Posted on 04-15-2013 07:55 AM
Any of you folks using FileVault know what mechanism controls the ability to make sure the account that unlocks a disk (at power-on auth) is automatically logged on? I'm seeing intermittent behavior in some cases, where it may or may not automatically log the unlocking user into OS X.
Solved! Go to Solution.
Posted on 07-03-2014 05:52 AM
FV will use the last known good password. If you authenticate while connected to AD (unlock a system pref, etc), then the Mac will update the FV password to match. Unless you authenticate while connected to the network, the cache isn't updated.
Posted on 04-15-2013 10:07 AM
I've seen this problem when the password has expired for the unlocking (power-on auth) account. I would get beyond the unlock screen, but the OS then presented its own login screen and the power-on auth account credentials would not log me in.
Posted on 04-15-2013 10:43 AM
I'm seeing this with in an AD environment with cached accounts, where a password change for one reason is recorded in AD (and changed from the computer using System Preferences) but FileVault doesn't recognize that the password has changed, thus the passwords are out of sync. The keychain is updated with the new credentials, the locally cached account has the new credentials, the directory has the new credentials, but FV is still using the old credentials.
I'm still trying to figure out why.
Posted on 07-03-2014 05:14 AM
Has anyone figured out why FV still using the old credentials?
Posted on 07-03-2014 05:52 AM
FV will use the last known good password. If you authenticate while connected to AD (unlock a system pref, etc), then the Mac will update the FV password to match. Unless you authenticate while connected to the network, the cache isn't updated.
Posted on 07-03-2014 06:25 AM
@thoule This is what we've discovered as well. We're probably complicating things by using a 3rd party directory utility/mobile accounts, but that's not usually a problem for us anymore. Most of the time, if you perform a live/networked login with the updated credentials, it updates FileVault.
Posted on 07-09-2014 09:16 AM
What OS's are you seeing this with?
We were seeing this with some 10.8.x devices, but then once we upgraded those devices to 10.9.2 they were fixed.
APPLE RECOMMENDED WAY TO TRIGGER SYNC - UPDATING NON_SYNCED FV PREBOOT PASSWORDS
touch "/System/Library/PrivateFrameworks/EFILogin.framework/Resources/EFIResourceBuilder.bundle/Contents/Resources"
or
I FOUND THE BELOW WAY TO TRIGGER IT IN SOME CASES AS WELL
in terminal have user login with new password:
type "login username" at the prompt, then password.
We use Native AD Plugin.
Posted on 07-09-2014 10:22 AM
What OS's are you seeing this with?
*Were; date stamps give you an idea of when, in case you're curious. It's much more reliable these days (perhaps due to Apple and/or Centrify updates since then).
Did Apple support give you the tip about that file? Seems reasonable. As for the second tip, that's about the same as thoule's recommendation (triggering an authentication).
Posted on 09-16-2015 01:50 PM
I have this issue with Mac 10.10.4+ 10.10.3 are working fine. Have tried what you said on here still no luck.