Comments (6)
PezzaD84
commented on June 15, 2024
Hi,
What failures are you experiencing? Are you able to share the logs from JAMF and the local LAPS log and I will take a look to see whats going on(/Library/.LAPS/Logs/)
from maclaps.
snowwalker1988
commented on June 15, 2024
Hi, one failure I found myself.
I didn´t use the new LAPS.pkg
Now the Log in JAMF is the following:
Script result: Error checking any previous configuration.....
Log found. Checking for previous failures.....
No previous failures detected. Continuing LAPS Configuration.....
Log already exists. Continuing setup.....
***** LAPS Account cycled 14/07/2023 13:45:36
Password length has been set to 12 characters
macadmin does not exist. Creating local admin now
2023-07-14 13:45:37.017 sysadminctl[21042:138097] ----------------------------
2023-07-14 13:45:37.017 sysadminctl[21042:138097] No clear text password or interactive option was specified (adduser, change/reset password will not allow user to use FDE) !
2023-07-14 13:45:37.018 sysadminctl[21042:138097] ----------------------------
2023-07-14 13:45:37.198 sysadminctl[21042:138097] Creating user record…
2023-07-14 13:45:37.972 sysadminctl[21042:138097] Assigning UID: 503 GID: 20
2023-07-14 13:45:38.144 sysadminctl[21042:138097] Creating home directory at /Users/macadmin
GroupMembership: root it-support macadmin
LAPS Account created Successfully
<?xml version="1.0" encoding="UTF-8"?><computer><id>2</id></computer><?xml version="1.0" encoding="UTF-8"?><computer><id>2</id></computer>CryptKey and SecretKey Escrowed to Jamf successfully
Device serial is xxx (xxx for privacy)
JAMF ID is 2
LAPS Configuration was successful
No slack URL configured
LAPS Launch Daemon not found
Is "LAPS Launch Daemon not found" a failure or maybe I have a problem to understand the construct how changing the password now is working? Till now we use the 4th policy.
from maclaps.
snowwalker1988
commented on June 15, 2024
One the client above it was fresh computer without any macadmin before.
But when I now try it on a machine with a macadmin from an older macOSLAPS version we get this:
Script result: Error checking any previous configuration.....
Log found. Checking for previous failures.....
No previous failures detected. Continuing LAPS Configuration.....
Log already exists. Continuing setup.....
***** LAPS Account cycled 14/07/2023 14:16:00
Password length has been set to 12 characters
GroupMembership: root macadmin it-support
macadmin has already been created and is a local admin. Resetting local admin password....
2023-07-14 14:16:01.574 sysadminctl[2890:18853] ### Error:-14090 File:/AppleInternal/Library/BuildRoots/c2cb9645-dafc-11ed-aa26-6ec1e3b3f7b3/Library/Caches/com.apple.xbs/Sources/Admin_sysadminctl/addremoveuser/main.m Line:378
2023-07-14 14:16:01.574 sysadminctl[2890:18853] Operation is not permitted without secure token unlock.
<dscl_cmd> DS Error: -14090 (eDSAuthFailed)
Authentication for node /Local/Default failed. (-14090, eDSAuthFailed)
Password validation failed.
from maclaps.
PezzaD84
commented on June 15, 2024
Hi,
Thats a good point you bring up that the "LAPS Daemon not found" is not clear. Its not a failure and I've amended the text now. Thanks for raising that.
The second issue you have raised is an odd one. The newer scripts use the same API calls so they should still be looking at the same extension attributes to get the password. Again, the "Password validation failed" line is going to go in the troubleshooting section as a new entry. If you see this the next run of the LAPS Policy will clean up any issues and get you back on track. I will also add extra wording to the failure message for users.
Thanks for bring these issues up. I've amended the wording in the script now and will add the failure message to the wiki.
from maclaps.
snowwalker1988
commented on June 15, 2024
Hi,
thanks for updating this.
We now looked some days with test clients. On a few clients it works good.
But one some clients we get following failures (also when trying [Create Local Admin & password] a second time):
Script exit code: 1 Script result: Error checking any previous configuration.....
Log found. Checking for previous failures.....
No previous failures detected.
Continuing LAPS Configuration.....
Log already exists. Continuing setup.....
***** LAPS Account cycled 19/07/2023 11:44:00 Password length has been set to 12 characters GroupMembership: root jamfadmin macadmin macadmin has already been created and is a local admin.
Resetting local admin password....
2023-07-19 11:44:01.062 sysadminctl[25110:2816541] resetting password for macadmin. (Keychain will not be updated!)
2023-07-19 11:44:02.074 sysadminctl[25110:2816541] SystemConfiguration commitChanges failed. DS Error: -14090 (eDSAuthFailed) Authentication for node /Local/Default failed. (-14090, eDSAuthFailed) Password validation failed.
Please re-run the LAPS policy. If the problem persists please raise a ticket.
Error running script: return code was 1. Running Recon...
Do you have some idea why?
Best regards
from maclaps.
PezzaD84
commented on June 15, 2024
Hi,
This is very odd as the script should find the failure and create a failures folder and log.
If all else is failing then there is the reset LAPS script which you could use to flush the account and settings completely from the device and start from scratch. You can find the reset script on the main github page. There are some short instructions in the wiki and in the script itself.
from maclaps.
Related Issues (20)
- Cleaner suppress plist HOT 1
- Add securetoken to LAPS admin HOT 1
- Question about extension attributes HOT 3
- Question about Macs with existing LAPS account HOT 25
- Question - extension attributes HOT 1
- i cant find my Encrypted API Credentials HOT 4
- Beta Testing HOT 11
- Crypt key and secret key fail HOT 3
- LAPS Last Decoded Date empty HOT 6
- Teams integration HOT 1
- swiftDialog version HOT 5
- LAPS Decode and extension attributes HOT 3
- Error Creating LAPS Admin HOT 2
- The password is NOT automatically copied to clipboard. HOT 2
- Unable to login/authenicate with LAPS account HOT 3
- Problem with encoded credentials HOT 1
- Credential issue HOT 9
- Inventory item not found HOT 3
- local admin account already exist HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from maclaps.