Help

AD Binding advice

ianmb
Contributor

Posted on ‎01-05-2015 04:30 AM

I'm pretty new to Casper and my scripting skills are not up to speed yet so I'd like to do all of this in Casper if at all possible.

I have a requirement to:

  1. Place a couple of certificates on clients and 'Always Trust' them in the System Keychain (I guess a Configuration Profile would be best?)
  2. Set the correct time zone and accurate time on the client
  3. Ensure the computer name is correct as per our device registration system (using scutil)
  4. Ensure IPV6 is disabled (as I'm told this can prevent successful binding) and ensure client is set to get an IP via DHCP
  5. Finally run the relevant dsconfigad commands

Can all this be done step by step in the JSS, and if so can I be sure everything gets run in order? Or is it better to have an independent, all-in-one script? If so, how would you do this?

I have a little experience with Casper Imaging. Any guidance is gratefully appreciated!

0 Kudos
Reply
3 REPLIES 3

davidacland
Honored Contributor II

Posted on ‎01-05-2015 05:15 AM

These are my normal methods:

  1. I use the security command-line tool to import the certificates, although a profile could be a way to do it
  2. I normally do this with a script ``` /usr/sbin/systemsetup -settimezone "Europe/London" 
    1. I set the computer name using Casper Imaging during deployment
  3. I do this via a script using ``` networksetup -setv6off . The network interfaces should be set to DHCP by default so nothing to do there.
  4. I bind the Mac to AD using the built in Casper tools, then I set extra options (such as pass interval) using a dsconfigad command (which can be run as part of the binding policy)

Hope this helps.

0 Kudos
Reply

jjones
Contributor II

Posted on ‎01-05-2015 06:34 AM

I had just recently used Scutil to rename some laptops that were not in Casper, but this could be used if you happen to have them deployed already but need to change names.

I ended up writing this script to read the NetBIOSName, as Deploy Studio names them and pushes their name to our AD, and then using it to rename the HostName, LocalHostName and ComputerName.

Here's the script:

#!/bin/sh

#Retrieves Name from NetBiosName
defaults=$(defaults read /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName)

#Sets Name retrieved from NetBiosName
scutil --set HostName $defaults
scutil --set ComputerName $defaults
scutil --set LocalHostName $defaults

#Prints Scutil Names in terminal for report of new name
scutil --get HostName
scutil --get ComputerName
scutil --get LocalHostName

I might add that scutil seems to report wrongly for the new name from time to time. For me ComputerName would report the previous name, but when I would manually check scutil it would report correctly that time.

0 Kudos
Reply

bentoms
Release Candidate Programs Tester

Posted on ‎01-05-2015 08:21 AM

@ianmb, I've written up my imaging workflow: https://macmule.com/2014/12/21/my-casper-imaging-workflow/

We do some similar steps to you, here's a breakdown using the above too:

  1. Certs are deployed via profiles
  2. Timezone is set on the Macs via script in the "Postflight" policy & this script is set to run "Before"
  3. We use another before script to set the computer name using the JAMF binary (we use the Macs serial number)
  4. We don't disable IPv6.. but each to their own
  5. Lastly we bind the Mac using a Directory Binding within the JSS
0 Kudos
Reply