Jamf Nation Community

Hi ! @lrabotteau

Can you explain further about the transition from Mobile Account to Network Account, after that change are you still able to log-in when being away from network?

@bjorgvin Thanks for sharing; https://www.reddit.com/r/macsysadmin/comments/9iu5b4/mojave_expired_passwords/

Update; The workaround of changing password so the pop-up windows is not appearing works for now.

2 workarounds.

One is to just turn off the password change notification.

sudo defaults write /Library/Preferences/com.apple.loginwindow PasswordExpirationDays 0

The 2nd was to just login while off the network. Thanks to @andyincali for helping test this and @frogor for the idea to try it.

@ClassicII Thank you for sharing :)

Confirmed having this issue as well and suggested workaround (disabling password change notification) corrected problem however I don't see this as acceptable in our production environment long term as a fix

Hopefully this is something that will be fixed in 10.14.1. Does anyone know if this has been filed with Apple?

We noticed this issue after changing the user account to mobile and using filevault 2 to encrypt the hard drive. Once we enabled filevault 2, the laptop would get stuck during boot.

If you turn off filevault, the AD mobile account works just fine.

As a work around, you can create a local account, then encrypt the hard drive. Log out of the local account and log into the mobile account. This is super annoying, but the hard drive is encrypted and mobile account works just fine, once you get through the initial boot.

We duplicated this issue by:
1. Reimaging the laptop with Mojave
2. Setup mobile user account
3. Enable filevault
4. Stuck screen at 90% loading bar and cursor (force reboot)
5. Login with local account instead of mobile
6. Logout of local and log in with mobile

I would love any suggestions or visibility to fixing this issue.

Not letting Passwords fall under 30 days for expiration seems to work for us right now. We run a 365 day length on passwords and anyone over 30 days does not have the issue while anyone at 30 days or less does. Once these users under 30 days change their password, the issue goes away.

Hi Guys,

Do you run the workaround prior to the upgrade?

Thanks

I ran into this as well when I got in to the office this morning. Thanks for confirming it's not an isolated problem.

Hi,

Yeah, i run the workaround prior the upgrade, you can also wait till 10.14.1. The issue is fixed in recent beta.

thanks @txhaflaire tried that and that works fine!

Thanks for confirming the beta fixes it too.

Same issue.

@txhaflaire do you still find that it takes a long time to log in?

I have seen this in 10.13.6, as well as 10.14.0/1 with AD mobile accounts. In every case disabling FDE auto login while booted in safe boot fixed this bug.

sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutologin -bool YES

I am having this issue with Mobile accounts on 10.14.0 - 10.14.2. Only with MacBook pro's & t2 chip

Just ran into this one myself with macOS 10.14.3 so looks like its still around:

Model: MacBookPro14,2
Processor: Intel Core i5
RAM: 8GB
Storage: 250 SSD with FileVault
Accounts:
Local
Mobile

What did i try to solve it:
- Reset PRAM
- SafeBoot (account logins possible)

This was caused by the password expiration prompt.

Darn.. we do have users (AD Mobile accounts) reporting in that when they upgraded to Big Sur, and trying to login a Password Change dialog appears so;

• Big Sur upgrade has finished
• Login Window appears and users fills in credentials and a Password Change dialog appears in Login Window, which does not accept anything
• After shutdown/reboot FileVault window -> accepts password -> Password change dialogs appears again.

Tried a lot like logging in with other local admin user and changing password for affected user, triggering password changes from AD, nothing helped except.

sudo defaults write /Library/Preferences/com.apple.loginwindow PasswordExpirationDays 0

@ClassicII Not sure if you had any MacAdmins reporting this in again, but if so the workaround from High Sierra -> Mojave should work.

@txhaflaire We have the exact same issue after Big Sur upgrade with our mobile accounts but running: sudo defaults write /Library/Preferences/com.apple.loginwindow PasswordExpirationDays 0
does not work; any other ideas?

@skumar check your existing config profiles and then the passcode payloads, i removed some of them where force password change was checked.

@txhaflaire Did that already; but no luck.
Note: when i am on the AD network the password change prompt does not appear.. its just when i am offline.

@txhaflaire We appear to be having the sane problem as @skumar. Upgrades to Big Sur and clean installs provoke a password change upon login with an AD bound user. Changing PasswordExpirationDays didn't seem to help here either.

Any other ideas?

is ther any way to sync the mac password and filevault password and AD network password without apps like No made or jamf connect

@mani2care The Kerberos Extension, for catalina onwards will do it, but you need to convert the accounts to standard from mobile, as it wont sync with mobile accounts. I needed Apple to help set it up, but it's a one off cost unlike Jamf Connect.