Jamf Nation Community

GoranPOne10 · ‎05-20-2021

We need to add search domains to our VPN configuration that we push out with Jamf Pro.
We've tried "networksetup -setsearchdomains "name of our VPN adapter" .ourdomain.com". This does not work against VPN network adapters. Anyone has a way to add them in the configuration profile or with a script after the profile is installed.

cjavallas · ‎05-26-2021

Did anyone ever answer I have the same need. The profile locks the vpn setting and even if you manually add the search domain it does not work..

GoranPOne10 · ‎06-08-2021

We can actually add search domains manually under advanced network settings. The problem is automating it via script or configuration profile.

Skrottin · ‎10-27-2021

@GoranPOne10I've a script that works but our problem is that when the VPN CP is pushed from Jamf to computers the preferences.plist file in /Library/Preferences/SystemConfiguration puts an extra key in the DNS key for the VPN configuration pushed from Jamf..

<key>DNS</key>
<dict>
   <key>SearchDomains</key>
   <array>
      <string>ourdomain.com</string>
   </array>
   <key>__INACTIVE__</key>
   <true/>
</dict>

And I can't seem to be able to remove

<key>__INACTIVE__</key>
<true/>

with the help of PlistBuddy because it can't find the right key to remove. The inactive key is there before the script that adds the search domain has run so it's not the script that causes the problem. If we manually add a VPN configuration and run the script the inactive key isn't there either.. So it has to be something with the VPN configuration profile. We have an open support ticket with Jamf regarding this now.

This is our "add search domains" script:

#!/bin/bash

# Variables:
## Field 4: Network Service name
## Field 5: Search domain address

searchNetwork="$4"
searchDomain="$5"

# The magic happens
echo "Network Service name to be configured - ${searchNetwork}"
echo "Specified Search Domains addresses - ${searchDomain}"
networksetup -setsearchdomains "${searchNetwork}" $searchDomain

echo "Completed!"
exit 0

We are using the Parameter Labels in the script's options to fill the variables ($4 and $5)

GoranPOne10 · ‎10-27-2021

So the script works only if you manually add the VPN configuration. Thanks for sharing this info. Let us know how it goes with the support ticket.

Skrottin · ‎10-28-2021

The script works on the VPN configuration pushed from Jamf aswell, but the difference between the VPN config pushed from Jamf and a manually created one is that the Jamf VPN config gets the

<key>__INACTIVE__</key>
<true/>

in the preferences.plist file for some reason, and the key is there from the start (even before the "add search domain" script is run.) I will let you know how it goes!

Phatmandrake1 · ‎11-02-2021

So we recently switch to Meraki and we can't push the search domain for VPN clients through DHCP and we can't add the search domain to a JAMF Config Profile.

My disappointment is immeasurable and my day is ruined.

My workaround for now will be to use https://github.com/halo/macosvpn to create the VPN connections, but ugh....

Skrottin · ‎11-03-2021

We found some sort of workaround meanwhile we wait for the Jamf support to get back to us. We are now pushing out a file to etc/resolver/ with the following content:

domain <yourdomain.com>
search <yourdomain.com>
nameserver <your.DNS.server1.IP>
nameserver <your.DNS.server2.IP>
search_order 1

Jamf Nation Community

Add Search domains to our VPN configuration