- Jamf Nation Community
- Products
- Jamf Pro
- User initiated enrollment behind corporate proxy
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
User initiated enrollment behind corporate proxy
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-14-2018 10:18 AM
Hello everyone,
I am new to jamf, and I am seeing an issue during the user enrollment process for macOS. I am using the hosted version of jamf.
When I am outside of my corporate network, enrollment works fine, and the jamf binary gets installed.
When I am inside of my corporate network, I get to the screen that says "enrollment complete", but the jamf binary is not installed.
In talking with my firewall guys, it appears that the user initiated enrollment sends a command to download and install the jamf binary. However, this command seems to be ignoring my system proxy settings and trying to take a direct route to the download, which is blocked by our firewall. My security team is not going to open their firewall to all of AWS to get this to work (although we temporarily tested it, and it did work).
Is there a secret to getting the agent to download through the proxy so that on-premise enrollments can complete successfully?
Labels:
- Labels:
-
jamf binary
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-10-2019 08:04 AM
Seeing the same issue here, no resolution yet. We have an open case on that matter - if anything pops up. I´ll post it here.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-10-2019 08:28 AM
@mnickels Are you using Auto Proxy settings with a pac file on the Macs?
Asking because we do. And with Mojave, it does not work for enrollment through the enrollment URL or QuickAdd. We have had to set the HTTP/HTTPS as the default proxy settings with url and port, no account authentication. With those both set, and Auto Proxy disabled, enrollment then works.
Our Jamf instance is on-prem. We have proxy settings to allow the servers and clients to talk out to APNS. We only enroll devices within the corporate network.
I know that it is not exactly what you are seeing but seems similar.
We have cases opened with Apple and Jamf on this as El Cap/High Sierra did not exhibit this behavior.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-16-2019 08:39 AM
Yes we do as well. Are you saying, that the Jamf agent is able to "read" http-proxy settings correctly ? Thanks for the hint - we´ll give it a try and see what happens - will post update if there is a change ...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-30-2019 10:07 AM
The solution here is to set proxies for curl, before you begin the enrollment. I set it explicitly in .curlrc (as the root user), but you can use environment variables as well.
My solution for Catalina and older versions of macOS
create file called /var/root/.curlrc
contents of file are: proxy = proxyservername:port
example: proxy = proxy.company.com:8080
That's all you need from the hidden perspective. Don't forget to also set proxies in network properties!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-06-2021 11:09 AM
I stumbled into this again with Big Sur. After MUCH testing, i figured out that enrollment (called the quickadd lightweight package) is now executed by the _appstore user and not root.
My solution for Big Sur and newer versions of macOS
create file called /var/db/appstore/.curlrc
change owner/group of file to _appstore:_appstore
contents of file are: proxy = proxyservername:port
example: proxy = proxy.company.com:8080
Reply
