Posted on 12-30-2019 08:09 AM
I'm extremely new to Jamf, mostly dabbling where other people have already set up the environment. We were working on setting up the pre-stage enrollment for our DEP iPads. DEP is working, the LDAP SSL connector is working, but when we get to the Remote Management authentication screen on the iPad, is it not accepting some people's credentials.
The error message is "Your credentials are either missing or wrong. Try again." I've tried logging in with both the format of username, and username@email.com. I've tried resetting/recovering the iPad by connecting it to a computer. Using me as an example, on any iPad I try to enroll with the pre-stage authentication with my credentials, I get the error. But on the same iPad, someone else is able to authenticate properly and have it register.
In the Jamf console, the only way to see the device is under the "Automated Device Enrollment" section in Global Management. It has not yet been assigned a name, and does not appear under devices. The only status I see in the ADE section is that the Prestage Enrollment Status is "Completed - Yesterday at 2:58 PM."
Even after successfully enrolling a device in Jamf using someone else's credentials, resetting the device and trying to enroll it through pre-stage produces the same error.
This seems to be credential related somehow, not device related. I'm not sure where to look for logs to try and see what is going on. The Event Logs under Global Management don't show anything related to pre-stage enrollment.
The only other thing I can think of is that we had 0% success before we removed the option "Install configuration profiles before Setup Assistant" in the pre-stage environment. When we un-checked it, then we started having some successes.
One last note: I just did a test on userA. When he tried to authenticate with userA and password, it threw the error, but when he added userA@email.com, it succeeded. Is it somehow not recognizing my credentials as valid? Is there a way to test that?
When I go to the LDAP server and test searching for my userID, it does return the values. It returns both my normal userID, and my userIDadm accounts.
Similarly, when I go to the LDAP server and test searching for userB, only his normal userB shows up, not his userBadm account. Is it possible that even though it says it's succeeding in communicating with LDAP, it's not syncing properly?
Solved! Go to Solution.
Posted on 06-16-2020 03:01 PM
Sorry for the delay, thanks for responding! What it turned out to be is the connection of the user account to their AD entry, if they were missing the email address in AD it would throw this error when trying to authenticate against it. Once AD was filled in, it worked with no issues.
Posted on 12-30-2019 09:42 AM
Compare the permissions on the accounts to each other in Settings -> System Settings -> Jamf Pro User Accounts & Groups
Posted on 06-16-2020 03:01 PM
Sorry for the delay, thanks for responding! What it turned out to be is the connection of the user account to their AD entry, if they were missing the email address in AD it would throw this error when trying to authenticate against it. Once AD was filled in, it worked with no issues.