Security

Reply
Frequent Contributor II

JAMF MDM

Anyone have experience integrating JAMF with CPPM?  We're seeing an odd situation which happened again.

 

In CPPM, we configure the JAMF server and life is good.  CPPM logs indicate it is communicating properly with JAMF and getting updates. 

 

What we find is at some point, devices which are added to JAMF come over to CPPM but none of the JAMF information is in the endpoint database.  As a result, CPPM indicates the device is not in JAMF (it is there) so the device gets assigned a BYOD type role.  When this happened before, we deleted the JAMF server connection info and added it back then the endpoint database populated correctly.  Do I have to do this periodically to get JAMF to work properly with CPPM?

Guru Elite

Re: JAMF MDM

Do you see any endpoint updates for those devices in the Audit Viewer?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II

Re: JAMF MDM

The only thing I see is when I manually changed it from unknown to known.

Moderator

Re: JAMF MDM

Can you confirm what versions you have deployed for both CPPM and JAMF. Also does your JAMF deployment just contain Mac OS X devices or a mixture of iOS as well. Depnding on your version of CPPM we have an option to enable the integration to recover the managed OS X computers as well.

 

Frequent Contributor II

Re: JAMF MDM

CPPM is 6.2.3

JAMF is 9.2.2

 

We do have some MAC OS X but mainly IOS devices.

Moderator

Re: JAMF MDM

We are not running the same release of JAMF in our lab environment so are attempting to update to match your deployment. In the interim it couldn't hurt to get a TAC case raised as the support team can look at some additional logs through the support shell that might be able to point us in the right direction.

 

Keep you posted.

 

 

Frequent Contributor II

Re: JAMF MDM

We've discovered an odd situation: the device is only being reported to CPPM by JAMF using the hardwire LAN MAC address.  Therefore it looks to CPPM that the device is a BYOD device even though the device is in JAMF.  The WLAN MAC is in JAMF but it is listed as 'secondary' address while the LAN address is the 'primary' address.  Could that be the cause?  Does no one else using CPPM use JAMF?

Moderator

Re: JAMF MDM

I seem to recall when we were doing the initial integration with JAMF that the order of interfaces is related to which interface (Ethernet or WiFi) was active during the MDM enrollment. It might be worth speaking with your JAMF contact to confirm this detail. Nonetheless, we should record each as a new endpoint within ClearPass and hence will be available for policy enforcement decisions.
Frequent Contributor II

Re: JAMF MDM

According to our local SE, 6.3 should address this issue. We're working to get the upgrade done for our pilot.  I'll report back on progress.

Moderator

Re: JAMF MDM

Hi this issue was resolved in CPPM 6.2.3. 

 

The issue relates JAMF presenting an attribute they called alt_mac_address, we were not reading this but added this in the 6.2.3 code.

 

 


Best Regards
-d

ClearPass Product Manager

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: