Help

Ventura Filevault requiring network connection to log in fully

brian_eybs
New Contributor III

Posted on ‎09-01-2023 11:27 AM

On our Ventura devices we have are having difficulty with filevault preventing users from logging in when not connected to the network.  If the device has a wireless or wifi connection, a AD account can log in with no issue.  As soon as it is disconnected, and try to log in with the same AD account, we get a login progress bar that stops around 60-70% and goes not further..  If we connect a network then try to login again, it logs right in.  If we disable filevault, the user can log in on or off the network with no issue.

Is this normal? How do we get around it?

We did not have this problem with previous OS versions.

Thanks for any assistance

0 Kudos
Reply
4 REPLIES 4

AJPinto
Honored Contributor III

Posted on ‎09-01-2023 12:33 PM

What strikes me as strange. As far as I am aware, FileVault has no concept of a network connection. You getting the process bar means the disk is decrypting and the OS is loading. I would suggest trying in safemode. My guess is its an application that is launching before the login screen loads that is causing issues.

Reply

brian_eybs
New Contributor III

Posted on ‎09-01-2023 01:01 PM

Sigh...  yup.  It is odd.

I keep seeing old thread of similar issue where during the AD bind, we have to uncheck "Use UNC path from Active Directory to derive network home location."  This is not something that we have has to do in the past.  If anyone has any experience with that setting and a similar issue, please let me know.

0 Kudos
Reply

junjishimazaki
Valued Contributor

‎09-01-2023 03:49 PM - edited ‎09-01-2023 03:49 PM

The only thing that comes to mind since is it domain bould is if you didn't enable mobile account for the users. If you don't then the user can't log in locally. 

Reply

brian_eybs
New Contributor III

Posted on ‎09-06-2023 12:57 PM

After a bit of testing it does appear that "Use UNC path from Active Directory to derive network home location." needs to be unchecked in order for the login to be able to happen normally.

Does anyone know if we can just change that setting in Directory Utility or if we need to unbind and rebind with the check box unchecked, for the setting to change?

0 Kudos
Reply