Posted on 04-26-2022 09:10 PM
Like the title says, I can’t find a good article or tutorial that is up to date with all the info needed to properly set this up.
I have a signed package that installs jamf connect, image assets, and the script, all with wheel/root 755. This has a postinstall shell script to install the jamf connect package and then set authchanger to -reset - JamfConnect -Notify
I have a profile setup and scoped that includes the script path and all other settings for connect login, it’s also deployed at enrollment.
I feel like I’m doing this all correct and something isn’t clicking.
Currently stuck at after first login, notify does not run.
On Monterrey 12.3
Any help would be greatly appreciated.
Posted on 04-27-2022 01:59 PM
I am only starting to test this, but using the -Notify option puts the notify screens after the login portion. If you run authchanger -print, you can see the order the mechanisms to run.
If you want to run a mechanism (like Notify or RunScript), you need to use the -preLogin option and specify the mechanism name. For example:
sudo authchanger -reset -preLogin JamfConnectLogin:Notify -JamfConnect
Will run Notify before the login screen.
I have not seen any real good tutorial on using the Notify mechanism. But, it is something that I am going to investigating real soon.
Posted on 04-30-2022 06:42 PM
For Notify to run preLogin, I have found it best to create a mega package in Composer that puts JamfConnect installer and a custom install pkg with your assets in the tmp folder, then include a postinstall script to install JamfConnect and your assets. After install, your post install script can utilize this command setup:
/usr/local/bin/authchanger -reset -preLogin "JamfConnectLogin:Notify"
# Wait for Setup Assistant to complete
while [ ! -f "/var/db/.AppleSetupDone" ]; do
sleep 2
done
/bin/echo "$(date "+%a %h %d %H:%M:%S"): Setup Assistant is no longer running." >> /private/tmp/prestage_install.log
/bin/echo "$(date "+%a %h %d %H:%M:%S"): JamfConnect postinstall completed, wait on MDM for device configuration." >> /private/tmp/prestage_install.log
I have an enrollmentComplete trigger in Jamf that runs a DepNotify script for the rest of the setup, that updates the Notify window in JamfConnect with what is going on. The script calls other Jamf policies in a specific order to complete the provisioning of the device.
My next goal is to move away from enrollmentComplete and have the postinstall script in JamfConnect call a specific enrollment policy, but I've been having issues with getting the policy trigger to work properly. The enrollmentComplete trigger, however, has been working flawlessly with this method.
Posted on 08-08-2022 02:20 PM
Hi,
I have a question, you run a notify windows before the first login ?
Posted on 08-08-2022 02:28 PM
Yes, our support staff enrolls all of the devices before issuing them to users, so having the notify run prelogin lets them know that everything we need (only a couple of items) is there before they issue the device. I have a script that runs on login that gets the local user name and assigns it as the user in Jamf.
Posted on 08-08-2022 02:31 PM
Thanks for your answer !
My script is in my meta-package in the prestage (/usr/local/bin/myscript.sh).
I set the notify command for enable notify in the preinstall script.
I have set the scriptpath in the jamf.connect.login in confprofile.
But... when i deploy a Mac, after an user log in, the notify script appear, but it’s the sample screen of jamf.
It not link with my script...
do you have any idea why my notify screen don't open after a first login ?
Thanks
Posted on 08-08-2022 02:38 PM
Is your script updating the depnotify log (/var/tmp/depnotify.log)? Or do you have the config profile set to read the jamf.log? If you aren't doing one or the other, then the Notify screen won't update as things are happening.
I referenced this blog a lot for getting my Notify working properly: https://www.jamf.com/blog/zero-touch-deployment-with-jamf-pro-and-jamf-connect/
Posted on 08-08-2022 02:41 PM
#!/bin/bash
#variables
NOTIFY_LOG="/var/tmp/depnotify.log"
JAMFBIN="/usr/local/bin/jamf"
echo "Enrollment beginning" >> /var/log/jamf.log
echo "Starting Notify Run" >> $NOTIFY_LOG
# COMPANY Welcome
echo "Command: Image: /usr/local/logo/images.xxx.png" >> $NOTIFY_LOG
echo "Command: MainTitle: Welcome to xxx!" >> $NOTIFY_LOG
echo "Command: MainText: Please be patient while we setup your computer and enroll it with xxx." >> $NOTIFY_LOG
# Define the number of increments for the progress bar
echo "Command: Determinate: 15" >> $NOTIFY_LOG
echo "Status: Configuring your new Mac..." >> $NOTIFY_LOG
sleep 15
#adding a safety net here to make sure the Jamf Binary is present. Just in case there is some delay on the installation via MDM
until [ -f $JAMFBIN ]
do
echo "Status: Waiting on Jamf" >> /var/tmp/depnotify.log
sleep 2
done
#2 - Setting up single sign-on passwords for local account
echo "Command: Image: /usr/local/images/oktalogo.png" >> $NOTIFY_LOG
echo "Command: MainTitle: Tired of remembering multiple passwords?" >> $NOTIFY_LOG
echo "Command: MainText: We use Okta to help you log in to each of our corporate services. You can use your email address and Okta password to sign into all necessary applications." >> $NOTIFY_LOG
echo "Status: Setting the account password for your Mac to sync with your Okta password..." >> $NOTIFY_LOG
sleep 10
This is my Notify script, do you show something strange ?
Posted on 08-08-2022 02:48 PM
No, that script looks very similar to my own and I don't see anything strange. From everything you've said, it should work. I would open a support ticket and see what they can find out. I had to do that to troubleshoot a weird timing issue I was having with my configuration. They will ask for a copy of your metapackage, along with your config files and the jamfconnect logs from a sample device.
Posted on 08-08-2022 02:56 PM
Thanks, i open an issue :)
I prepare all the stuff!
Thanks a lot :)
Posted on 08-22-2022 11:37 PM
Jamf Connect Login can include the notification screen, which can display the progress bar, custom images, and text to be displayed when the device is deployed in Automated Device Enrollment (formerly DEP). The notification screen is set by an application that writes commands to a control file. This script can be defined using the Script Path setting.
The notification screen needs to be activated by incorporating its mechanism into Jamf Connect's login window application. Jamf Login window login application. You can add the notify mechanism to the login window application by running this command
/usr/local/bin/authchanger -reset -OIDC -preAuth JamfConnectLogin:RunScript,privileged JamfConnectLogin:Notify
You can then design the Notify Script quickly.
All that happens well when you have access to seamless internet through your wireless router device. You can read through the setup guide to learn ways you can edit the network settings on your wireless router in easy steps. Read through the website to learn the Orbi router setup process in easy steps.