Jamf Nation Community

aamjohns · ‎05-14-2013

Hello,
I've been plugging away at getting things ready for deployment and I have now realized I have an issue with my management account.

1) For imaging, in the configuration under Management I am specifying a username, password, create if does not exist, and hide.
2) In my enrollment configuration I use the same settings as above, same account, same password.
3) I have verified that this account is on the JSS server (Win2008 R2) as an account with permissions.

The account does not seem to work. If I try to do self service installs while logged into the Mac as a User, I get prompted for an admin account for the install.

To test things I took away the option to hide the account. I then tested by re-imaging a computer, and re-enrolling a computer. In both cases the account did not appear.

I have tried to log on with this account, I cannot.

Finally, for the heck of it I created a policy to create the account in question as an admin account. The policy failed with the error 'the account already exists'.

I cannot figure out what is going on here. Any troubleshooting recommendations, any oversights I may have made?

Thanks,
Aaron.

mm2270 · ‎05-14-2013

At first glance, it sounds like you've taken the right steps in steps 1 & 2 above. For step 3, this management account has nothing to do with a server based account or one on the JSS. The management account is a local account on the Mac itself and doesn't need to exist anywhere else.

Given that, it sounds like, just like you discovered, the account isn't being created for some reason, which is strange, since specifying it to be created if it doesn't exist should do exactly that.

Can you try creating a QuickAdd.pkg, if you haven't done so already, using those settings, install it on one of your Macs and see if it works then? I'm not certain how that would help troubleshoot, but I'd be interested to see if its just an issue with Casper Imaging not creating that account, or something in the account settings that's causing the problem.
Also, do you have any strange characters in ether the user name or password for this account?

jalatman · ‎05-14-2013

+1 to checking if there are strange characters in the password. One more thing to double check is the setting for end user authentication (Computer Management Framework - Self Service - End User Authentication).

mm2270 · ‎05-14-2013

@jalatman - good thought on checking that setting. I'd forgotten about that. Could be that its set to end users need to authenticate locally, although that's not the default setting "out of the box", Still worth a look though.

jalatman · ‎05-14-2013

I have experience a hiccup a while back with having a really elaborate password that resulted in the same situation, but it is worth it to just double check the settings :D. I tend to make the password less elaborate these days to start with and let the JSS randomize the password for clients as a re-occuring policy as a security measure.

aamjohns · ‎05-15-2013

I really appreciate the help. All great comments and suggestions.

1) the username is standard, the password has no unusual characters and no spaces (I tried chaning it some to check).
2) this worked before - I don't know what has gone wrong - when I did our eval of Casper everything was working.
3) now that I understand this account does not authenticate to the server in anyway, I will try using the JSS generated password.
4) I checked the self service options - I am not requiring authentication
5) I tried using a quickadd.pkg - still did not work

Again, I greatly appreciate the help. I will try letting JSS do the password and see what that does. Thanks. Aaron.

aamjohns · ‎05-15-2013

Had question but answered it myself.

aamjohns · ‎05-15-2013

You all rock! I created a startup policy, run once per computer, to randomize the password and now it works! Awesome, thank you all!

Jamf Nation Community

Management Account - What have I done wrong?