Help

Active Directory Bound Macs UNC issue

lavenderk
New Contributor

Posted on ‎11-14-2023 03:48 AM

Has anyone updated active directory bound Macs past Mojave?

I have tried updating to Catalina and newer but every time after logging in to a domain account it just sits there spinning.

The setup is:

  • Active Directory bound,
  • Jamf enrolled,
  • Mobile accounts turned off,
  • Local library folder turned off,
  • UNC Path enabled - So the library should generate on the network folder

Checking /library/logs/DiagnosticsReports/ from a Windows 10 station I can see reoccurring CRASH files relating to accountsd happening between 6-7 times a minute (please see a copy of one of them below). As of typing this up, the client computer is still at the pinwheel stage after 22 minutes and the logs are still reporting the same thing.

Process: accountsd [1987] Path: /System/Library/Frameworks/Accounts.framework/Versions/A/Support/accountsd Identifier: accountsd Version: 113 (113) Code Type: X86-64 (Native) Parent Process: ??? [1] Responsible: accountsd [1987] User ID: 795780844

Has anyone came accross a similar issue and resolved it?

0 Kudos
Reply
5 REPLIES 5

mschlosser
Contributor II

Posted on ‎11-14-2023 06:05 AM

I used to have network based library folders setup in the past. My experience was that they were very sensitive to permissions issues; eventually got away from them, because the permission issues were so pervasive.

0 Kudos
Reply

lavenderk
New Contributor
In response to mschlosser

Posted on ‎11-14-2023 06:11 AM

What did you go to? Did you just move back to local library folders?

0 Kudos
Reply

mschlosser
Contributor II
In response to lavenderk

Posted on ‎11-14-2023 06:20 AM

yea, that is correct; given the other management tools within the mdm; it wasn't as painful as it sounds.

0 Kudos
Reply

AJPinto
Honored Contributor III

Posted on ‎11-14-2023 06:18 AM

We had domain devices until macOS 12, when we finally retired that workflow. There were no issues at the time of retirement. I would suggest starting your testing with macOS 14. Apple is actively moving away from domain binding, look into Platform SSO if you can to replace domain binding.

 

Honestly, I would suggest looking at your domain controllers and the PAC enforcement configuration. Microsoft does not test changes against domain bound macOS devices. In 2021 MS made changes that broke macOS domain binding for about 6 months before finally patching and fixing it. 

KB5008380—Authentication updates (CVE-2021-42287) - Microsoft Support

 

 

Reply

Ismere
Contributor

Posted on ‎11-15-2023 02:59 AM

We also had issues with the UNC Path. Our Solution was to just not use UNC Paths anymore. For the Network Shares of our Users we wrote a small App that is Mounting there shares based on the Username they logged in with.

0 Kudos
Reply