Jamf Nation Community

I ran a kdestroy -a but didn't look at ticket viewer to see if I had any active tickets. I'll take a closer look at this one and report back.

Still no luck. No open kerberos tickets when viewing Ticket Viewer.app or klist in terminal. I even re-installed Mavericks yesterday as a hail-mary.

Just tested mine: Works OK for me. (with clients: OSX 10.6.8 .. 10.9.0 )

My Distribution Point is on a Virtualised Mac OS X 10.6.8 Server, offering AFP, and HTTP.

Thanks Peter

My primary DP is 10.7.5, physical, offering AFP only. I feel like there may be something server-side that I can do to resolve it but I am drawing blanks as to what might be a solution.

Switching to SMB did resolve my issue as well. Thanks freddie!

Glad to help Jeff!

I actually blew up the casperadmin/casperinstall accounts, removed from sharing, re-added & was able to mount. Server is running 10.8.5.

@freddie.cox & @jeffpugh on the macs where there is an issue, you should be able to find a CasperAdmin log file.

Can you check it? I wonder if the JSS is trying to mount //jss.fqdn/CasperShare & as we're now on 10.9 that changes to: SMB://jss.fqdn/CasperShare & not AFP://jss.fqdn/CasperShare as per pre-10.9.

Just wondering, as if that's the issue... Should be an easy fix for JAMF.

@bentoms Casper Admin / Remote loads without issue and mounts caspershare and everything works good if I don't have a kerberos ticket but with tickets I get negative results when using AFP.

I think our issue was I am using a service account (casperadmin) - you know the defaults for r/w access etc. I also setup svc accounts in AD with same shortname.This is what I used since v 5 of JSS - all worked fine.
What I did to fix was create a local account on the fileserver for AFP that doesn't have an associated AD account and I'm back in business.

@bentoms where is the log located, I was trying to find it and was unsuccessful.

@freddie.cox I think it's ~/Library/Logs/CasperAdmin.log

@bentoms The only thing that I have in that location is a Casper Admin Sync Log.log

I was hoping there was a way to access a log for Casper Admin to see what it was doing, but it doesn't appear to be writing one. Heck, I even ran composer while launching Casper Admin just to see what/where it was writing to.

@freddie.cox][/url
You can put the Casper Admin to Debug mode by just putting a file named "debug" in app's "Support" folder.

sudo touch /Applications/Casper Admin.app/Contents/Support/debug

Then do the test and grab the debug log file from;
~/Library/Logs/JAMF/CasperAdminDebug.log
or
~/Library/Logs/CasperAdminDebug.log

I think this method applies for all Casper Suite apps.

@Kumarasinghe][/url This was the nugget I was hoping to get out of this. Thanks so much.

After doing this I get this output:

Running Simple Shell Command: '/Applications/Casper Suite/Casper Admin.app/Contents/Support/jamf' mount -type afp -server 'server_address' -share 'CasperDP' -username 'CasperUser' -passhash 'hashofpasswordhere' -visible Simple Shell Result: Mounting afp://server_address/CasperDP to /Volumes/CasperDP... There was an error mounting the file server afp://server_address/CasperDP. Will attempt again. Mounting afp://server_address/CasperDP to /Volumes/CasperDP... There was an error mounting the file server afp://server_address/CasperDP. Giving up.

It appears the binary can't mount the dp for some reason and trying to run that manually in terminal results in the same error. Removing the password hash and using the -password flag also ends in a failed connection.

@Kumarasinghe nice one. That's what i was reaching for.

@freddie.cox can you map the drive via the GUI authenticating as the CasperAdmin user?

Do you have any special characters in the password? ?%*<$|*

Can you simplify the Casper admin password & then try?

@bentoms -Yes, I can manually map the drive as the CasperAdmin user. -Yes, I do have special characters. -At this point I am too lazy to change the password as we have 14 DP's I would have to touch. :-)

@freddie.cox haha!

Can you change it for this 1 DP to see if it's the characters?

they have this recent invention called Directory Services, you can set the password on a server and all the rest of the computers that are connected to the directory service know the new password. You should try it :)

@nessts then give all domain users read access to the drive as it'll mount using Kerberos?

We use server local accounts + HTTPS secured to that account to stop people nosing around our share.

not sure my users are that smart to find the casper share and mount it and look around, and since they dont have admin rights. I figure if they have Self Service and can download and install the apps through that whats the harm in them viewing the share if they find it? Sorry i should not be a smarty pants and try to make humor.

@nessts.. Humour was fine & well placed (plus we NEED it here).

Just making a point... + mine are admins so why am I bothering? They can is install anything!!

Ok well old habits...

Right, now let's have a nose @ this new fangled directory whatjamajigger

Strangely, I'm experiencing the opposite symptom from freddie.cox Casper admin won't mount the SMB share for the primary DP via SMB. If I change it to AFP it mounts just fine and will replicate to either AFP or SMB shares. Switching back to SMB causes the error again. Hate to say it but I'm not sure this one is completely solved.

