Comments (10)
This appears to be an issue with the XML going through the API to/from the JSS. The fact that it sometimes works and sometimes does not is odd. I wonder if it is some kind of network/DNS issue with the connection. If the API command was malformed it would fail every time. You could try running the API sequence manually on a computer several times in a row to see if you can replicate the random failure. If you do manage to replicate it I would follow up with your network team to see if they see anything odd with their logs.
from lapsformac.
On my fork of this project I added password complexity. I found I got this error if I didn't exclude XML's escaped characters from the generated password: ", ', &, <, and >. I ended up logging the failed password so I could troubleshoot some peculiarities of Apple's password complexity requirements. If you've changed the password generation mechanism from what's used in the project you might try that. But if you're using openssl with the base64 option, you shouldn't get any of those characters.
from lapsformac.
That would do it! Thanks @pauldalewilliams
from lapsformac.
No problem. Thanks for the great work and for sharing this, @predfern!
from lapsformac.
Thanks, all I got much further on this recently. I was waiting to fully flush it out. I still get a very random error or two. It is much less frequent. I discovered that the password generator I was using would sometimes use '/' followed by an N or T or something that would make it interpret a new line and such. There still must be some set of char that are failing but it is very rare and I will keep an eye on it. As for the escaping, I have been doing that and would be happy to share what I changed if anyone was interested.
Also @predfern thanks for making this amazing tool. It is totally awesome.
from lapsformac.
Here's my RandPass function, if it helps: https://github.com/pauldalewilliams/LAPSforMac/blob/master/LAPS.sh#L84-L115
It's designed to mostly match Apple's Passcode complexity requirements, though it's not perfect because I'm ignoring case. (With allowSimple disabled, "aba" is not allowed but "aBa" would be.)
By the way, if anyone knows a better way to code that, please let me know!
from lapsformac.
I am using a passphrase generator. I found this tool https://github.com/anders/pwgen.
One of the requests from my boss was that there would be passphrases so it is easier to enter in if we need to.
Here is my forked version: https://github.com/benmartel/LAPSforMac/blob/master/LAPS.sh
from lapsformac.
Interesting! Well, if you want to make troubleshooting easier, just add another logging entry so you can see what the failed password was. I did it here: https://github.com/pauldalewilliams/LAPSforMac/blob/master/LAPS.sh#L235-L239
If you see any of those failures, you'll want to reset immediately, but at least you'll be able to see the offending password.
from lapsformac.
I did have a logging feature but have turned if off since. I was uneasy passing all the passwords over the logs.
from lapsformac.
Totally understand. Useful to have when troubleshooting but probably not after that...speaking of which, I'm going to remove that now. :)
from lapsformac.
Related Issues (15)
- Change password policy log shows error, but works. HOT 1
- Not working for Mojave HOT 1
- Script contains invalid reference to /usr/sbin , how to fix this HOT 1
- Error: Password reset for {account} was not successful HOT 2
- Old Password not backed up? HOT 1
- xpath
- Password Generation Routine Is Weak HOT 2
- LAPS not working for macOS Big Sur? HOT 7
- LAPS password script failing HOT 1
- parameter values..... HOT 1
- Newline characters in password from curl
- Clarity on script needed
- Randomising password and keychains
- LAPSaccountEvent, LAPSaccountEventFVE and LAPSrunEvent
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lapsformac.