Help

Advise; Secundary DC upgraded to WS2016, new certificate for Wi-Fi HELP!

Go to solution
ThijsX
Valued Contributor
Valued Contributor

Posted on ‎05-03-2017 09:32 AM

Hi,

At our organisation we are deploying device profiles to OS X devices to grant acces to our employee network. In the device profile are 2 domain controller certificates included of our primary and secundary domain controller.

The issue is, one of or sysadmins upgraded the secundairy DC from win 2012 to 2016 so by that he has issued a new domain controller certificate.

When we deploy that to machines it will only work when we delete the old device profile, in the past when the certificates getting expired we deployed a .pkg that deploys the same device profile with new certificates with the same DC name.

Now when we deploy the new .pkg with the .mobileconfig files with new info it wont overwire but create a new device profile and only works when we manually remove the old device profile.

is there any command we can add to our install/deploy script that it first removes that specific old device (wifi) profile?

Quick help woud be appreciated!

Greetings!!

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
Look
Valued Contributor III

Posted on ‎05-03-2017 02:21 PM

Here is an ancient old script That I used to use to find and remove a profile with a specific name older than a specific date.
It would require testing, but it used to work...

#!/bin/bash

#Global Variable
STALE_NAME="ENTER THE PROFILE NAME HERE"
STALE_DATE="2015-01-19"
STALE_DATE=$(echo $STALE_DATE | sed 's/[^0-9]*//g')
WIFI_PROFILES=$(Profiles -Lv | awk '/attribute: name:/ && / $STALE_NAME/,/attribute: profileIdentifier:/' | awk '/attribute: profileIdentifier:/ {print $4}')
for WIFI_PROFILE in $WIFI_PROFILES
do
echo Profile: $WIFI_PROFILE
WIFI_DATE=$(Profiles -Lv | sort -r | awk '/attribute: profileIdentifier: '$WIFI_PROFILE'/,/attribute: installationDate:/' | awk '/attribute: installationDate:/ {print $4}')
echo Install: $WIFI_DATE
WIFI_DATE=$(echo $WIFI_DATE | sed 's/[^0-9]*//g')
if [ $WIFI_DATE -lt $STALE_DATE ]
then
echo The profile "$WIFI_PROFILE" is STALE
echo Attempting to remove stale profile
profiles -R -p "$WIFI_PROFILE"
else
echo The profile "$WIFI_PROFILE" is CURRENT
fi
done
exit 0

View solution in original post

0 Kudos
Reply
2 REPLIES 2

Go to solution
Look
Valued Contributor III

Posted on ‎05-03-2017 02:21 PM

Here is an ancient old script That I used to use to find and remove a profile with a specific name older than a specific date.
It would require testing, but it used to work...

#!/bin/bash

#Global Variable
STALE_NAME="ENTER THE PROFILE NAME HERE"
STALE_DATE="2015-01-19"
STALE_DATE=$(echo $STALE_DATE | sed 's/[^0-9]*//g')
WIFI_PROFILES=$(Profiles -Lv | awk '/attribute: name:/ && / $STALE_NAME/,/attribute: profileIdentifier:/' | awk '/attribute: profileIdentifier:/ {print $4}')
for WIFI_PROFILE in $WIFI_PROFILES
do
echo Profile: $WIFI_PROFILE
WIFI_DATE=$(Profiles -Lv | sort -r | awk '/attribute: profileIdentifier: '$WIFI_PROFILE'/,/attribute: installationDate:/' | awk '/attribute: installationDate:/ {print $4}')
echo Install: $WIFI_DATE
WIFI_DATE=$(echo $WIFI_DATE | sed 's/[^0-9]*//g')
if [ $WIFI_DATE -lt $STALE_DATE ]
then
echo The profile "$WIFI_PROFILE" is STALE
echo Attempting to remove stale profile
profiles -R -p "$WIFI_PROFILE"
else
echo The profile "$WIFI_PROFILE" is CURRENT
fi
done
exit 0
0 Kudos
Reply

Go to solution
ThijsX
Valued Contributor
Valued Contributor

Posted on ‎05-04-2017 12:43 AM

Hi @Look

Thank you very much, this was the solution i needed, used the script as pre-installation.

many thanks!

Greetings,
Thijs Xhaflaire

0 Kudos
Reply