Well, here's what I found. Deleting

/Library/Preferences/com.apple.AppleShareClient

resolved my issue. Something must have kurfuffled at some point in the past.

@Chris_Hafner - I just checked and I don't have that same plist. However, we just completed the upgrade to 9.21 from 8.73 and I am now able to sync all my DP's (SMB or AFP) from my Maverick's install without any issue.

Once again, thanks to the Nation for jumping in to help! (Even for the sarcasm!)

Good to hear! Though, that file may not exist in 10.9 with the "server" app. I just got the servers to finally stop doing stupid things after upgrading them to 10.8 so I'm leaving well enough alone for just now ;-)

We also had this issue since we upgraded to 8.73.

We had a special character (an @) in the read-only CasperShare AFP share password, and jamf binary always failed to mount the share in 10.9. The problem did not exist in 8.6.

After digging with "sudo newproc.d", I noticed that on 10.8, the password was not passed on the command line to mount the share, so this is why it continued to work : /sbin/mount_afp -i -o nobrowse afp://myuser@server:548/CasperShare /Volumes/CasperShare

On 10.9, the password was passed on the command line, and obviously failed to interpret the double "@@" (password was similar to "PaSsWoRd@") :

/sbin/mount_afp -i -o nobrowse afp://myuser:PaSsWoRd@@myDPname:548/CasperShare /Volumes/CasperShare

Somehow, it also failed with a "!" special character (don't ask me why, maybe it worked but we were in rush to fix issue after 8.73 upgrade), and we had no other choice than to change the password on 45 DPs :-((((

If the passwords are being passed on the command line and are not being quoted, the shell is interpreting them before passing them to the mount_afp command. Some special characters would certainly have meaning to the shell and thus be stripped out and interpreted, so the resulting password string given to the mount_afp command would be incorrect.

We are seeing this exact same problem with our 10.9 clients running 8.73 CasperSuite trying to access a 10.6.8 server. This "special character in the password" possibility never crossed our mind until this thread came up. Unfortunately we in the Federal Government space have enforced password requirements that mandate at least one special character in the password so JAMF will have to resolve this or we will have to figure out how to upgrade our 10.6.8 Apple Server to OS X 10.9 and CasperSuite 9.x.

Removing an @ character from my password resolved the issue for me. Running 10.9.1 on the DP and Casper Admin client, JSS 8.73

@sbrosnihan can you provide further details on all the steps you had to do to change the password? We have a password with a special character and I would like to test this. Did you just change the casperadmin user's password in the DP's File Sharing tab? Also need to change it in System Preferences?

I reset the password in the users section of sever.app and on the JSS in the DP's sharing tab.

I'm not a User of this software but I found this post in searching for the same issue with special characters in my AFP password. Basically you have to encode them, i.e. @ = %40. You can find the applicable URL encodings here:
http://www.w3schools.com/tags/ref_urlencode.asp

- source: http://www.opendoor.com/shareway/pro/ug/afp_urls.html

Special characters in AFP URLs AppleTalk names and zones, and Macintosh volume, folder and file names often contain characters not normally found in URLs. These characters include spaces, slashes and high-bit ASCII characters (such as those used for international characters). AFP URLs should encode these special characters using the %xx construct (for instance, %20 for space). In many cases Macintosh browsers will understand URLs which contain special characters, but it is especially important to encode slashes (%2F) which otherwise will be used as directory delimiters.

Just want to confirm what @sbrosnihan and @epardee said...

Having an @ in your password on your DP mac will cause it not to mount through Casper Admin. You can mount manually but not through admin. What a pain that was. Now it replicates fine. Thanks again.

So I'm basically having this issue. I get the same result as freddie.cox does except that I'm using SMB from a 2008 R2 server.
Changing the password does not address this issue.

Mine has an interesting twist in that I can use these just fine on the network where my JSS resides, but on VPN I'm not able to. Our VPN joins the same subnet I would be in if I were at the office. My client sites report the jss just fine as well.

Any thoughts?

We faced a similar issue.

Casper Admin 8.73 could not mount Casper Share via AFP from Casper 8 DP under OS X 10.9.x.
Same scenario worked under OS X 10.8.x

A local folder "CasperShare" was created in /Volumes but then Casper Admin just stalled.

We had a slash "/" in the password. After we got rid of that, mounting works as expected.

Just chiming in that the "Deploying OS X v10.7 or Later with theCasper Suite" PDF is much better than the above steps, because it pre-caches the huge install file, rather than having the user sit there and wait for it to download via Self Service.

Also, one note. When you copy the .app from /applications from /users/shared, you need to use copy/paste, rather than drag & drop. I found that OS X was creating an alias instead of moving the file, and when dragging that alias to Casper Admin 9.91, it would crash Casper Admin with a NPE.