Help

Kerboros SSO

Go to solution
dnayes
New Contributor III

Posted on ‎07-25-2024 11:12 AM

Good afternoon.

I am trying to set up Kerboros SSO in place of binding MacBooks to active directory and using mobile network accounts. This will be on laptops that only have a single user.  The only thing I want Kerboros to manage is to sync local account passwords to match a users active directory password. I got things working to the point where the passwords sync and it works pretty slick.

The problem I am having is that window to sync their mac password and their Active directory password comes up on every login.  The user can cancel out of the window our type their two passwords again, but its a bit annoying that it comes up on every login. Is there a way to have this password sync check pop up maybe only monthly?

 

Thank you,

 

Doug

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
dnayes
New Contributor III
In response to jtrant

Posted on ‎07-26-2024 11:14 AM

I actually just figured this out an hour or so ago. Apparently the realm and the host name had to be in all caps 🤔. Thank you for the reply though

View solution in original post

0 Kudos
Reply
2 REPLIES 2

Go to solution
jtrant
Valued Contributor

‎07-26-2024 08:42 AM - edited ‎07-26-2024 08:44 AM

Have you unbound the Mac from AD and converted the account to a 'Local' user account? The Kerberos SSO extension does not support 'Mobile' user accounts AFAIK.

https://github.com/BIG-RAT/mobile_to_local

Reply

Go to solution
dnayes
New Contributor III
In response to jtrant

Posted on ‎07-26-2024 11:14 AM

I actually just figured this out an hour or so ago. Apparently the realm and the host name had to be in all caps 🤔. Thank you for the reply though

0 Kudos
Reply