Page 1 of 1
[RESOLVED] macOS Agent
Published: January 15, 2025 - 4:38 PM
by Clafon
Wapt version: 2.6.0.16714 - Enterprise Edition
Server OS: Debian 12
Target operating systems: MacOS 14.5
Os Machine administration: Win server 2022
Good morning,
We installed the latest version of the agent on a non-domain macOS 14.5 machine and applied a dynamic configuration without any issues (wapt-get reset-config-from-url...). This configuration should place the machine in an OU "OU=Mac, DC=Non-domain" with assigned packages.
The Mac does appear in the administration console, but in "All".
- commac04.PNG (8.63 KB) Viewed 5234 times
But, if we look at the machine, we see all the packets that are assigned to the OU "OU=Mac, DC=Out-of-domain" being applied to this Mac
- commac04_pkg.PNG (18.64 KiB) Viewed 5234 times
The wapt-get.ini file on the Mac correctly identifies the OU where it should be located
Code: Select all
[global]
repo_url=https://srv-wapt.domaine.local/wapt
wapt_server=https://srv-wapt.domaine.local
verify_cert=/opt/wapt/ssl/server/SRV-WAPT.domaine.local.crt
host_organizational_unit_dn=OU=Mac,DC=Hors-domaine
allow_remote_shutdown=1
allow_remote_reboot=1
We restarted the inventory and the wapt service, but it didn't change anything.
Do you have any leads?
THANKS
Re: macOS Agent
Published: January 15, 2025 - 5:16 PM
by dcardon
Hi Cédric,
I don't understand the problem
... The OU=Mac,DC=Out-of-domain isn't showing up in the sidebar of the directory tree? The computer isn't showing up in that OU?
Denis
Re: macOS Agent
Published: January 15, 2025 - 5:18 PM
by Clafon
dcardon wrote: ↑Jan 15, 2025 - 5:16 PM
Hello Cédric,
I didn't understand the problem
... The OU OU=Mac,DC=Out-of-domain isn't displayed on the side in the tree view? The computer isn't displayed in the OU in question?
Denis
Sorry if I wasn't clear
The Mac does not appear in the OU in question but does correctly receive the affected packages
Re: macOS Agent
Published: January 15, 2025 - 5:31 PM
by dcardon
Hi again Cédric,
in the machine's hardware inventory under host_info/computer_ad_dn, do you correctly see the full DN of the machine: CN=COMMAC04.LOCAL,OU=Mac,DC=Outside Domain?
I just tested it on a non-domain Linux machine and a domain-joined Mac (I don't have a non-domain Mac available) and both machines appear correctly in the fake OU: OU=Mac,DC=Outside Domain.
Regards,
Denis
Re: macOS Agent
Published: January 16, 2025 - 08:10
by Clafon
no, the host_info is null in the "Hardware Inventory" of the workstation on the administration console.
The system was causing problems (a ticket was opened about this), so I proceeded to uninstall the old agent
Code: Select all
sudo pkgutil --forget it.tranquil.waptagent
rm -rf /opt/wapt
rm -rf /Applications/WAPT
then reinstall the new version.
The packages assigned to the OU where it should be installed installed correctly... I just added a new package to the Mac OU, and the machine is installing it as well...
Re: macOS Agent
Published: January 16, 2025 - 2:26 PM
by Clafon
The problem is fixed with a new version of the agent (2.6.0.16807) which will be deployed soon.
Re: [SOLVED] macOS Agent
Published: January 16, 2025 - 3:06 PM
by dcardon
Hi Cédric,
thanks for the feedback. For anyone curious who might stumble across this and wonder, the problem was related to the fact that a macOS workstation in a workgroup, and therefore outside the domain, can still have a keytab (a file linked to Kerberos that you get when you join an Active Directory domain).
In macOS or Linux, you can have different names depending on where you look. For example, you might have one name in /etc/hostname and a different Kerberos name... So, to standardize everything, we use the name in the keytab file if it exists.
But on macOS, you can have a keytab even if the machine is outside the domain, and this was poorly managed... Thanks to Cédric for bringing this issue to our attention.
Best regards,
Denis