[RESOLVED] macOS Agent

clafon · January 15, 2025 - 4:38 PM

Wapt version: 2.6.0.16714 - Enterprise Edition
Server OS: Debian 12
Target operating systems: MacOS 14.5
Os Machine administration: Win server 2022

Good morning,

We installed the latest version of the agent on a non-domain macOS 14.5 machine and applied a dynamic configuration without any issues (wapt-get reset-config-from-url...). This configuration should place the machine in an OU "OU=Mac, DC=Non-domain" with assigned packages.

The Mac does appear in the administration console, but in "All".

: commac04.PNG (8.63 KB) Viewed 5237 times

But, if we look at the machine, we see all the packets that are assigned to the OU "OU=Mac, DC=Out-of-domain" being applied to this Mac

: commac04_pkg.PNG (18.64 KiB) Viewed 5237 times

The wapt-get.ini file on the Mac correctly identifies the OU where it should be located

Code: Select all

[global]
repo_url=https://srv-wapt.domaine.local/wapt
wapt_server=https://srv-wapt.domaine.local
verify_cert=/opt/wapt/ssl/server/SRV-WAPT.domaine.local.crt
host_organizational_unit_dn=OU=Mac,DC=Hors-domaine
allow_remote_shutdown=1
allow_remote_reboot=1

We restarted the inventory and the wapt service, but it didn't change anything.

Do you have any leads?

THANKS

January 15, 2025 - 5:16 PM

Hi Cédric,

I don't understand the problem

... The OU=Mac,DC=Out-of-domain isn't showing up in the sidebar of the directory tree? The computer isn't showing up in that OU?

Denis

clafon · January 15, 2025 - 5:18 PM

dcardon wrote: ↑Jan 15, 2025 - 5:16 PM Hello Cédric,

I didn't understand the problem ... The OU OU=Mac,DC=Out-of-domain isn't displayed on the side in the tree view? The computer isn't displayed in the OU in question?

Denis

Sorry if I wasn't clear
The Mac does not appear in the OU in question but does correctly receive the affected packages

January 15, 2025 - 5:31 PM

Hi again Cédric,

in the machine's hardware inventory under host_info/computer_ad_dn, do you correctly see the full DN of the machine: CN=COMMAC04.LOCAL,OU=Mac,DC=Outside Domain?

I just tested it on a non-domain Linux machine and a domain-joined Mac (I don't have a non-domain Mac available) and both machines appear correctly in the fake OU: OU=Mac,DC=Outside Domain.

Regards,

Denis

clafon · January 16, 2025 - 08:10

no, the host_info is null in the "Hardware Inventory" of the workstation on the administration console.
The system was causing problems (a ticket was opened about this), so I proceeded to uninstall the old agent

Code: Select all

sudo pkgutil --forget it.tranquil.waptagent
rm -rf /opt/wapt
rm -rf /Applications/WAPT

then reinstall the new version.

The packages assigned to the OU where it should be installed installed correctly... I just added a new package to the Mac OU, and the machine is installing it as well...

clafon · January 16, 2025 - 2:26 PM

The problem is fixed with a new version of the agent (2.6.0.16807) which will be deployed soon.

January 16, 2025 - 3:06 PM

Hi Cédric,

thanks for the feedback. For anyone curious who might stumble across this and wonder, the problem was related to the fact that a macOS workstation in a workgroup, and therefore outside the domain, can still have a keytab (a file linked to Kerberos that you get when you join an Active Directory domain).

In macOS or Linux, you can have different names depending on where you look. For example, you might have one name in /etc/hostname and a different Kerberos name... So, to standardize everything, we use the name in the keytab file if it exists.

But on macOS, you can have a keytab even if the machine is outside the domain, and this was poorly managed... Thanks to Cédric for bringing this issue to our attention.

Best regards,

Denis