gitjoob
commented
6 months ago I am having the same issue, Getting http 401 when trying to use encryptedcreds to get a Bearer token, Any suggestions on what may be the issue?
Closed MacJediWizard closed 1 month ago
gitjoob
commented
6 months ago I am having the same issue, Getting http 401 when trying to use encryptedcreds to get a Bearer token, Any suggestions on what may be the issue?
PezzaD84
commented
6 months ago Really sorry for the delay on this ticket @MacJediWizard I completely missed this. Can you both provide some logs for me please? The JAMF policy logs and the LAPS logs from /Library/.LAPS/Logs/LAPS.log I will have a look and see what issue I can see.
gitjoob
commented
6 months ago curl -s -X "PUT" "$6/JSSResource/computers/serialnumber/$serial/subset/extension_attributes" \
-H "Content-Type: application/xml" \
-H "Accept: application/xml" \
-H "Authorization:Bearer ${token}" \
-d "
Conflict
Error: Problem with extension attribute
You can get technical details here.
Please continue your visit at our home page.
Info from LAPS.log LAPS Configuration has failed Cryptkey has not been successfully configured SecretKey has not been successfully configured Sending teams webhook LAPS Launch Daemon not found
PezzaD84
commented
6 months ago @gitjoob your extension attribute key has been changed. The data string should be as follows -d "<computer><extension_attributes><extension_attribute><id>$cryptID</id><name>LAPS CryptKey</name><type>String</type><value></value></extension_attribute></extension_attributes></computer>"
The name value has been edited or removed.
The other log you sent showed that no value was being returned from the curl call for the token so it could be a credential issue. Does the password have and slashes or question marks in before it's encoded? Also I find sometime that you need to log in to JAMF with the API account or reset the password and it gets it working.
gitjoob
commented
6 months ago Yeah the comment field changed the data string because I did not use the code thingy...
Yeah I noticed that the encodedcreds variable was wrong so got that sorted out. Now I only get the conflicted error but might that have to be because I did not have the Update Inventory specified in Policy? Anyway I added that now and testing.
gitjoob
commented
6 months ago Doesn't seem that it fixed the issue with enabling Maintenance.
`LAPS Account created Successfully
Conflict
Error: Problem with extension attribute
You can get technical details here.
Please continue your visit at our home page.
Conflict
Error: Problem with extension attribute
You can get technical details here.
Please continue your visit at our home page.
gitjoob
commented
6 months ago Could you explain why in the GET command it goes to /subset/ExtensionAttributes but in PUT it goes to /subset/extension_attributes ?
gitjoob
commented
6 months ago I was stupid... In testing purposes I had created multple extension attributes and also I had both in Device and Computer (since the wiki said Device Extension Attribute) But changing so I only had EA under Computer did the trick. Now it works! So would be great if someone could update the wiki with information with this instead.
Create an Extension Attribute to store the encoded password in the Computer Management inventory. Name this extension attribute "LAPS CryptKey".
PezzaD84
commented
6 months ago Thanks for flagging this @gitjoob Thats been updated now.
So i am seeing a problem with the encoded credentials working consistently. sometimes it does not read the encoded credentials and return a token. other it does. it seems to work better on the creat script than the decode script because that is having difficulty getting a token. if i send a direct username and password it all works unencrypted that is.