A few years ago I was able to get my fleet transitioned from AD accounts to local accounts with managed passwords via Enterprise Connect and then kerberos SSO. Since we're no longer binding I've created a workaround to leverage ad groups to apply policies. My policy reads the Kerberos SSO signed in credential, strips that to just their User ID, and then runs a
/usr/local/bin/jamf policy -username $founduser
The policy is great when run via self service, however it fails running on an automated trigger. My first chat with Jamf Support tried to tell me that i was reading the username incorrectly which is why it fails, however I think it's due to the fact it's a policy calling another policy. I get a
Script result: Local User Profile name is USERID
Checking for User Specific Policies
This policy trigger is already being run: root 4028 0.0 0.1 411796288 33456 ?? S 8:20AM 0:00.23 /usr/local/jamf/bin/jamf policy -event CLIENT_CHECKIN -stopConsoleLogs
Does anyone do anything like this? Have any suggested work arounds? I was debating writing a launchagent pointing to my script saved in a random directory and let it run once a day.
