Authentication of AD users on Mac OS X failing sometimes (4277027)

Authentication of AD users on Mac OS X failing sometimes

Users are sometimes not able to log onto Mac OS X systems if they have previously logged onto the machine. The probelems seems to be that the user is showing up in the local context (dscl . -list /Users) and this account is the one that is being authenticated against instead of the AD account. If the local user is removed (dscl . -delete /Users/USERNAME) then the user is able to log in again with their AD credentials.

It was found that this issue was caused by a third party product, JAMF’s Casper Suite. The issue was caused by the JAMF Casper Suite’s JSS Server being allowed to apply User Level Managed Preferences. Since the VGP component of QAS has the same functionality the MCX settings function of Casper Suite should be disabled to prevent a conflict.

To disable this feature log in to the JSS as an Admin. Go to the following URL https://your_jss_url.com/computerCheckIn.html. On the Login/Logout Hooks tab dis-select the “Enable user-level Managed Preferences” then save.