Skip to main content
Solved

Automating User Cert install

  • August 7, 2018
  • 8 replies
  • 25 views
M
Forum|alt.badge.img+6

Hi All

I am running 10.5.0-t1527689731 on windows 2012 R2 in a clustered environment I am wondering if you can help, I know this topic has came up a few times but my understanding is still limited

I am trying to Automate the install of user certs on bound Macs At the minute I have a .mobileconfig which sits is a shared folder and a script that runs that mobileconfig file.
/usr/bin/profiles -I -F /Users/Shared/VMUserCert/VMUserCert.mobileconfig

The user still needs to input there user name and password and I would like this to be automatic.

The user is logged in at this point, so my question is, can this information be passed

Any help is greatly appreciated

Thanks Michael

Best answer by ryan_ball

Why do they have to enter their username and password? Could you not just install it for the user like below?

#!/bin/bash
/usr/bin/profiles -I -F /Users/Shared/VMUserCert/VMUserCert.mobileconfig userName
S

8 replies

J
Forum|alt.badge.img+14
  • jtrant
  • Honored Contributor
  • August 7, 2018

What about pushing a configuration profile with a "AD Certificate" payload? These can be user or computer level, and providing you have an approved MDM profile installed, Jamf can push these transparently.

R
Forum|alt.badge.img+19
  • ryan_ball
  • Contributor
  • Answer
  • August 7, 2018

Why do they have to enter their username and password? Could you not just install it for the user like below?

#!/bin/bash
/usr/bin/profiles -I -F /Users/Shared/VMUserCert/VMUserCert.mobileconfig userName
M
Forum|alt.badge.img+6
  • MichaelH
  • Author
  • Contributor
  • August 7, 2018

@ryan.ball Thanks for this mate.
I have tested adding in the userName variable however I am getting root user instead of the actually user Any ideas ?? I know I am being stupid somewhere here :)

M
Forum|alt.badge.img+6
  • MichaelH
  • Author
  • Contributor
  • August 7, 2018

@jtrant Hi mate thanks for this, I have tried that too and still does not pull back the AD Cert either as Computer or User level

R
Forum|alt.badge.img+19
  • ryan_ball
  • Contributor
  • August 7, 2018

What about this?

#!/bin/bash

loggedInUser=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')

if [[ ! "$loggedInUser" == "root" ]]; then
    echo "Installing cert for $loggedInUser."
    /usr/bin/profiles -I -F /Users/Shared/VMUserCert/VMUserCert.mobileconfig "$loggedInUser"
else
    echo "Skipping installation for root user; exiting."
    exit 0
fi

exit 0
M
Forum|alt.badge.img+6
  • MichaelH
  • Author
  • Contributor
  • August 7, 2018

@ryan.ball Ah thanks for this mate, your saving my life here So tried that and get this (x=username)
Script result: Installing cert for xxxxxxxxxxx.
profiles install for file:'/Users/Shared/VMUserCert/VMUserCert.mobileconfig' and user:'root' returned -319 (The ‘Active Directory Certificate’ payload could not be installed. The certificate request failed.)

R
Forum|alt.badge.img+19
  • ryan_ball
  • Contributor
  • August 7, 2018

Other than jrant's suggestion, I'd see if this does anything. Replace userName with a user who can get the cert to test if that would work.

If not I don't think I'll be much more help.

#!/bin/bash
sudo -u "userName" /usr/bin/profiles -I -F /Users/Shared/VMUserCert/VMUserCert.mobileconfig
M
Forum|alt.badge.img+6
  • MichaelH
  • Author
  • Contributor
  • August 7, 2018

Thats more help than I expected mate, Thank you for giving me some hints :)

Terms & ConditionsCookie settingsAccessibility statement