SSO Extension password expiration

marcelhacker
New Contributor II

Hey Jamf community, 

I hope someone can help me with our problem with the SSO Extension.

We have replaced Enterprise Connect with Kerberos SSO Extension and now we have the problem that the password expiration date is not taken from Active Directory.
We only get the message "Password doesn't expire".

All other functions like change password work without problems.


Does anyone know the problem and has a solution for this?

Screenshot 2021-11-03 at 08.25.03.png

 

 

 

 

 

thankful for any help 🙂 

 

best regards

Marcel

 

7 REPLIES 7

Wilson25
New Contributor
 Apple IT admin's guide to Kerberos: SSO Extension, what's new with Big ... “Change Password” or interact with a password expiration notice.
 
 

Hey Wilson,

 

thanks for your replay but I can't find any solution for it =/

 

 

spotmac
New Contributor III

@marcelhacker i checked this on my side and it works fine in macOS12. Do you double checked all dns entries from your active directory (service records)?

jtrant
Valued Contributor

This works for me as advertised. Is the AD account in question set to "Password never expires" by any chance? Is this affecting all users in your org?

marcelhacker
New Contributor II

Hey all thanks for your replays. 

we checked everything on AD and the account isn't set to "password never expires".

 

But the problem was solved by updating to macOS12 👍

 

thank you and best regards

Marcel

 

cc_rider
New Contributor III

Hi all, 

Funny thing - I've changed my password yesterday through this SSO Extension and I've got the same problem as Marcel ("Password doesn't expire" message). Yes, I'm still under Big Sur and at the time of this password change, it was 11.6.0...I went ahead with the update to 11.6.1, just to see if it will fix it, but it didn't (we are still running some tests with Monterey, before we'll make it available for the majority). Any thoughts, suggestions, other than the Monterey's upgrade?

Thanks,

CC

marcelhacker
New Contributor II

Hey all,

 

our solution was to add a AD Site to the configuration in Jamf.

 

best regards

Marcel