Jamf Nation Community

Fissette101 · ‎04-07-2015

Ok this one may be pretty silly. We are working on setting up our Casper Server and have begun building / testing images to deploy over summer. I have an image built that is having issues when logging in with an AD user.

The local admin account logins fine. Then when logging in with a network account it constantly displays the "Setting up your Mac" screen then throws a Keychain error "A keychain cannot be found to store 'xxx'."

Any ideas on where I should begin looking? Thank you!

pblake · ‎04-07-2015

Look at the Template folder like @Look said. Then if nothing bad is there, look at some of the packages being installed. One of them must be putting a keychain into the templates folder. If any packages were built from a snapshot method, I would look there first.

View solution in original post

Look · ‎04-07-2015

In the termplate user It will be putting zero k files in a Keychains folder with the same name as the keychains that are failing.
We have for reasons unknown one configuration that always does this, I gave up trying to find the cause and just scripted removing the files post image.

"/System/Library/User Template/English.lproj/Library/Keychains"
(It may not exist, it will only have been created if some process in the confiuration has created it or a subfolder and the whole folder structure is only visible with elevated rights)

pblake · ‎04-07-2015

Look at the Template folder like @Look said. Then if nothing bad is there, look at some of the packages being installed. One of them must be putting a keychain into the templates folder. If any packages were built from a snapshot method, I would look there first.

jaferguson · ‎04-07-2015

Are you using local homes or network homes?

I have had keychain issues with network users with local homes. I think that Apple changed how the Keychain and User Keychain folders are created. I had to resort to adding a Keychain folder to the non localized user template Library to ensure that all new network accounts were able to login.

I have also seen in the local user Library several items that look like document icons instead of folders. The Keychains item is usually among these items. It can be deleted if it isn't a folder and the OS will recreate it as a folder.

The problem has popped up from time to time on student computers in lab settings where random students on random computers cannot fully login because of Keychain errors. I wrote a script to test for Library folders and recreate them if they were not in place.

Fissette101 · ‎04-08-2015

Thank you for the help. The "/System/Library/User Template/English.lproj/Library/Keychains" folder does not exist.

I am sure it is one of the packages being installed. I thought I found the culprit with FUT and FEU checked that once unchecked seemed to resolve the issue with the Local admin account, but as soon as I connect to the domain and login with a user the issue pops right back up with the "Setting up your Mac", blah blah.

Ill try adding the Keychains folder as jaferguson suggested.

Fissette101 · ‎04-08-2015

Ok, quick testing and no cigar.

For clarification we are using local home directories.

I think I am going to need to do some testing of images with each application installed and see if I can find another culprit.

Fissette101 · ‎04-09-2015

It was one (a few) of the packages that had FUT and FEU checked that was causing the issue. I went through package by package until I found the culprit. Thank you for the help!

Maineboy22 · ‎03-14-2017

Having the same issue whether it's with a network account or a local account. With the local accounts I can just create a policy that creates the local account and just scope it to the Mac or Macs that need the account.

I looked for the /System/Library/User Template/English.lproj/Library/Keychains folder and it doesn't exist.

I guess I'll start hunting down the offending policy although if that's the issue, that's really annoying.

Jamf Nation Community

Keychain issues on newly imaged MAC