I am noticing that all troublesome Macs that stop communicating with our AD server have one thing in common and its that this option in System Preferences-Users and Groups-Login Options "Allow network users to log in at login window" is missing. I have narrowed down that its not the clock or time server. I even re-install the jamf binary. The only fix is to remove the object and re-bind. Does anyone have any input on this? Maybe some kind of reset or cache flush?
*Also is there a way to check if this option is missing through a command? Would like to script this into a fix if I get it sorted. =)
I am seeing the exact same issue on some mac's in our environment.
What I am seeing is this option disappears and re-appears randomly.
If you open activity monitor and kill opendirectoryd a few times and close the users and groups preference pane the 'Allow network users to log in' option re-appears for some time.
Have you had any luck with the issue since original post?
I have a user who recently upgraded to Mojave and is now having the same issue, basically unable to login using his mobile account, but when i login using the local admin account, I see that "Allow Network Users to log in" is missing in system preferences. I unbind and rebind after restart and the option is there again.
If I disconnect from the network and restart, the option is gone again and the user can no longer login. Connect to the network and the option reappears.
If anyone found a resolution to this issue, please share it here.
Will share what I've done in case someone comes across this post. I was finally able to get it to work by removing the account from Filevault and re-enabling it
Login to the Local Admin account
Open System preferences and create new Local ADMIN account
Name account tempfv and use a password of your choice
Logout of old Local Admin acccount and login to tempfv account
Restart your computer and login to old local admin account
Open system preferences –-> Security & Privacy--> Filevault to confirm that no users need to be enabled for drive unlock.
Start Terminal and do the following sudo fdesetup add -usertoadd tempfv
When prompted: Enter local admin account password
Enter the customer's username when prompted
Enter the password for user. This password will be used to unlock the drive
Enter the password for the added user 'tempfv"
$ sudo fdesetup remove -user username
$ sudo fdesetup add -usertoadd username
Enter the user name: tempfv
Enter the password for user 'tempfv':
Enter the password for the added user username:
$ sudo fdesetup remove -user tempfv
Restart computer and login to Local Admin Open system preferences –-> Security & Privacy--> Filevault
Under the FileVault tab, click the lock and then click Enable Users "If needed"
Click the "username" and enter the "username" password
Restart computer and login as "username"
Hope this helps