Jamf Pro
Powerful workflows for IT pros
Showing results for 
Search instead for 
Did you mean: 

Forum Posts

Jamf Pro 10.32.1 Release

Hi Jamf Nation,Today we're releasing a hotfix for Jamf Pro that addresses a recently responsibly disclosed security issue.We strongly recommended that you upgrade to Jamf Pro 10.32.1 as soon as possible. The following CVE is addressed by this release...  View more

  • 26 replies
  • 5 kudos

What's new in Jamf Pro 10.32 Release

Update: This release includes fixes for security vulnerabilities and it is recommended that you upgrade to Jamf Pro 10.32.0 as soon as possible. The following CVEs are addressed by this release: [PI-006352] CVSS 8.3 https://cve.mitre.org/cgi-bin/cven...  View more

  • 13 replies
  • 4 kudos

A guide to JSS Azure AD integration (LDAP + SSO)

Hi, I see that a growing number of organizations are migrating on-premise AD to Azure AD. Therefore, I decided to share our experiences using Azure AD as a authorization provider for Jamf Pro. First, LDAP is necessary in order to get user and group l...  View more

  • 41 replies
  • 30 kudos

Lookup of AD username from CAC EDIPI number

OK, guys, here's what I'm trying to do; if the method is obvious to anyone I would very much appreciate some pointers. I am trying to migrate a whole bunch of Mac users from being standalone, unconstrained computers, into the Navy's DP architecture. ...  View more

  • 3 replies
  • 1 kudos

Validating AD Binding

I've been working on a script that validates if a Mac's binding to AD is still active or not. This is an issue that seems to be caused when the computer is off the corporate network at the time of kerberos key cycling, typically set to 14 days (see d...  View more

  • 4 replies
  • 0 kudos

Jamf Console access through AD Groups

Hope someone can help.. maybe it is working as designed or maybe I did something wrong.. Hope someone can help me out.. I intended to grant our users access to the Jamf Pro console by adding AD User Groups. Now, we have different domains like emea.co...  View more

  • 1 replies
  • 0 kudos

Restricting Network Account Login to Single User

Hi All, I found this article on here about restricting network groups: [https://www.jamf.com/jamf-nation/discussions/4591/restrict-logon-to-specific-active-directory-groups](link URL) Has anyone found a way to set the allow network logins to a single...  View more

  • 0 replies
  • 0 kudos

Connect LDAP with Jamf Cloud

I'm not sure how to put this or explain it, but going to try my best. We moved over from an on-premise server for JAMF Pro to the Cloud. We wanted to connect LDAP with the JSS to provide the option with authenticating to Macs through the DEP process....  View more

  • 10 replies
  • 0 kudos

Using Okta as an LDAP source

I am in the middle of deploying a centralized Jamf Pro instance for a large disparate organization. We're talking 5 business units with multiple sub-organizations, ultimately leading to well over 150 different Active Directory forests with no trust b...  View more

  • 25 replies
  • 2 kudos

Cache AD user profile on remote system

We have home shored users that are too far from an office so we ship the Mac to them. Since security does not allow users to give their password out we are unable to logon as the user to setup their mobile profile on the mac prior to shipping. We hav...  View more

  • 2 replies
  • 0 kudos

LDAP Group added to Exclusions List not working

I'm running JSS 9.97.1482356336 and have certain software blocked - App Store, iTunes, AirDrop, through the Restricted Software settings.We have developers that require access to the App Store, so I have been adding their LDAP account to the Exclusio...  View more

  • 2 replies
  • 0 kudos

Multiple LDAP Servers?

We might be adding in some users from another LDAP server—we've always had just one. Any gotcha's or things keep in mind as we look at implementing this?  View more

  • 6 replies
  • 0 kudos

os-x integration with FreeIPA

I have "most" of this functioning. When logged in as a local user, users can kinit with LDAP username in terminal and pull a ticket. BUT - I have two issues (and they appear to actually be the same issue). User authenticates to LDAP at login screen. ...  View more

  • 3 replies
  • 0 kudos

LSS 9.96 breaks some LDAP authentications

I have an LDAP server with an OTP back end, and my admin users authenticate via this server as LDAP users. Up to version 9.93 this worked perfectly. Something changed in 9.96 that broke this. What I've been able to determine via logs and tcpdumps is ...  View more

  • 0 replies
  • 0 kudos

Infrastructure Manager cannot bind to address

My setup involves a public IP address ( that resides on the firewall, NAT'ed to a private IP address ( It seems that ldap-proxy cannot bind to the IP address because it doesn't reside on the server. Which makes sense. We'd need...  View more

  • 6 replies
  • 1 kudos

LDAP Proxy Server Not Finding Users

I have setup an AWS instance holding the NetBoot/SUS/LDAP Proxy appliance inside of a VPC that has a VPN tunnel to our network (long story short: we have an ldap proxy server running and have tested connections back and forth). We've tested to and fr...  View more

  • 0 replies
  • 0 kudos

How often does JSS query AD

What i'm wondering is how often does JSS query LDAP? We are having users transfer schools a lot but JSS takes days or longer sometimes to update that users INFO to the new School location we have set in our AD attributes that JSS looks at. There for ...  View more

  • 8 replies
  • 0 kudos