Jamf Nation Community

Hey dlondon, thanks for replying!

Here is what I've done so far:

I removed the account and then ran the policy again on the computer (after first changing the password in the policy) to create it again.

If I create another standard user (I created one with the name TEST) it also fails to login

I booted to recovery mode and used the change password terminal command and changed it there. I also ran First Aid on the Drive and Volumes

I rest the PRAM and SMC (No T2 chip, 2015 MacBook Air)

The computers are joined to a domain, I have a student test account in the AD which works, I can login using it.

I have a local admin account also setup though Jamf and it works.

There are no Mobile Accounts.

I'll try your suggestion next and let you know how it goes.

Thanks!

The local standard account for the students is called Student1

I ran the terminal command: id student1 and it came back with: no such user. I ran the same command on my AD student test account and it comes back with a bunch of information.

I couldn't believe that it came back with no such user so I opened Users & Groups in sys prefs and the account is definitely there.

I'm using 10.15.7 with security update 2021-004 if that helps.

So I tried that same command using the Account Name (UWCStudent) instead of the Full Name (Student1) and I get a different result.

So I just checked a Yosemite system and did the same terminal command and this comes up.

I notice that the Yosemite is a uid=501 and Catalina is uid=502. Not sure if that is an issue or not.

Hi SGill, thanks for that. My problem is not creating accounts, it's allowing standard accounts to be able to login.

Thanks

The standard accounts I've created with MacUserGenerator don't have any trouble logging in here in my testing in case it helps resolve the issue your are seeing with creating them with other methods

Hey, so I tried out the MacUserGenerator and I'm not sure if it's part of my problem or I'm not doing it right. I created a pkg and but it fails when I install.

Make sure you're using an available User ID (UID).  You can show the existing visible local ones (not AD) with this:

dscacheutil -q user | grep -A 3 -B 2 -e uid:\ 5'[0-9][0-9]'

You could lower the UID number if you need to look at the built-ins, and UIDs below 500.  First admin accounts usually start with 501.

Thanks man.

So I created a new account with that tool and still no dice. The system still only allows Admins to login.

Wow--well you might try retesting on a fresh nuke/pave then...we use the it often with 10.15.7 so I can vouch for that it works normally.  The app GUI is just to make it easier to see what UID you are creating....