a month ago
I'm wondering if I can default Jamf Connect Login to show the local logins first instead of the network sign-in.
Our network (call it NET-RAD) currently uses RADIUS, which we knew, so we'd planned to use our WPA2 network (call it NET-DEV) for Connect Login.
A logged in user needs to be on NET-RAD, and even though the password for NET-DEV is saved on the device, Connect Login always asks for the password to NET-DEV.
Since we don't share the NET-DEV password with users (it's pushed out via config profile) they end up with no network access on Connect Login and unable to fix it themselves without some sort of hotspot.
I understand this is expected due to how Connect Login handles network credentials, but I'm wondering if there's a way I can default Connect Login to the local login page, as opposed to the network login page, at least until we can get Clearpass in place and figure out a better way to do our network for Connect Login. That, or if someone has better ideas.
a month ago
Run the command:
/usr/local/bin/authchanger -reset
That will remove the Jamf Connect Login screen from the login authorization database. When you are ready to enable JCL again, use:
/usr/local/bin/authchanger -JamfConnect
a month ago
Oh I mean I can just edit the config profile to disable JCL completely, if that's what you're telling me how to do.
I was just wondering if there's a way to leave it active but default to this page instead of starting on the network login, that way we still have the network login available for those who know the wifi connection info for NET-DEV, but it doesn't confuse people who don't know the credentials.
Thanks for the quick response though!
a month ago
If you would like the Jamf Connect login window to remain active, but just default to the local login option you can add this key to your com.jamf.connect.login profile
<key>OIDCDefaultLocal</key>
<true/>
a month ago
Sorry, I stand corrected, it looks like this is the way to disable it completely as I don't see options in the config profiles for disabling JCL, though ideally I don't have to go quite that far.