Description
This article provides steps to regain access to a computer if Jamf Connect Login cannot connect or authenticate against the configured Identity Provider, local authentication is disabled via the DenyLocal key, and there is no account that will work at the Jamf Connect Login screen.
Troubleshooting Steps
Option 1: If the computer has internet connectivity and is checking in to Jamf Pro
Create a new policy in Jamf Pro
General tab Triggers: Recurring Check-in
Execution Frequency: Once per computer
Files and Processes tab: In the execute command line, enter the following:
authchanger -reset
Scope to the target computer
Wait for the computer to check in and run the policy. The default check-in frequency in Jamf Pro is 15 minutes. Once the policy has completed, this should be reflected in the policy log in Jamf Pro > The policy in question > Logs (along the bottom right).
Reboot the computer. The default macOS login screen should appear.
Option 2: If there is no connection with Jamf Pro
FOR COMPUTERS WITH T2 CHIP/M1
Note: If FileVault is enabled, a Secure Token holding account is required.
Press and hold the power button on your Mac until you see "Loading startup options."
Click Options, then click Continue.
Click Disk Utility and choose Data (or whatever the main hard drive is called) from the left and mount by clicking mount in the top right.
In the top left click Disk Utility > Quit Disk Utility.
Go to Utilities > Terminal.
Run the following commands in Terminal:
cd /Volumes/Macintosh\ HD/var/db/
rm ./auth.db
rm ./auth.db-shm
rm ./auth.db-wal
Note: Some of these files may not exist. The important one is auth.db.
Restart the computer by running this command:
shutdown -r now
.