Help

Login Keychain not being created

braillle
New Contributor III

Posted on ‎10-07-2021 01:58 PM

We have Mac devices binded to our Active Directory. When a user signs in, and tries to access our Self-Service Portal,  an error says "Portal unexpectedly stopped." What's strange is it only happens to Active Directory accounts. If we login with a local account the self service portal opens fine. We noticed the local account is creating Login Keychain, the Active Directory accounts are not.

 

We've tried, unbinding/binding, deleting keychain folder, changing Active Directory settings, we've wiped machines numerous times. We removed our companies antivirus from the device. Nothing has worked. Any ideas? All of this starting happening after updating to Big Sur.

0 Kudos
1 REPLY 1

sdagley
Esteemed Contributor II

Posted on ‎10-07-2021 02:27 PM

@braillle You _really_ need to look at alternatives to Active Directory/Mobile accounts on the Mac. They have been problematic for several macOS versions, and as you've discovered it's worse with Big Sur. All evidence suggest Apple doesn't care, and isn't going to invest any effort to fix these issues, so the best practice today is to not use AD based accounts. You can use the Kerberos Single Sign-On extension (or products like NoMAD and Jamf Connect) to synchronize a local account on the Mac with AD, and pull Kerberos tickets so you can still use AD for authentication.