‎09-21-2016 03:49 PM

@Randydid I went through the same thing and in addition had to unlock our AD service account since JSS's multiple failed attempts locked it.

0 Kudos

Go to solution
dlondon
Valued Contributor

Posted on ‎12-07-2016 08:08 PM

Steven (nvts),

Thanks for that info. We had a bind issue after upgrading to 9.96 on Nov 28. After reading what you said about having to re-enter the password of the bind account in the JSS I tried that and it worked. We have lots of different bind accounts for different support areas and I tested in 3 of those and in each case the re-entering of the correct password into the JSS fixed the authentication failure.

I've reported the issue to JAMF support

Regards,

David

0 Kudos