Help

AD binding in terminal

Go to solution
schwende
New Contributor

Posted on ‎10-22-2014 02:10 PM

So, working on ad binding in terminal on 10.9.2, though I am not sure flavor would matter that much. Right now I have dsconfigad -add -username "username" -p "password"

Now, I am trying to use an admin password my whole group uses, but it does not work. However, mine does. Both have access for joining the domain and if I leave out -p "password", when I hit enter, it asks for the password and it works fine. It just will not work as part of the command. As a test, I changed my password to contain special characters such as @ or $ and it fails now too.

Is there a way to allow the password to work with special characters? This will end up being a short script applied to macs after imaging with deploy studio.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
davidacland
Honored Contributor II
Honored Contributor II

Posted on ‎10-22-2014 02:34 PM

You might need to use single quotes instead of double for the password to ensure that all characters between the opening and closing quotes are not translated to their special meaning. In double quotes, some special characters are still translated.

So if my password was $1234, using "$1234" would send 1234 (actually it would fail completely unless this was a previously declared variable with the right value) but '$1234' would work.

Not sure if this is the issue but hopefully it helps.

View solution in original post

0 Kudos
7 REPLIES 7

Go to solution
iJake
Valued Contributor

Posted on ‎10-22-2014 02:21 PM

Is there a reason you are not using the Directory Bindings built into the JSS? You can run these via policy.

0 Kudos

Go to solution
schwende
New Contributor

Posted on ‎10-22-2014 02:25 PM

Not sure what JSS is, jamf software server? All imaging is done from a mini with deploy studio.

0 Kudos

Go to solution
davidacland
Honored Contributor II
Honored Contributor II

Posted on ‎10-22-2014 02:34 PM

You might need to use single quotes instead of double for the password to ensure that all characters between the opening and closing quotes are not translated to their special meaning. In double quotes, some special characters are still translated.

So if my password was $1234, using "$1234" would send 1234 (actually it would fail completely unless this was a previously declared variable with the right value) but '$1234' would work.

Not sure if this is the issue but hopefully it helps.

0 Kudos

Go to solution
schwende
New Contributor

Posted on ‎10-22-2014 02:52 PM

I will try that a couple times and see how it goes. Worked once but I wanna try it on a couple machines to be sure, but it looks like a winner!

0 Kudos

Go to solution
davidacland
Honored Contributor II
Honored Contributor II

Posted on ‎10-22-2014 02:58 PM

Glad to hear it worked!

0 Kudos

Go to solution
iJake
Valued Contributor

Posted on ‎10-22-2014 03:02 PM

Yes, the JSS is the JAMF Software Server. I understand imaging is done outside of Casper but I still think you'd be better served using the Directory Binding built into Casper. You could have a service account for handling AD binding and those credentials would be securely stored in the JSS and not have to either be in a script in plain text or provided via stdin in an interactive script. That's just my opinion, though.

0 Kudos

Go to solution
calumhunter
Valued Contributor

Posted on ‎10-22-2014 04:32 PM

deploystudio also has a binding task to automate this aswell

i agree if you have casper, use the built in binding. If you only have deploystudio, look at using the built in ad binding task.
if neither of those built in features are flexible enough and you need to specify more configuration options - script it and deploy it via either of those mechanisms ie deploystudio first boot script or casper policy to run the script

0 Kudos