Yosemite imaging issue- Management account

Bartoo
New Contributor III

So I'm working up a thin imaging configuration for 10.10. We use TMI.
The JSS and Imaging are 9.65

We set up a new configuration with our management account w/ the create account if it does not exist/hide/allow ssh options on. We add our base set of apps.

Unbox a Macbook with 10.10 installed, boot it to target mode, connect it to our imaging mac, deploy the image to it and reboot.

Reboots to the log in screen. So far so good. Enter the Management account name and password and it shakes it off.

We check that we are entering the correct credentials in the Management Account tab for the configuration, image another system and we get the same thing.

Any machine we've imaged with this configuration does not show up in the JSS inventory either.

We set up a test config with just a management account: "admin" psswd: 123456 and a simple install - Firefox, for instance. Same results, but we can see that any package we put in the configuration will install on the target drive.

8 REPLIES 8

jhalvorson
Valued Contributor

When you reboot the MacBook, does it have a wired network connection that can reach your JSS? What type of adapter are you using?

Bartoo
New Contributor III

it's on thunderbolt to ethernet. Our coroprate wifi is secured, so you can't get on it if you can't log onto the mac.

My feeling is that it's not fully creating the management account.

As a larf I made a configuration that has our quickadd.pkg imaged a system and we can't log into that one either..

CasperSally
Valued Contributor II

Check my post here where I linked to enable wireless ethernet adapter script, run it at reboot as first thing that runs. Good luck

https://jamfnation.jamfsoftware.com/discussion.html?id=11797#respond

Bartoo
New Contributor III

that's a nice script, but it's kind of a moot point seeing as this imaging set isn't creating the management account correctly, so we can't log onto the Mac...

pblake
Contributor III

You say you allow ssh. The option when creating a management account is to allow ssh for ONLY that user.

So I ask if you are using a different account than the original one setup in Casper at imaging? If so that could be the culprit.

jhalvorson
Valued Contributor

Put the MacBook in Target Disk Mode. Then connect it to another Mac so that it appears as an external hard drive.

You can then browse into the MacBook's drive to /private/var/log and view the info stored in the jamf.log. If that is not getting created, then it might be an issue with Casper Imaging - target mode imaging.

What version of OS X is on the Imaging Mac?

What time frame do you have set for the "Computer will check in with JSS" set to? Not sure how timezone differences might apply to the unboxed Mac and the timezone on the JSS. Maybe set it to a very long time?

lwindram
Contributor

To get past the local account creation, why don't you insert a short script that runs at boot? You don't need to reach the JSS in order to establish a local account using this method.

@rtrouton provides a great framework for setting up this process. His script doesn't include the creation of a local user, but the launchDaemon and the loading / unloading of the login window would be applicable.
https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/first_boot/10.10

Creating the local account is as simple as:

# Create localadmin user
. /etc/rc.common
dscl . create /Users/administrator
dscl . create /Users/administrator RealName "LOCALACCOUNTNAMEHERE"
dscl . passwd /Users/administrator LOCALPASSWORDHERE
dscl . create /Users/administrator UniqueID 401
dscl . create /Users/administrator PrimaryGroupID 80
dscl . create /Users/administrator UserShell /bin/bash
dscl . create /Users/administrator NFSHomeDirectory /Users/administrator
cp -R /System/Library/User Template/English.lproj /Users/administrator
chown -R administrator:staff /Users/administrator

emily
Valued Contributor III
Valued Contributor III

Does the administrative account you're creating have special characters in the password? Like $ or @? If so that's a bug in 9.65 and I don't know for sure if it's fixed in 9.7.