Where to start diagnosing Secure Token provisioning error: com.apple.OpenDirectory Code=5100

HASysOps
New Contributor

Hi guys,

Been grappling with repairing SecureTokens on a bunch of our corporate Macs. I have basically a 50/50 success or failure rate. In this case, the current end user that owns a SecureToken is providing one to our Mac's administrative account. The end user is being temporarily elevated to administrator (where required) to carry out the command.

The command being run is:

sudo sysadminctl -adminUser $CURRENT_USER -adminPassword $USER_PASS -secureTokenOn $ADMIN_NAME -password $ADMIN_PASS 2> $LOG

In the case of failures, the error is:

setSecureTokenAuthorizationEnabled error Error Domain=com.apple.OpenDirectory Code=5100 "Could not verify credentials because directory server does not support the requested authentication method." UserInfo={NSLocalizedDescription=Could not verify credentials because directory server does not support the requested authentication method., NSLocalizedFailureReason=Could not verify credentials because directory server does not support the requested authentication method.}

I don't even know where to begin with the fact that this is pretty much working on half of Macs and not the others. Any ideas on where to start with diagnosing this error? These Macs are running on either 10.13.4 or 10.13.5 in cases of both success and failure.

Thanks.

2 REPLIES 2

a_stonham
Contributor II
fdesetup list

Will give you a list of the secure token enabled users on your mac.

If you are not able to assign a secure token to another user using the credentials of one of the users output from that list. You are going have to format the drive and reinstall macOS to get it working again.

Chuey
Contributor III

Bump - did anyone ever find a resolution to this?