Jamf Nation Community

mapurcel · ‎03-18-2015

We've just upgraded to 9.65 (JSS on Linux) and now our AD binding no longer works, through script or policy. Anyone else seeing this?

mapurcel · ‎03-19-2015

Ok, so looks like "!" is no good either. I had the following characters in my password ! [ } and changed my password to get it working, but I'm pretty sure it was the "!" causing the problem.

View solution in original post

GaToRAiD · ‎03-18-2015

@mapurcel Yes, there is currently a defect in place for issues with binding. If you are using a credential to bind that has a $ in it, it will no longer work in 9.65

emily · ‎03-18-2015

It also won't create accounts that have a password with $ in it, to the bane of my team's existence. X(

spalmer · ‎03-18-2015

Wow, I am glad I read this before upgrading to 9.65.

I appreciate all of the work that JAMF does, but they really need to get a handle on the various areas in Casper that deal with passwords. We recently found that a Casper update from several patches ago broke our ability to submit a JSS summary to JAMF because of a # character in the password. If I remember correctly our GSX configuration broke some time in the past because of a bad character. Quite a while back in the 8.5x or 8.6x days we had problems with spaces at the beginning or end of the management account password being stripped of when creating a QuickAdd package.

In most cases once we figured out what was happening it was easy to work around by changing the password, but since these break out of nowhere it isn't always immediately obvious what the cause is.

djrich29 · ‎03-19-2015

I'm also glad i found this post, we were going to upgrade to 9.65 next week, but this defect will break my current binding process. Anybody knows when is this defect expected to be fixed? Any word from JAMF on this?

dgreening · ‎03-19-2015

How about a "!" in the password?

GaToRAiD · ‎03-19-2015

@djrich29 when i reported this issue, my rep told me he thought it was going to be fixed in the next update.

david_yenzer · ‎03-19-2015

Hmm...we're still on 9.61 but are currently experiencing an issue with our AD binding policy on three machines so far. Tried rebooting and recreating the policy/settings, but so far no luck. The log rarely shows an attempt.

mapurcel · ‎03-19-2015

Ok, so looks like "!" is no good either. I had the following characters in my password ! [ } and changed my password to get it working, but I'm pretty sure it was the "!" causing the problem.

sgoetz · ‎03-19-2015

Yea the following characters can not be in passwords if using the Web JSS. $, &, :, ! The defect number is: D-008366

dgreening · ‎03-19-2015

Argh! Ok... how about "@". Does this only affect the AD account in the actual AD bind policy or does this also apply to the AD service account used for LDAP integration in the JSS. No more 1337 passwords for us I guess...

sgoetz · ‎03-19-2015

The @ symbol works just fine. This affects any part of JSS web that uses a password. For example all of my file share distribution points had a password with a $ and all DP's stopped working.

scottb · ‎04-11-2015

@mapurcel

Today, I rid the system of the "!" in our passwords and all of the Casper Imaging crashes I had are now gone.

After changing over Distribution points to use IP instead of DNS, I got rid of all the issues with Self Service.
Given that, I still had Casper Admin crash almost every time I tried to replicate DP's, and higher than usual numbers for failed policies.

Today, I rid the system of passwords with any special characters and went uppercase/lowercase/numerals. Now, I can replicate all the DP's with no Casper Admin crashes. Still on 9.65, but I wanted to put this out there for the record.

Hoping now that all the gotchas are gone for future upgrades...

Jamf Nation Community

AD Binding Problems on 9.65?