openradar-mirror
commented
7 years ago Modified: 2017-09-27T14:39:06.937370
Open openradar-mirror opened 7 years ago
openradar-mirror
commented
7 years ago Modified: 2017-09-27T14:39:06.937370
openradar-mirror
commented
7 years ago Modified: 2017-09-27T14:39:06.937370
openradar-mirror
commented
7 years ago Modified: 2017-09-27T14:39:06.937370
openradar-mirror
commented
7 years ago Modified: 2017-09-27T14:39:06.937370
Description
Summary: This is a duplicate of radar #34617535
The TouchID preference pane is unable to load on High Sierra GM (10.13.0 17A362a) on any TouchBar MacBook Pro that is bound to ActiveDirectory and uses mobile accounts (which is a supported configuration for Active Directory for macOS High Sierra - this is mobile accounts, not portable home directories we're talking about).
Steps to Reproduce:
Expected Results: The TouchID preference pane should open and allow configuring TouchID on the device
Actual Results: The TouchID preference pane is not present.
Attempts to open it manually at the location: /System/Library/PreferencePanes/TouchID.prefPane
result in a dialog with the text:
You can’t open the “Touch ID” preferences pane because it is not available to you at this time. To see this preferences pane, you may need to connect a device to your computer.
TouchID is functional on the device. A local user account on the same machine, not connected to AD can log in as that account and the pane is present and opens.
The root cause of this bug is a change in the logic inside the binary located at /System/Library/PreferencePanes/TouchID.prefPane/Contents/Resources/AllowPasswordPref
The AllowPasswordPref pane executable is marked by the TouchID.prefpane as the executable to run for hardware compatibility for this preference pane, via this key in the Info.plist for the TouchID.prefpane: NSPrefPaneHardwareTest AllowPasswordPref
The AllowPasswordPref is executed and if the return result is 0, then the OS considers the preference pane compatible and will load/display it.
My guess as to what logic is attempting to happen here is that you're attempting to look for users that might have their home directory stored on an external thumb drive, which I can understand may not be compatible with TouchID biometric storage.
2 things:
There is no reason that TouchID should be incompatible with mobile accounts locally stored on the device. This is definitely a bug.
2nd, if it's no longer compatible with accounts that are stored on external media, then that information needs to be publicly documented somewhere - and it is not.
Number of devices affected: 2000 Impact of bug: Reduced/delayed adoption of 10.13 until this bug is corrected.
Version: 10.13.0 17A365
- Product Version: 10.13.0 17A365 Created: 2017-09-27T14:39:06.937170 Originated: 2017-09-28T09:38:00 Open Radar Link: http://www.openradar.me/34617535