- Jamf Nation Community
- Products
- Jamf Pro
- Cannot image & bind tos AD with proxy set to PAC o...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-11-2015 03:19 AM
Anyone seen this.
We've had some issues with imaging Yosemite, some apps wouldn't install, Dock would not install, some scripted configs would not execute and of course they would not bind to AD.
By process of elimination I have:
Stopped using 'Automatic Proxy Configuration'. The PAC file location has not changed through Lion to Yosemite - this improved some issues but did not resolve the AD bind.
Stopped using the absolute proxy paths and switched to 'Auto Proxy Discovery'
So now the imaging process completes without error, apps install, Dock installs and scripted configs execute, and finally they bind to AD.
What I'm thinking of doing configuring the proxy after the first user login, this may get round the issues and deliver a configured Mac to the users - but I'd still like to know why?
Any ideas?
Cheers
Phil
Solved! Go to Solution.
2 ACCEPTED SOLUTIONS
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-12-2015 10:30 AM
I could potentially see this issue, if you were using JDS to host your payloads, since it pulls those down via WebDAV, and making requests through the proxy instead of going directly to the server. You can try to manually set the proxy bypass, and if that works, examine your Proxy Autoconfig.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-12-2015 10:44 AM
Try adding an exception domain to your proxy list. For example from the command line on the Ethernet adapter.
#!/bin/sh
networksetup -setproxybypassdomains "Ethernet" "*.local" "169.254/16" "*.corp.com"
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-11-2015 06:28 AM
Proxy should have nothing to do with binding to AD. DNS and time server settings are the two biggies you need to make sure are correct when binding.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-11-2015 06:28 AM
Also when you are running the imaging tool are you doing it from 10.9.x box? there are/were some bugs in installer on 10.9.x that did not deal real good with 10.10 OS and saw it as 10.1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-12-2015 10:30 AM
I could potentially see this issue, if you were using JDS to host your payloads, since it pulls those down via WebDAV, and making requests through the proxy instead of going directly to the server. You can try to manually set the proxy bypass, and if that works, examine your Proxy Autoconfig.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-12-2015 10:44 AM
Try adding an exception domain to your proxy list. For example from the command line on the Ethernet adapter.
#!/bin/sh
networksetup -setproxybypassdomains "Ethernet" "*.local" "169.254/16" "*.corp.com"Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-13-2015 07:08 AM
We do indeed host payloads on the JDS and do pull down via WebDav I will add the JDS server to our proxy exceptions list.
I run two scripts before 'imaging' the OS, the first sets the time server and the second the proxy set up and bypass.
The proxy bypass has grown, during the lifetime of Maverick one of the Maverick patches meant we could not use wildcards or a range of IP's - it would only work with absolute values so we added them alongside the wildcard and range settings because we could not be sure when a patch would revert it.
One of the later patches to Maverick stopped the use of the PAC file and it has never worked for us with Yosemite (though there have been some significant changes onsite - switch to VLan and all services and shares moved to virtual which may have had some impact though all virtual servers retained the same dns names and IP's)
Cheers
Phil
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
systemsetup -setnetworktimeserver ourtimeserverX2.uk.xxx.com
networksetup -setproxyautodiscovery Ethernet on
networksetup -setautoproxystate Ethernet off
networksetup -setproxybypassdomains Ethernet .local, .uk.XXX.com, ftp.uk.XXX.com, autodiscover.XXX.com, 1X.XXX.X., localhost, 1X.X.XXX., 1X.X.126.15X, 1X.XXX.1.33, XXXXX1.uk.XXX.com, 1X.XXX.2.41, 1X.XXX.2.43, 1X.XXX.2.45, 1X.XXX.2.47, 1X.XXX.2.49, 1X.XXX.2.52, 1X.XXX.2.56, 1X.XXX.2.48, 1X.XXX.2.88, *.XXX.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-13-2015 07:49 PM
speaking of AD and PAC / Auto Proxy
If you have access to the L-Cap beta's you might want to test in your environment
