search

joshua-d-miller / macOSLAPS

Swift binary that will change a local administrator password to a random generated password. Similar behavior to LAPS for Windows
MIT License
387 stars 58 forks source link

"Failed to parse the account's LAPS data" #102

Open TobiasSplinter opened 6 months ago

TobiasSplinter commented 6 months ago

Hello,

when setting the password via macOSLAPS I get the following error message in ADUC (ActiveDirectory User and Computer); "Failed to parse the account's LAPS data" image Looking at the attributes set by macOSLAPS it looks like this: image In comparison to Linux entries managed by LAPS4LInux: image or the Windows entries: image

Since this app is written for MDM admins as well and I have no clue how Microsoft decrypts those password I reckon a good way is to use the Native LAPS JSON format documented here in the section "msLAPS-Password".

If you are interested I could try myself on creating that string so you can implement it.

Best regards, Tobias

TobiasSplinter commented 6 months ago

I started writing on a solution on this and came as far as putting together the correct string, that is interpreted by Microsoft LAPS "tab". During some testing I found that a lot of characters causing trouble and the error pops up again. So in order to use the new password string there needs to be a lot more (no clue how many) default RemovePassChars entries or a change to "PermittedPassChars". Any thoughts on that? Best regards, Tobias

joshua-d-miller commented 4 months ago

Hmm this is interesting. Do you happen to know the characters it won't accept? This could be a default setting for macOSLAPS when using AD