Hello all.
I struggle so hard for hours now to determine what could be wrong with the following AD script:
#!/bin/bash
apiurl="https://jss.company.com"
# decrypt API user auth string
function DecryptString() {
echo "${1}" | /usr/bin/openssl enc -aes256 -d -a -A -S "${2}" -k "${3}"
}
apistring=$(DecryptString "somestring" "$8" "$9")
echo "$apistring"
# decrypt AD user auth string
function DecryptString() {
echo "${1}" | /usr/bin/openssl enc -aes256 -d -a -A -S "${2}" -k "${3}"
}
adstring=$(DecryptString "somestring" "$10" "$11")
echo "$adstring"
# get Mac's serial number
serial=$(system_profiler SPHardwareDataType | awk '/Serial/ {print $4}')
echo "$serial"
# download some xml stuff from Jamf Pro and extract site name out of it
siteName=$( curl -sku "$apistring" $apiurl/JSSResource/computers/serialnumber/$serial/subset/general -X GET -H "Accept: application/xml" | xpath '/computer/general/site/name/text()' )
echo "$siteName"
echo "This Mac is assigned to Site $siteName"
# check AD status
adstatus=$( dsconfigad -show | awk '/Active Directory Domain/{print $NF}' )
echo $adstatus
# check if already bound to AD, then unbind
if [ "$adstatus" = "company.com" ]
then dsconfigad -remove $adstring
echo "This Mac has been previously bound to AD and got unbound now."
fi
# add to AD container matching to site
if [ "$siteName" = "Site1" ]
then dsconfigad -add "company.com" $adstring -computer "$ComputerName" -mobile enable -mobileconfirm disable -localhome enable -shell /bin/bash -ou "OU=Macintosh,OU=Computer,OU=CITY1,OU=COUNTRY1,OU=CONTINENT1,DC=company,DC=com" -groups "" -passinterval 0
echo "Mac added to AD Container company.com/CONTINENT1/COUNTRY1/CITY1/Computer/Macintosh"
elif [ "$siteName" = "Site2" ]
then dsconfigad -add "company.com" $adstring -computer "$ComputerName" -mobile enable -mobileconfirm disable -localhome enable -shell /bin/bash -ou "OU=Macintosh,OU=Computer,OU=CITY2,OU=COUNTRY2,OU=CONTINENT2,DC=company,DC=com" -groups "" -passinterval 0
echo "Mac added to AD Container company.com/CONTINENT2/COUNTRY2/CITY2/Computer/Macintosh"
# ...much more sites to follow, same pattern
else echo "Mac could not be added for some obscure reason to AD. Please check and do manually."
fi
exit
This script runs totally fine when running locally in CodeRunner and does exactly what it should. However, when running via Jamf (assumingly as root?), it just brings up:
Running script: bindToAD.sh
Script exit code: 0
Script result: (null)
Surprisingly, if I add "sudo su -" on top of local CodeRunner scripts, it also keeps on running with any progress at all, after entering password.
WTH?
Does anyone might have an idea where's the flaw in my script?