Before you begin
- These instructions assume an intermediate familiarity with MacOs, terminal emulators, and bash/shell commands.
- In Barracuda RMM, navigate to Site Management > Sites > The name of the site this device belongs to > Credentials.
- Ensure that there are credentials in place for SNMP, SSH, and optionally VNC.
- Ensure you know what the passwords are for the configured SSH and VNC credential sets that are configured there.
- Take note of the SNMP community string(s) you have configured.
- Log in to the Mac you wish to configure with an Administrator-level account. Make sure you know the password for the account you are logged in with, as you will be prompted for it.
Configure the SNMP Service
- If the file
/etc/snmp/snmpd.confexists, back it up before proceeding. - Open a terminal window.
Run the following commands from the terminal, replacing them with the community string you have configured for the site:
sudo launchctl unload -w /System/Library/LaunchDaemons/org.net-snmp.snmpd.plist sudo printf "rocommunity \nsysobjectid 1.3.6.1.4.1.8072.3.2.16\n" > /etc/snmp/snmpd.conf sudo launchctl load -w /System/Library/LaunchDaemons/org.net-snmp.snmpd.plist
Create the service account
- Choose Apple menu > System Preferences, then click Users & Groups.
- Click the lock icon to unlock it, then enter the username and password of an existing Administrator.
- Click Add below the list of users.
- Click the New Account pop-up menu, then choose Administrator.
- Enter a Full Name for the new user. (This can be anything.)
- Change the Account Name to be the SSH username you have configured in Barracuda RMM.
- Set the password to the SSH password you have configured in Barracuda RMM.
- Select Allow user to administer this computer.
- Click Create User.
Configure and hide the service account
- Open a terminal window.
- Enter the following command:
sudo visudo Ensure that the following line is listed in the sudoers file you just opened, with replaced by the SSH username you have configured in Barracuda RMM:
ALL=(ALL) NOPASSWD: ALL- Save and exit visudo with the command:
:wq Optionally, run the following commands from the terminal to hide the service account. As usual, replace with the username you have configured in Barracuda RMM:
sudo defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array-add mei sudo mv /Users/ / /var// sudo dscl . -create /Users/ NFSHomeDirectory /var/
Configure the VNC (Remote Management) service
- If the Apple Remote Agent (ARDAgent) service is running (eg. with the Activity Monitor or the ps command), stop it.
- Open a terminal window.
Run the following command, replacing with a valid username (either the current user or the SSH username Barracuda RMM is using), and with the VNC password configured in Barracuda RMM:
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -privs -all -users -clientopts -setvnclegacy -vnclegacy yes -clientopts -setvncpw -vncpw "" -restart -agent -privs -all
Enable SSH
- Open a terminal window.
- Run the following command to see if the com.apple.access_ssh group already exists or not:
sudo dseditgroup com.apple.access_ssh - If it does not already exist, run the following command as well:
sudo dseditgroup -o create -q com.apple.access_ssh Run the following command to add the service account to the SSH group, replacing with the SSH username you have configured in Barracuda RMM:
sudo dseditgroup -o edit -a -t user com.apple.access_ssh- Run the following command to enable remote login:
sudo systemsetup -setremotelogin on