cant login to mac (JAMFSchool) as any user apart from local admin

conitsupport
Contributor

Hi we have not used macs on our system (over 2000 ipads) but we have some macs now on DEP that i want to try setting up, i have one setup as a test and have created profiles etc and can log on with local admin account fine, i just cant login with any other user account, whether that is Active directory or JAMFSchool account.
When i update profiles i can see changes to the mac. i.e dock items / wallpaper etc.
Just need to know what setting im missing to allow users to login

6 REPLIES 6

SCCM
Contributor III

What accounts are you expecting to log in with? domain accounts, local accounts etc. Have you domain bound your device or are you using jamf connect, nomad, SSO or similar? Also under you security and privacy configuration policy under access do you have only local users may log in selected?
You might need to give a bit more info about the setup before anyone can help you (or log a call with support).

conitsupport
Contributor

Thanks ive checked under security and privacy and its not ticked/selected, i was hoping to use the user accounts which are on jamf school import from ASM, as i said ive not tried setting up a mac before, i thought it might just be apply profiles and login via jamfschool accounts?

I'm in the same boat as you. Just testing out with a few MacBooks and only the admin account is allowed to log in. What did you find out about this?

MarkDixon
New Contributor II

Don't suppose you found the solution to this?

 

Similar problem, we have shared ipads - log in via apple school manager accounts, was hoping to do the same on macs, but no login option like the ipads??

robhealea
New Contributor II

I learned that only an account that can be verified is allowed to log on. Obviously, local accounts are OK. As for any other account, there needs to be some sort of authentication system in place. So, first you need have a network account service set up, like Microsoft's Active Directory or Apple's Open Directory. Then you 'bind' your Jamf to the service: https://docs.jamf.com/jamf-school/deploy-guide-docs/Binding_Computers_to_Active_Directory_or_Open_Di...

Or connect to an LDAP server: https://docs.jamf.com/jamf-school/deploy-guide-docs/Setting_Up_LDAP_Authentication_in_Jamf_School.ht...

(Both of those sections are under Security Management in the Jamf School Deployment Guide)

There is also an option in MacOS Settings to allow network logons: https://support.apple.com/guide/mac-help/allow-network-users-to-log-in-to-your-mac-mh35562/mac

It doesn't appear that Jamf, itself, can be used for account authentication, so you have to have a go-between service. Also, look into Apple account federation.

I was not able to get this going as my Mac users are part of a pilot program and do not have network accounts on our domain, yet.

I hope this helps get you pointed in the right direction.

 

CruelInfant
New Contributor

Much obliged ive checked under security and protection and its not ticked/chose, I was expecting to utilize the client accounts which are on jamf school import from ASM, publix oasis as I said ive not had a go at setting up a macintosh previously, I figured it may very well be apply profiles and login through jamfschool accounts