Home
Join

10 Replies

  • The issues is FileVault.  It requires a local account that's authorized to unlock the machine but should work with non-admin local account too.  Maybe a non-admin local account with a startup task to logoff, so they can then they can then login with their network account.

    Enable network user accounts to unlock encrypted Mac - Apple Community

    Pepper graySpice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • The user needs to have appropriate rights (but need not be admin).

    See https://support.apple.com/en-au/guide/deployment/dep24dbdcf9e/web

    PS: There has been a strong push AWAY from binding to AD (if that’s what you mean) for some time now

    Was this post helpful? thumb_up thumb_down
  • David_CSG wrote:

    The user needs to have appropriate rights (but need not be admin).

    See https://support.apple.com/en-au/guide/deployment/dep24dbdcf9e/web

    PS: There has been a strong push AWAY from binding to AD (if that’s what you mean) for some time now

    If we're not supposed to bind to AD, how do I enable the option to sign in with network accounts?  I don't have an option to use Jamf.  I can use Intune.  

    Was this post helpful? thumb_up thumb_down
  • You need to make the accounts Mobile accounts so the MAC caches the credentials of the user so they can sign in and then it will connect to the domain.

    Pepper graySpice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • With on premise AD, MAYBE NoMAD but The main developer of same has said that it is long overdue for a rebuild which won’t happen anytime soon.

    You can use JamfConnect without Jamf but that is geared toward Azure AD not local/on premise AD. Mosyle has an offering but it too is geared towards AAD or Google.

    What are you looking to do can work just letting you know of the current state of things. If you had some other source of truth for identity (IdP) then you’d have other options.

    All this said, the next version of macOS should support AAD login.

    https://9to5mac.com/2022/07/09/apple-identity-vision

    Was this post helpful? thumb_up thumb_down
  • Long time ago we used Thursby Software ADmitMac. It worked great. Not sure if it’s still around but take a look

    Was this post helpful? thumb_up thumb_down
  • ADmitMac was great in it’s time - which was decades ago :-) Over 10-15+ years ago.

    Even native macOS binding is a better choice where local/on-prem AD is in use - it’s just that there are many additional potential complications that come into play that a new or would-be Mac admin needs to know about in order to have a successful integration (macOS & AD).

    It’s all too common to find Windows-centric admins who don’t understand the realities & critical requirements of interoperating with *any* other operating system, and how much that brings into play including missing fundamentals of understanding DNS - just for example.

    (Please keep in mind for context that I spend large portions of my admin time dealing with Windows client, server, AD & AAD, O365, Autopilot and Intune, as well as Apple DEP & MDM etc.)

    Was this post helpful? thumb_up thumb_down
  • Text
    ADmitMac was great in it’s time - which was decades ago :-) Over 10-15+ years ago.
    

    That and Centrify were great for old Macs when a better 3rd party authentication plugin was needed.  For current Macs, the built-in AD join meets our needs for AD authentication.  May still need a 3rd party plugin if you want Macs to be configured based on GPOs.

    1 found this helpful thumb_up thumb_down
  • Xcreds is the new open-source software in this space getting a lot of attention:
    Pepper graySpice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • kevinmcox wrote:

    Xcreds is the new open-source software in this space getting a lot of attention:

    Thanks Kevin. I checked and (from what I found in terms of recent info) it looks like Tim has said he's "looking at it" in terms of support for local/on-premise/standard old-school AD. 

    Was this post helpful? thumb_up thumb_down

Read these next...