macOSLAPS icon indicating copy to clipboard operation
macOSLAPS copied to clipboard

Published 20 hours ago verified publisher icon joshua-d-miller

macOSLAPS 3.0.2.776 on macOS 12.6.1 - Could not cast value of type 'NSTaggedPointerString' to 'NSNumber'

Open tlcarpenter opened this issue 2 years ago • 4 comments

I was getting errors running 'macosLAPS version' and 'macosLAPS resetPassword'

/usr/local/laps/macosLAPS resetPassword Info|2022-12-16 19:06:15|macosLAPS|Using Preferred Domain Controller <AD DC>... Warning|2022-12-16 19:06:15|macosLAPS|There has never been a random password generated for this device. Setting a default expiration date of 01/01/2001 in Active Directory to force a password change... Info|2022-12-16 19:06:15|macosLAPS|Password Change is required as the LAPS password for , has expired Info|2022-12-16 19:06:15|macosLAPS|The local admin: has been detected to have a secureToken. Performing secure password change... Could not cast value of type 'NSTaggedPointerString' (0x7ff84d705c30) to 'NSNumber' (0x7ff84d706fd0). Abort trap: 6

Tried setting DaysTillExpiration using '-int'

defaults write /Library/Preferences/edu.psu.macoslaps.plist DaysTillExpiration -int 30

as suggested in #5 but had the same behavior. Then tried setting PasswordLength also using '-int'

defaults write /Library/Preferences/edu.psu.macoslaps.plist PasswordLength -int 14

after which it worked

/usr/local/laps/macosLAPS -resetPassword Info|2022-12-16 19:15:39|macosLAPS|Using Preferred Domain Controller <AD DC>... Info|2022-12-16 19:15:39|macosLAPS|Password Change is required as the LAPS password for , has expired Info|2022-12-16 19:15:39|macosLAPS|The local admin: has been detected to have a secureToken. Performing secure password change... Info|2022-12-16 19:15:39|macosLAPS|Performing first password change using FirstPass key from configuration profile or string command line argument specified. Info|2022-12-16 19:15:40|macosLAPS|Password change has been completed locally. Performing changes to Active Directory Info|2022-12-16 19:15:40|macosLAPS|Password change has been written to Active Directory for the local administrator . The new expiration date is 2023-01-15 19:15:39 Info|2022-12-16 19:15:40|macosLAPS|Removing Keychain for local administrator account ...

tlcarpenter avatar Dec 17 '22 00:12 tlcarpenter

Hi there,

So you would need to specify the following keys in a config profile or the preferences file to ensure that the password change can happen:

  • LocalAdminAccount
  • FirstPass- especially now with secureToken
  • Method - If you don't have AD and want to send to somewhere else.

Let me know if this helps!

joshua-d-miller avatar Dec 22 '22 19:12 joshua-d-miller

Hello there,

Wanted to reach out and see if you had any updates on your particular issue and if you were able to get macOSLAPS working.

Thanks!

joshua-d-miller avatar Jan 30 '23 01:01 joshua-d-miller

Hi Joshua, we are actually having this issue and to be honest, I really do not know what else can we do as I trust we have have proper configuration. MicrosoftTeams-image (18)

MicrosoftTeams-image (19)

ficbauer avatar Mar 08 '23 12:03 ficbauer

Could you give the 4.0.0 Pre-Release a try and let me know if your issue is resolved?

joshua-d-miller avatar Feb 28 '24 21:02 joshua-d-miller