Created Fri Mar, 08 2024 at 01:18AM

My MacOS is bound to an AD domain, and recently I started getting some strange behavior when I went to unlock my keychain or install an App etc.. it would give a vague message saying "Authentication is disabled". Great. What does that mean? It turns out the system may have locked out your local account and you need to run the following to restore it.

Reference: https://community.jamf.com/t5/jamf-pro/softwareupdate-is-trying-to-authenticate-user-authentication-is/m-p/245357

#Check if your account has securetoken enabled, (it probably does)
# Disable it then reenable it.
sysadminctl -secureTokenStatus <username>
sysadminctl -secureTokenOff <username> -password - -adminUser <adminusername> -adminPassword -
sysadminctl -secureTokenOn <username> -password - -adminUser <adminusername> -adminPassword -
diskutil apfs UpdatePreboot /

Now reboot and you're good to go.