Self Service Issue

mqh7
New Contributor II

Ok, I've deployed a package to my Mac desktop. I setup the package to run via Self Service. When I click on my Self Service icon and then the package to install it I am prompted to enter the Local Admin password.

First, I am logged on as an Admin and second, in the JSS web portal under "computer management framework settingsself service" the follow were set.

Users are not required to log in
End users do not need to be authenticate locally in stall self service items

If both of these settings were set and I am a local Admin why would I still be prompted to enter the local admin password? We need to be able to install software with end user interaction is what we're after.

11 REPLIES 11

mscottblake
Valued Contributor

Try closing and reopening Self Service. If it's been open too long, the program has lost the admin credentials.

andrew_stenehje
Contributor

We've run into the same issue at times and it's because the machine is either not enrolled properly in JSS, or there is a problem with the management password in JSS. We found that if we update the management account password for each machine (either in the JSS machine by machine or via policy) that Self Service works fine without asking for admin creds. We were never able to figure out why the management password was not correct and why it needed to be updated in some cases.

mqh7
New Contributor II

Andrew, where in JSS do you set this password?

andrew_stenehje
Contributor

When you find a machine, choose "Details", in the "Computer Information" tab there is a little "..." button you can select to edit this information. You can then enter in the SSH account and re-enter the password here.

mqh7
New Contributor II

Very cool. But is there a way to do this for all machines at once? I'd like to avoid doing this on a machine by machine basis. Thank you.

mm2270
Legendary Contributor III

I would agree that the most likely cause for this, especially if you're seeing it right after opening Self Service, is that the management account on the Mac and what the JSS has stored as the management account (& password) for that Mac don't match up. Any policy tries to use that account credentials to escalate its privileges in the background, and if it doesn't work, you'll get that prompt.

Locate the computer record in Inventory, and in the Details section > Computer Information, click the little (...) icon in the upper right. You 'll see fields called SSH Username and 2 for Password. Make sure that information is correct. You'll have to try retyping in the password since it will be obscured in the JSS.
You can also just re-enroll the device with a QuickAdd or by going to your enroll page from the JSS if that's turned on.

mqh7
New Contributor II

Changing the password worked, I was able to install software and never had to enter a password. But this has to be set globally someplace right? We've already deployed lots of Mac's and don't want to touch each machine. Is there a way to re-set this SSH password globally?

Also, I searched the JSS web portal for "enroll" and it brought up the 2 "framework settings" but I don't see how to re-enroll all computers.

andrew_stenehje
Contributor

For the problem we were having where the password didn't seem to be correct, we just had a policy running that changed the management account password (under "Accounts" in the policy).

mqh7
New Contributor II

Before I do this I want confirm. On the PolicyAccounts I do this under "create accounts esent passwordsdelete accounts" right?

mm2270
Legendary Contributor III

No, under the Change Management Account Password, click the Change To button and enter a new password there. Thing is, I wonder if this will actually work properly if the management account already has a bad password. I think that function is intended to be used if the password matches up and you just want to change it across a lot of your Macs at once. I'll be curious to see if it actually fixes the issue you're having.

andrew_stenehje
Contributor

No, it's in the "Change Management Account Password" field. We just used the "Change To" field and entered the correct password.