Skip to main content

Hi All



I am running 10.5.0-t1527689731 on windows 2012 R2 in a clustered environment
I am wondering if you can help, I know this topic has came up a few times but my understanding is still limited



I am trying to Automate the install of user certs on bound Macs
At the minute I have a .mobileconfig which sits is a shared folder and a script that runs that mobileconfig file.
/usr/bin/profiles -I -F /Users/Shared/VMUserCert/VMUserCert.mobileconfig



The user still needs to input there user name and password and I would like this to be automatic.



The user is logged in at this point, so my question is, can this information be passed



Any help is greatly appreciated



Thanks
Michael

What about pushing a configuration profile with a "AD Certificate" payload? These can be user or computer level, and providing you have an approved MDM profile installed, Jamf can push these transparently.

Why do they have to enter their username and password? Could you not just install it for the user like below?



#!/bin/bash

/usr/bin/profiles -I -F /Users/Shared/VMUserCert/VMUserCert.mobileconfig userName

@ryan.ball Thanks for this mate.
I have tested adding in the userName variable however I am getting root user instead of the actually user
Any ideas ??
I know I am being stupid somewhere here 🙂

@jtrant Hi mate thanks for this, I have tried that too and still does not pull back the AD Cert either as Computer or User level

What about this?



#!/bin/bash



loggedInUser=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "

");')



if [[ ! "$loggedInUser" == "root" ]]; then

    echo "Installing cert for $loggedInUser."

    /usr/bin/profiles -I -F /Users/Shared/VMUserCert/VMUserCert.mobileconfig "$loggedInUser"

else

    echo "Skipping installation for root user; exiting."

    exit 0

fi



exit 0

@ryan.ball Ah thanks for this mate, your saving my life here
So tried that and get this (x=username)
Script result: Installing cert for xxxxxxxxxxx.
profiles install for file:'/Users/Shared/VMUserCert/VMUserCert.mobileconfig' and user:'root' returned -319 (The ‘Active Directory Certificate’ payload could not be installed. The certificate request failed.)

Other than jrant's suggestion, I'd see if this does anything. Replace userName with a user who can get the cert to test if that would work.



If not I don't think I'll be much more help.



#!/bin/bash

sudo -u "userName" /usr/bin/profiles -I -F /Users/Shared/VMUserCert/VMUserCert.mobileconfig

Thats more help than I expected mate, Thank you for giving me some hints 🙂

Terms & ConditionsCookie settings