Hello
I am testing inplace upgrade from Sierra (10.12) to High Sierra (10.13) using a test computer with a local admin and a mobile network user (bound to AD) with FV enabled
Both users show up at startup, can unlock the disk and automatically login in Sierra but - once updated to High Sierra - only the mobile account is visible at login window (that is able to unlock the disk and startup)
I have found some other old threads where the AD account was the one missing from unlocking FV at startup, not the local admin
The weird thing is the mobile account user still appears within the list of users that can be enabled in System Preferences (despite it can already unlock the disk) while the local admin is not available and cannot be manually added
Is this a known issue?
Securetoken is enabled for local admin user after the upgrade and I have already tried to change the user picture to see if it fixes something (since the error message below refers to something and this was a reported solution in older threads)
testclient:~ ADuser$ sysadminctl -secureTokenStatus admin
2019-03-19 14:50:05.446 sysadminctl[999:6854] ### Error:kDSNAttrJPEGPhoto has multiple values! That is not supported yet, only 1st will be read! File:/BuildRoot/Library/Caches/com.apple.xbs/Sources/Admin/Admin-679/DSNode.m Line:396
2019-03-19 14:50:05.448 sysadminctl[999:6854] Secure token is ENABLED for user admin
I have also tried adding the local admin with this
sudo fdesetup add -usertoadd admin
And local admin was already present in fdesetup users list
[Last login: Tue Mar 19 14:53:37 on ttys000
testclient:~ admin$ sudo fdesetup list
Password:
ADuser,74BCC1DD-2965-4C1D-BBD1-493767B1E4E3
admin,E164A585-EC3E-43AA-9054-C21CE56D25E4]
And also tried
sudo diskutil apfs updatePreboot /
Any help will be greatly appreciated!
have a great day everyone
Carlo
