search

joshua-d-miller / macOSLAPS

Swift binary that will change a local administrator password to a random generated password. Similar behavior to LAPS for Windows
MIT License
382 stars 57 forks source link

macOSLAPS 3.0.2.776 on macOS 12.6.1 - Could not cast value of type 'NSTaggedPointerString' to 'NSNumber' #86

Open tlcarpenter opened 1 year ago

tlcarpenter commented 1 year ago

I was getting errors running 'macosLAPS version' and 'macosLAPS resetPassword'

/usr/local/laps/macosLAPS resetPassword Info|2022-12-16 19:06:15|macosLAPS|Using Preferred Domain Controller ... Warning|2022-12-16 19:06:15|macosLAPS|There has never been a random password generated for this device. Setting a default expiration date of 01/01/2001 in Active Directory to force a password change... Info|2022-12-16 19:06:15|macosLAPS|Password Change is required as the LAPS password for , has expired Info|2022-12-16 19:06:15|macosLAPS|The local admin: has been detected to have a secureToken. Performing secure password change... Could not cast value of type 'NSTaggedPointerString' (0x7ff84d705c30) to 'NSNumber' (0x7ff84d706fd0). Abort trap: 6

Tried setting DaysTillExpiration using '-int'

defaults write /Library/Preferences/edu.psu.macoslaps.plist DaysTillExpiration -int 30

as suggested in #5 but had the same behavior. Then tried setting PasswordLength also using '-int'

defaults write /Library/Preferences/edu.psu.macoslaps.plist PasswordLength -int 14

after which it worked

/usr/local/laps/macosLAPS -resetPassword Info|2022-12-16 19:15:39|macosLAPS|Using Preferred Domain Controller ... Info|2022-12-16 19:15:39|macosLAPS|Password Change is required as the LAPS password for , has expired Info|2022-12-16 19:15:39|macosLAPS|The local admin: has been detected to have a secureToken. Performing secure password change... Info|2022-12-16 19:15:39|macosLAPS|Performing first password change using FirstPass key from configuration profile or string command line argument specified. Info|2022-12-16 19:15:40|macosLAPS|Password change has been completed locally. Performing changes to Active Directory Info|2022-12-16 19:15:40|macosLAPS|Password change has been written to Active Directory for the local administrator . The new expiration date is 2023-01-15 19:15:39 Info|2022-12-16 19:15:40|macosLAPS|Removing Keychain for local administrator account ...

joshua-d-miller commented 1 year ago

Hi there,

So you would need to specify the following keys in a config profile or the preferences file to ensure that the password change can happen:

Let me know if this helps!

joshua-d-miller commented 1 year ago

Hello there,

Wanted to reach out and see if you had any updates on your particular issue and if you were able to get macOSLAPS working.

Thanks!

ficbauer commented 1 year ago

Hi Joshua, we are actually having this issue and to be honest, I really do not know what else can we do as I trust we have have proper configuration. MicrosoftTeams-image (18)

MicrosoftTeams-image (19)

joshua-d-miller commented 5 months ago

Could you give the 4.0.0 Pre-Release a try and let me know if your issue is resolved?