File Vault 2 User Enable Issue

zbrooks
New Contributor II

Hey fellow Jamf-ers,

Curious if anyone has had a similar situation: I have a user that i'm trying to enable in FileVault2 but it keeps thinking that her password is incorrect. Her account is AD based (as well as the Mac) and authentication for the same account works on AD Windows workstations just fine. We've tried resetting her password a few times, and re-checking her credentials on a Windows workstation as well afterwards, always works.

Other users are able to be successfully enabled as FV2 users except for her, so it certainly seems like an account issue. We've tried enabling her through the GUI within OSX and through the terminal command (sudo fdesetup add -usertoadd <username>) as well but with similar failures. The GUI says her password is incorrect and the Terminal commands come back with "Authentication of FileVault failed."

Anyone else had similar issues with users? Tips? Suggestions? Thank you!

5 REPLIES 5

sam_g
Contributor
Contributor

How about just unencrypting the harddrive and then having her kickoff filevault from her account?

bmack99
Contributor III

On the Mac in question, is said user able to login with her domain credentials? When you attempt to enable her account via the gui in sys prefs it shouldn't prompt for a pw if she is successfully logged into the OS with her domain account.

zbrooks
New Contributor II

Good morning guys, I have some information from the tech working with the user. Contrary to initial belief it looks she isn't able to log into the Mac itself with her AD credentials, which makes more sense than FileVault2 just being the issue, I suppose. I'm going to try some standard AD-bound troubleshooting, etc and I will respond back when I find a solution.

Thank you for your responses!

a_stonham
Contributor II

@zbrooks Any weird characters in the users password? Also make sure the Keyboard has not accidentally been set to something outside of your region.

Can other Domain users authenticate on the mac?

brandonalexande
New Contributor

first things first, i'd have her plug in to the network via ethernet, restart the computer, then login using her known working AD credentials.