jamf / JamfSync

Jamf Sync utility for synchronizing between Jamf Pro distribution points and/or file folders
MIT License
50 stars 1 forks source link

File Share Password ambiguity #10

Closed magnusviri closed 4 months ago

magnusviri commented 5 months ago

After connecting Jamf Sync to my on-prem Jamf Pro server, it asks for a password to connect to the File Share but it doesn't specify what password. Is this the password that my server is configured with? Or is this the password of the user I'm logged in as?

Screenshot 2024-05-28 at 10 47 17 AM

I just tried my own user and it opened another dialog asking for the password. I blanked it out, but at least it indicated that it is trying to use the password of the user the server is configured to use.

Screenshot 2024-05-28 at 10 53 27 AM

Another thing. The first password dialog, I couldn't move it or select it for a screen shot (shift-command-4 then space). This is so strange. I don't know if this is something new in Apple's UI stack or if you guys implemented a custom view that the OS doesn't recognize as a dialog box. I just thought I'd say something.

cruzer619 commented 5 months ago

I was confused with this at first as well.. the first password is the username you set in the config. So pretty much username and password you use for your jamf pro console.. the second dialog is for the smb username password you setup for the FSDP. Either the read username or the read/write username that you have already setup. Then it shows the mounted share on your desktop. What got me was the that you need to input your domain in front of the username. exp.. AD\"username" in order to connect.

smurf0815 commented 4 months ago

In the past we used jamf Admin with the following scenario : First we use Site Admins and than gave them a account with the permissions to upload Packages and so on. The advantage with jamf Admin was that we didn't have to give out the credentials for the SMB account cause jamf Admin "got" it from the jamf instance. At the moment this isn't possible for us with jamf Sync cause it needs the SMB account and password to sync packages. But also due to our regulations we cannot give out the SMB account and password to my Site Admins. Will the old functionality from jamf Admin where jamf Admin got the SMB / FileShare DP credentials from the jamf server come to jamf Sync ?

HarryStrandJamf commented 4 months ago

I added the server address to the prompt for version 1.3.1. Hopefully that will help.

smurf0815 commented 4 months ago

Thanks - for SMB shares this seem to work now even though I have to enter the syncapi password when I choose a share. But the syncapi password only works with SMB shares but not with https with them I get -ERROR: Failed to load the Jamf-Share HTTPS (XXXXX) distribution point: cannotGetFileList . And it also doesn't work with the Master Distribution Point either. There the behaviour is that I have to enter the Read/Write Account and than it want to mount the share but there neither the Read/Write password nor for the syncapi works. So I cannot sync any data on the Master DP using this method.

HarryStrandJamf commented 4 months ago

@smurf0815, sorry, I see I didn't answer your question from last week. There isn't a secure way to get the credentials for the SMB share from Jamf Pro, which is why we require it to be entered into Jamf Sync. There are no plans to add the ability into Jamf Sync to get those credentials from Jamf Pro. The https feature of file share distribution points is read only, so it cannot be used to transfer files to it. However, it should be possible to use that as a source DP. I'll add that to my list of features to consider for a future release of Jamf Sync.

smurf0815 commented 4 months ago

@HarryStrandJamf that's sad to hear. So we have to find a workaround for our scenario. But one thing puzzles me still. When I want to access the Master Distribution Point which is on the jamf Pro server I also can only connect with the Read account defined in the File Share Distributions settings. Is it the same here as with the https share?

HarryStrandJamf commented 4 months ago

@smurf0815, so in Jamf Sync, it attempts to mount the file share with whatever credentials you supply. You can supply the read-only credentials and it will mount the file share, but if it's used as a destination, synchronization will fail since all the files will be read-only. You should be able to use it as a source distribution point though. I haven't tested this, but I'm pretty sure this is how it would work. The reason it won't work with https as a source is because we would have to download files from that address. It doesn't mount the file share and just copy from where it is mounted. It's certainly doable (as a source DP only) and it's on my list of future things to add, so if higher priority things don't bury it, it should eventually happen. But for now, try the read-only credentials with SMB.

D'oh...I just thought of something. It gets the read/write and read/only accounts from Jamf Pro, and it uses the read/write account and only prompts for the password. I'll add a task to my list to fix that. I think that will be a higher priority than https. There's a small chance I could do both at the same time though. Would you mind opening a new issue for this so I can close this one as fixed? I think it might be less confusing to have a more appropriate title.

HarryStrandJamf commented 4 months ago

I'm closing this as completed since I addressed this with version 1.3.1, but I created a new issue: https://github.com/jamf/JamfSync/issues/20, to address the issue brought up by @smurf0815.