Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-9048: Login fails after installing macOS High Sierra with Centrify DirectControl Agent for Mac

Centrify Identity Service, Mac Edition ,  

12 April,18 at 01:42 PM



Question:

Local accounts and network-based user login is failing after installing macOS High Sierra 10.13 on computers running Centrify DirectControl Agent for Mac version 5.4.1 or earlier. How can this be corrected?



Answer:

This scenario may happen if operating system updates are performed on computers running an incompatible version of the Centrify agent. A compatible version of the Centrify DirectControl Agent for Mac must be installed prior to upgrading macOS High Sierra and is available to Centrify Customers for download at https://www.centrify.com/support/macos-high-sierra-download/ (login required). 

To prevent end users from installing High Sierra, please review KB-5765: How to block OS X updates via Group Policy.


If High Sierra is installed prior to updating the agent, administrators will need to perform the recovery steps below from either Option 1 or Option 2. It is not necessary to complete both options.


Option 1 - Restore login without agent uninstall or adleave 

1. Boot into single user mode by holding down the key combination of Command-S immediately after pressing the power button to turn on your Mac, or immediately after your Mac begins to restart.

2. Continue holding the keys until you see white text on the screen.

3. If you're using FileVault, release the keys when you see the login window. Then log in to continue startup in single-user or verbose mode.

4. Once the computer has finished booting into single user mode, enter the following commands UNIX commands pressing the Enter key after each line:

      mount -uw /
      mv /Library/Security/SecurityAgentPlugins/CentrifyPAM.bundle /Library/Security/SecurityAgentPlugins/CentrifyPAM.bundle.orig
(Note: This line wraps with line above)
      mv /usr/libexec/dspluginhelperd /usr/libexec/dspluginhelperd.orig      
      mv /var/db/auth.db /var/db/auth.db.bak


5. Reboot the Mac using the following command: shutdown -r now

6. After the computer has finished rebooting, login using a local administrator account

7. Install Centrify agent version 5.4.2

8. Open a Terminal window and run the following command:

      sudo mv /usr/libexec/dspluginhelperd.orig /usr/libexec/dspluginhelperd 

9. Reboot the system and login using network user



Option 2 - Restore login with agent uninstall and adleave 

1. Boot into single user mode by holding down the key combination of Command-S immediately after pressing the power button to turn on your Mac, or immediately after your Mac begins to restart.

2. Continue holding the keys until you see white text on the screen.

3. If you're using FileVault, release the keys when you see the login window. Then log in to continue startup in single-user or verbose mode.

4. Once the computer has finished booting into single user mode, enter the following commands UNIX commands pressing the Enter key after each line:

      mount -uw /
      adleave -f
      /usr/local/share/centrifydc/bin/uninstall.sh
(Note: choose N when reboot prompt appears)
      mv /var/db/auth.db /var/db/auth.db.bak

5. Reboot the Mac using the following command: shutdown -r now

6. After the computer has finished rebooting, login using a local administrator account

7. Install Centrify agent version 5.4.2

8. Re-join the computer to Active Directory using the Centrify Join Assistant

Note: Be sure to choose ‘overwrite existing computer object in AD’ from the additional options available on second screen of the AD Join wizard.

          User-added image

9. Reboot the system and login using network user

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.