+9I have created a custom MCX to set:
Apply setting to: System Level Enforced
Domain: /Library/Preferences/com.apple.smb.server
Key: AllowGuestAccess
Value: false
I am unable to come up with the appropriate command line that will check this value:
I have tried many variations of both "dscl . mcxread" and "defaults read" but I seem to be missing the correct structure for the command. can someone jump in and point me in the right direction? Please!
Best answer by mm2270
Just some questions. Why the in front of AllowGuestAccess in your script? I don't understand why that would be needed. When using defaults to read that back you shouldn't need to escape that. Or am I the one missing something?
Also, why do you need to check what it finds against a desired value in the EA itself? The Extension Attribute should simply be returning a result, which you can then use to create Smart Groups to take some action, like dropping a machine into scope of your MCX setting. Its not like you'd be looking for the script in the EA to take some action on the machine if it doesn't find the desired value. It really just plugs a value into the db. Taking an action is what a policy would be for.
Does something simpler like this work?
#!/bin/sh
GuestAccess=`/usr/bin/defaults read /Library/Preferences/SystemConfiguration/com.apple.smb.server AllowGuestAccess 2> /dev/null`
echo $GuestAccess
if [[ $GuestAccess == 0 ]]; then
echo "<results>Disabled</result>"
elif [[ $GuestAccess == 1 ]]; then
echo "<result>Not Disabled</result>"
elif [[ $GuestAccess == "" ]]; then
echo "<result>Unknown</result>"
fiForgive me if I'm overlooking something.
+24Why not just
/usr/bin/defaults read /Library/Preferences/com.apple.smb.server AllowGuestAccessWhen I set the value to false with defaults and read it back I get 0, which is the correct value returned for a false setting. Even though you use human readable words when setting it, reading it back displays a value of 0 or 1 (false or true)
+9your suggestion works in the command line and returns 0, So I have thisas my EA script and it returns:
Fail (/usr/bin/defaults read /Library/Preferences/SystemConfiguration/com.apple.smb.server AllowGuestAccess).
I am missing something easy here! I just know it.
#!/bin/sh
desiredValue="0"
result=""
tmpResult= /usr/bin/defaults read /Library/Preferences/SystemConfiguration/com.apple.smb.server AllowGuestAccess
if [ "$tmpResult" == "1" ]; then
result="true"
else
if [ "$tmpResult" == "0" ]; then
result="false"
else
if [ "$tmpResult" == "" ]; then
result="Domain or Key Not Found"
else
result="$tmpResult"
fi
fi
fi
if [ "$result" == "$desiredValue" ]; then
echo "<result>Pass ($result)</result>"
else
echo "<result>Fail ($result)</result>"
fi
+9@mm2270
I actually had to change the path in the example above
+24Just some questions. Why the in front of AllowGuestAccess in your script? I don't understand why that would be needed. When using defaults to read that back you shouldn't need to escape that. Or am I the one missing something?
Also, why do you need to check what it finds against a desired value in the EA itself? The Extension Attribute should simply be returning a result, which you can then use to create Smart Groups to take some action, like dropping a machine into scope of your MCX setting. Its not like you'd be looking for the script in the EA to take some action on the machine if it doesn't find the desired value. It really just plugs a value into the db. Taking an action is what a policy would be for.
Does something simpler like this work?
#!/bin/sh
GuestAccess=`/usr/bin/defaults read /Library/Preferences/SystemConfiguration/com.apple.smb.server AllowGuestAccess 2> /dev/null`
echo $GuestAccess
if [[ $GuestAccess == 0 ]]; then
echo "<results>Disabled</result>"
elif [[ $GuestAccess == 1 ]]; then
echo "<result>Not Disabled</result>"
elif [[ $GuestAccess == "" ]]; then
echo "<result>Unknown</result>"
fiForgive me if I'm overlooking something.
+31To test the output of the previous command in bash, you can use `echo $?`
for example:
bash-3.2$ dscl . list /Users | grep tlarkin
tlarkin
bash-3.2$ echo $?
0Returning zero means it exited with no errors
bash-3.2$ dscl . list /Users | grep conanthebarbarian
bash-3.2$ echo $?
1The last command failed, so it had an exit status of 1. You can use that to see if a command returns a proper exit status or not.
+9Thanks So much to everyone , I have learned a lot!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.