Automating User Cert install

MichaelH
New Contributor III

Hi All

I am running 10.5.0-t1527689731 on windows 2012 R2 in a clustered environment I am wondering if you can help, I know this topic has came up a few times but my understanding is still limited

I am trying to Automate the install of user certs on bound Macs At the minute I have a .mobileconfig which sits is a shared folder and a script that runs that mobileconfig file.
/usr/bin/profiles -I -F /Users/Shared/VMUserCert/VMUserCert.mobileconfig

The user still needs to input there user name and password and I would like this to be automatic.

The user is logged in at this point, so my question is, can this information be passed

Any help is greatly appreciated

Thanks Michael

1 ACCEPTED SOLUTION

ryan_ball
Valued Contributor

Why do they have to enter their username and password? Could you not just install it for the user like below?

#!/bin/bash
/usr/bin/profiles -I -F /Users/Shared/VMUserCert/VMUserCert.mobileconfig userName

View solution in original post

8 REPLIES 8

jtrant
Valued Contributor

What about pushing a configuration profile with a "AD Certificate" payload? These can be user or computer level, and providing you have an approved MDM profile installed, Jamf can push these transparently.

ryan_ball
Valued Contributor

Why do they have to enter their username and password? Could you not just install it for the user like below?

#!/bin/bash
/usr/bin/profiles -I -F /Users/Shared/VMUserCert/VMUserCert.mobileconfig userName

MichaelH
New Contributor III

@ryan.ball Thanks for this mate.
I have tested adding in the userName variable however I am getting root user instead of the actually user Any ideas ?? I know I am being stupid somewhere here :)

MichaelH
New Contributor III

@jtrant Hi mate thanks for this, I have tried that too and still does not pull back the AD Cert either as Computer or User level

ryan_ball
Valued Contributor

What about this?

#!/bin/bash

loggedInUser=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')

if [[ ! "$loggedInUser" == "root" ]]; then
    echo "Installing cert for $loggedInUser."
    /usr/bin/profiles -I -F /Users/Shared/VMUserCert/VMUserCert.mobileconfig "$loggedInUser"
else
    echo "Skipping installation for root user; exiting."
    exit 0
fi

exit 0

MichaelH
New Contributor III

@ryan.ball Ah thanks for this mate, your saving my life here So tried that and get this (x=username)
Script result: Installing cert for xxxxxxxxxxx.
profiles install for file:'/Users/Shared/VMUserCert/VMUserCert.mobileconfig' and user:'root' returned -319 (The ‘Active Directory Certificate’ payload could not be installed. The certificate request failed.)

ryan_ball
Valued Contributor

Other than jrant's suggestion, I'd see if this does anything. Replace userName with a user who can get the cert to test if that would work.

If not I don't think I'll be much more help.

#!/bin/bash
sudo -u "userName" /usr/bin/profiles -I -F /Users/Shared/VMUserCert/VMUserCert.mobileconfig

MichaelH
New Contributor III

Thats more help than I expected mate, Thank you for giving me some hints :)