Help

SSO Extension password expiration

marcelhacker
New Contributor II

Posted on ‎11-03-2021 12:27 AM

Hey Jamf community, 

I hope someone can help me with our problem with the SSO Extension.

We have replaced Enterprise Connect with Kerberos SSO Extension and now we have the problem that the password expiration date is not taken from Active Directory.
We only get the message "Password doesn't expire".

All other functions like change password work without problems.


Does anyone know the problem and has a solution for this?

Screenshot 2021-11-03 at 08.25.03.png

 

 

 

 

 

thankful for any help 🙂 

 

best regards

Marcel

 

0 Kudos
Reply
8 REPLIES 8

Wilson25
New Contributor

‎11-03-2021 02:42 AM - edited ‎11-08-2021 02:05 AM

 Apple IT admin's guide to Kerberos: SSO Extension, what's new with Big ... “Change Password” or interact with a password expiration notice.
 
 
0 Kudos
Reply

marcelhacker
New Contributor II
In response to Wilson25

Posted on ‎11-03-2021 03:42 AM

Hey Wilson,

 

thanks for your replay but I can't find any solution for it =/

 

 

0 Kudos
Reply

spotmac
New Contributor III

Posted on ‎11-03-2021 04:58 AM

@marcelhacker i checked this on my side and it works fine in macOS12. Do you double checked all dns entries from your active directory (service records)?

0 Kudos
Reply

jtrant
Valued Contributor

Posted on ‎11-03-2021 12:10 PM

This works for me as advertised. Is the AD account in question set to "Password never expires" by any chance? Is this affecting all users in your org?

0 Kudos
Reply

marcelhacker
New Contributor II

Posted on ‎11-04-2021 12:31 AM

Hey all thanks for your replays. 

we checked everything on AD and the account isn't set to "password never expires".

 

But the problem was solved by updating to macOS12 👍

 

thank you and best regards

Marcel

 

Reply

cc_rider
New Contributor III

Posted on ‎11-09-2021 04:26 AM

Hi all, 

Funny thing - I've changed my password yesterday through this SSO Extension and I've got the same problem as Marcel ("Password doesn't expire" message). Yes, I'm still under Big Sur and at the time of this password change, it was 11.6.0...I went ahead with the update to 11.6.1, just to see if it will fix it, but it didn't (we are still running some tests with Monterey, before we'll make it available for the majority). Any thoughts, suggestions, other than the Monterey's upgrade?

Thanks,

CC

0 Kudos
Reply

marcelhacker
New Contributor II

Posted on ‎01-27-2022 08:11 AM

Hey all,

 

our solution was to add a AD Site to the configuration in Jamf.

 

best regards

Marcel

0 Kudos
Reply

RCRC74
New Contributor
In response to marcelhacker

Posted on ‎11-18-2024 12:08 PM

Can you please expand on this? Why would you need to add an AD site and how you did it to get the "Password doesn't expire message" to go away, thanks

0 Kudos
Reply