joshua-d-miller
commented
7 years ago Just for clarification, could you set your days till expiration to 2 days? I'm wondering if it is considering 1 day as 0.
Closed termenvox closed 7 years ago
joshua-d-miller
commented
7 years ago Just for clarification, could you set your days till expiration to 2 days? I'm wondering if it is considering 1 day as 0.
termenvox
commented
7 years ago Just tried that, and got the same result. Also tried setting it to the default of 12 as well as getting rid of DaysTillExpiration entirely, thus accepting the default value. Same result in all cases.
joshua-d-miller
commented
7 years ago I'm assuming these are newly bound machines and the schema has been extended for LAPS?
bartreardon
commented
7 years ago I get the following on a 10.10 machine
Warning|Thu Aug 17, 2017 10:49:19 am|macOSLAPS|There has never been a random password generated for this device. Setting a default expiration date of 01/01/2001 in Active Directory to force a password change...
Info|Thu Aug 17, 2017 10:49:19 am|macOSLAPS|Password Change is required as the LAPS password for macadmin has expired
Could not cast value of type 'NSTaggedPointerString' (0x7fff72a76f98) to 'NSNumber' (0x7fff71e1c2f0).It doesn't happen on 10.12 or 10.13 and in this instance it doesn't set the password expiry date
bartreardon
commented
7 years ago @termenvox do this then try again sudo defaults write /Library/Preferences/edu.psu.macoslaps.plist DaysTillExpiration -int 15 <- insert number of choice
@joshua-d-miller I think it's failing at let exp_days = get_config_settings(preference_key: "DaysTillExpiration") as! Int in PWChange.swift - if defaults settings are not set with -int it fails.
joshua-d-miller
commented
7 years ago So is the value being entered as a string vs an integer? I guess I could see if I can put code in to detect that and make the change accordingly or complain of an error and use the default value.
bartreardon
commented
7 years ago I worked out that if I deployed edu.psu.macoslaps.plist as a text file, it will read the values in as strings - wasn't happening on some of my other machines as I was setting defaults manually on those so ignore the "works on 10.12" above.
joshua-d-miller
commented
7 years ago I have merged this pull request and the issue should be resolved. Please test and let us know! Thanks @bartreardon
termenvox
commented
7 years ago That was it--I set DaysTillExpiration as an int, and it works for me. Thanks much!
joshua-d-miller
commented
7 years ago Awesome I'll go ahead and close this out 👍
I've tried running macOSLAPS, the packaged version of the latest release, on a couple of test machines, both of which are bare installs of Sierra with all updates applied. Both are joined to AD, and /Library/Preferences/edu.psu.macoslaps.plist contains:
{ DaysTillExpiration = 1; LocalAdminAccount = xxxxx; }
When I try running /usr/local/laps/macOSLAPS, I get the following error:
Info|Mon Aug 14, 2017 02:57:15 PM|macOSLAPS|Password Change is required as the LAPS password for xxxxx has expired Could not cast value of type 'NSTaggedPointerString' (0x7fff91b457e0) to 'NSNumber' (0x7fff91f00d80). Abort trap: 6
The first line is repeated in /Library/Logs/macOSLAPS.log:
Info|Mon Aug 14, 2017 02:57:15 PM|macOSLAPS|Password Change is required as the LAPS password for xxxxx has expired
Any idea what could be causing this?