Posted on 08-01-2014 10:49 PM
Here's the long and short of it:
I have a large number of systems running 10.7.5 that need to have data backed up to a network share (as a failsafe only) before they can be upgraded to Mavericks. Ideally, this script needs to run from start to finish in Casper Remote: it logs the computer in from the welcome screen to a predetermined user account; mounts a network share using osascript events, and then runs rsync on the /Users folder. I would have used "mount_smbfs -o nobrowse ... " but Samba is horribly broken in Lion and I get "authentication error" even though I've triple-checked everything. So my only other option is to do everything through the GUI, and that calls for AppleScript.
I've tried at least 6 variations of an automated login sequence that relies on AppleScript / osascript, but they're not working at all on 10.7. I used to work at a lab with about 40 Macs running 10.4, and then at two different medium-sized companies with 400 Macs running 10.5 and 10.6. I was always able to use ARD to set off a series of commands using osascript that tell System Events to send some keystrokes. This would magically fill in the login fields and press Enter when done. Those of you who are reading this know what I'm talking about.
As of 10.7, however, the "osascript" trick does not work in ARD as it used to. It doesn't work when run as root, either locally or remotely via ssh (manual login or Casper Remote).
I've searched this forum and many other places for ways to get it to work; however, I get one of the following errors from osascript:
36:52: execution error: An error of type -10810 has occured
91:98: syntax error: A number can’t go after this identifier. (-2740)
46:47: syntax error: Expected end of line but found “"”. (-2741)
I have verified that there aren't any "Smart Quotes" in the files.
I am only using TextMate and nano to edit the scripts.
They all have 755 permission.
I've tried running the osascript line-by-line at the command line.
I've tried the following solutions, and as many user-suggested alternatives as I could find:
https://jamfnation.jamfsoftware.com/discussion.html?id=5560
https://jamfnation.jamfsoftware.com/featureRequest.html?id=770
https://groups.google.com/forum/#!msg/macenterprise/MO3qhulRpJY/ktKOjMMxk1EJ
http://hints.macworld.com/article.php?story=2010021119293586
http://hints.macworld.com/article.php?story=2005062918513721
https://discussions.apple.com/message/20625863
Everything that people are saying works, doesn't for me.
Have I overlooked something?
Thanks!
Posted on 08-02-2014 10:14 AM
The syntax errors probably means you have an extra single or double quote somewhere in the script. If you have been doing some copying/pasting, make sure to disable smart quotes (and dashes) as they sometimes cause problems.
defaults write NSGlobalDomain NSAutomaticQuoteSubstitutionEnabled -bool false
defaults write NSGlobalDomain NSAutomaticDashSubstitutionEnabled -bool false
As for the execution error, I have typically seen that if access to assistive devices are not enabled.
I have the scripts that I use for scripting a GUI login hosted on Github:
https://github.com/jacobsalmela/login-user-to-gui-via-cli
In my environment, I use this trick all the time all of the time. Manually touching 200+ computers to enter the username/password is not feasible (we do not use auto-login as we have multiple users). I'm currently using a Python script for this, but the bash version works fine, too.
I have gotten this to work on Mavericks and it also seems to work in Yosemite.
Posted on 08-02-2014 10:35 AM
Jacob,
Thanks for your response. I entered everything by hand in nano and TextMate, so I'm positive there are no smart quotes at all. The error 2741 indicates that it was looking for a regular double-quote, and said character is encapsulated by smart quotes (“"”).
I did touch /private/var/db/.AccessibilityAPIEnabled per the suggestions from some of those links I included, and confirmed that Access for Assistive Devices was enabled. However, I still did not achieve success with any combination of the scripts mentioned above.
BTW, the interpreter I'm using is #!/bin/sh . Your script specifies /bin/bash. I thought Casper Remote mandated the use of /bin/sh. Does it make a difference in this case?
Posted on 08-02-2014 10:40 AM
So I tried this manually at the command prompt, error 2740.
Screenshot: http://imgur.com/TjUhVEP
Posted on 08-02-2014 10:46 AM
I edited the screenshot, so if you're reading this from email the first link is long gone.
Posted on 08-02-2014 12:39 PM
I don't think there is a huge difference; I have just always used bash.
Everything does look correct in your image. I see your entering it manually over ssh, have you tried saving it as a script instead of running it directly from the shell? I typically run the entire script from ARD.
Otherwise, I have seen the sudo touch /private/var/db/.AccessibilityAPIEnabled, not take effect until a reboot.
Posted on 08-02-2014 01:11 PM
I've been trying to simulate the environment of Casper Remote scripts by running as root with /bin/sh as the interpreter. Or at least I assumed that was the case. Apple Remote Desktop forces all scripts to run as /bin/bash . Can other types be used in Casper Remote?
Posted on 08-02-2014 02:18 PM
I have had mixed results using the GUI login scripts via Casper Remote--but I get 100% success with ARD.
To answer your question: yes; whatever shebang your script is set to in the JSS, it should run as that. For instance, I have all three, Python, bash, and sh:
#!/bin/bash
#!/bin/sh
#!/usr/bin/python
If you still want to do it manually over SSH, you could try breaking the commands up instead of using the EOF method:
....
osascript -e 'tell application "system events" to keystroke "username"'
osascript -e 'tell application "system events" to keystroke tab'
osascript -e 'tell application "system events" to keystroke "password"'
...
Posted on 08-03-2014 01:15 AM
Hi Jacob,
I still can't run this manually as root at the command line, so I'm 99% sure it's going to fail when I try it in Casper Remote on Monday.
Here's what I'm doing to simulate this:
1) I make sure .AccessibilityAPIEnabled exists, and rebooted the machine just to be sure
2) ssh into the machine as macadmin
3) run 'sudo su -' to elevate to root.
4) run /bin/bash to switch interpreters. The prompt now reads bash-3.2#
5) run your first command (osascript ... "username") manually, and this appears:
36:56: execution error: An error of type -10810 has occurred. (-10810)
6) run the same UNIX command from ARD, run as root, and it works.
I'm testing all of this at home on a Parallels 9 instance running 10.7.5. My host is running Mavericks.
What am I missing here?
Posted on 08-03-2014 09:33 PM
Forgive me if this wouldn't apply for you...since 10.7 I have sometimes used a workflow where a .pkg or .dmg that enables auto-login for a certain admin account is installed and then reboots the machine. Upon startup it auto-logs in and then immediately disables auto-login for the next reboot before it does anything else. If interested I can send you a list of the contents of that dmg.