Hello everyone,
I hope to find some help here with our issue. We are using the Kerberos SSO Extension to synchronize the passwords of Mac users with their Active Directory (AD) passwords.
During initial setup, the user logs in with their AD account, followed by a password synchronization window. Here, they enter both their AD password and the Mac password to synchronize them.
This process works initially.
However, we have a department at one location experiencing an issue where the password synchronization window pops up as many as 50 times a day. It doesn’t matter whether a password is entered or if someone just clicks "cancel".
We have reinstalled all the Macs at this location. Everything was fine for about a month, and then the problem gradually started again.
I went to the location with my MacBook and did not experience the problem there. The colleagues also have this issue at home over VPN.
All are using macOS 14.4.1. However, the problem was also present in previous versions, including macOS 12 and 13.
Additionally, while the password synchronization window pops up, if you enter "app-sso -i <DOMAIN>" in the terminal, the "password_changed_date" and the value does not exist.
In the JAMF Configuration Profile, we have configured the following:
- Realm - Our Domain
- Hosts - Our Domain
- Request credential on next... - Enforce
- Automatically use LDAP and DNS... - Enforce
- Automatic Login - Allow
- User Presence to access... - Skip
- Local password sync - Enable
