Help

macOS Sonoma - Local AD - Password Expiration

sirsir
Contributor

Posted on ‎12-04-2023 06:45 AM

Good Morning,

I know I will catch some flack for still binding to Local Active Directory (working on getting ready for JAMF Connect) but any of our macOS devices running Sonoma are not receiving password expiry notices on login or prompting for password changes on initial login with temporary passwords. I know there was a bug with macOS at release, but that is supposedly patched? The bind itself seems to function as normal for initial local account creation. 

We're not doing anything fancy with the binds either. No UNC path, home drives, or drive mappings. 

What could I be missing? 

 

 

Labels:
0 Kudos
3 REPLIES 3

AJPinto
Honored Contributor II

Posted on ‎12-04-2023 08:55 AM

What are you using to deliver these notifications? If you are allowing FileVault pass through authentication, users won't see the login prompts that their PW is expiring. 

 

FileVault passthrough auth can be disabled with a configuration profile.

Domain: com.apple.loginwindow

xml:

<?xml version="1.0" encoding="UTF-8"?> 
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 
<plist version="1.0">  
  <dict>  
    <key>DisableFDEAutoLogin</key>  
    <true/>  
  </dict> 
</plist>

 

0 Kudos

sirsir
Contributor
In response to AJPinto

Posted on ‎12-04-2023 09:41 AM

Apologies, it's not really a "notification."  If the users password is expired it prompts them to change their password on the login screen. Works fine on all other macOS except for Sonoma. 

0 Kudos

AJPinto
Honored Contributor II
In response to sirsir

Posted on ‎12-04-2023 10:57 AM

I remember it being really flaky back when we domain bound and did not work from the lock screen. It was just a notification at the login window. I wonder if Apple finally removed/broke that functionality.

0 Kudos