Active Directory Bound Macs UNC issue

lavenderk
New Contributor

Has anyone updated active directory bound Macs past Mojave?

I have tried updating to Catalina and newer but every time after logging in to a domain account it just sits there spinning.

The setup is:

  • Active Directory bound,
  • Jamf enrolled,
  • Mobile accounts turned off,
  • Local library folder turned off,
  • UNC Path enabled - So the library should generate on the network folder

Checking /library/logs/DiagnosticsReports/ from a Windows 10 station I can see reoccurring CRASH files relating to accountsd happening between 6-7 times a minute (please see a copy of one of them below). As of typing this up, the client computer is still at the pinwheel stage after 22 minutes and the logs are still reporting the same thing.

Process: accountsd [1987] Path: /System/Library/Frameworks/Accounts.framework/Versions/A/Support/accountsd Identifier: accountsd Version: 113 (113) Code Type: X86-64 (Native) Parent Process: ??? [1] Responsible: accountsd [1987] User ID: 795780844

Has anyone came accross a similar issue and resolved it?

5 REPLIES 5

mschlosser
Contributor II

I used to have network based library folders setup in the past. My experience was that they were very sensitive to permissions issues; eventually got away from them, because the permission issues were so pervasive.

What did you go to? Did you just move back to local library folders?

yea, that is correct; given the other management tools within the mdm; it wasn't as painful as it sounds.

AJPinto
Honored Contributor III

We had domain devices until macOS 12, when we finally retired that workflow. There were no issues at the time of retirement. I would suggest starting your testing with macOS 14. Apple is actively moving away from domain binding, look into Platform SSO if you can to replace domain binding.

 

Honestly, I would suggest looking at your domain controllers and the PAC enforcement configuration. Microsoft does not test changes against domain bound macOS devices. In 2021 MS made changes that broke macOS domain binding for about 6 months before finally patching and fixing it. 

KB5008380—Authentication updates (CVE-2021-42287) - Microsoft Support

 

 

Ismere
Contributor

We also had issues with the UNC Path. Our Solution was to just not use UNC Paths anymore. For the Network Shares of our Users we wrote a small App that is Mounting there shares based on the Username they logged in with.