Posted on 02-26-2019 04:54 AM
Do anyone has a good idea how to configure cisco anyconnect in a package, so server string etc is included.
To user composer seems to be wrong way as it is kind of strange packet, so would rather go for the default package. But I have been unable to find where the file is for the connection server. I thought it was /Opt , but there seems to be other places where it hide something and there are really many files in that package that changes according to composer where I tried to see if I could find it
Posted on 02-26-2019 06:38 AM
I put everything into a tmp folder, then use a postflight script to install the pkg and move our Orginfo.json file into the appropriate folder.
You're spot on about the location though. For our deployment, it's sitting in /opt/cisco/anyconnect/umbrella/
Posted on 02-26-2019 06:52 AM
This discussion on JN has the method we use to deploy AnyConnect with only the VPN module by using a choices.xml file:
In the particular post I linked to you can see where @jhbush1973 is actually deploying the profile at the same time. I do not do that because I have different profiles for each business units I support. The profile lives in /opt/cisco/anyconnect/profile
on your systems. You can have multiple profiles (all with different file names) or you can have one profile with all of your VPN concentrators listed. The relevant part of the profile XML file is towards the bottom:
<ServerList>
<HostEntry>
<HostName>Display Name of VPN</HostName>
<HostAddress>vpn.yourserver.com</HostAddress>
<UserGroup></UserGroup>
</HostEntry>
</ServerList>
If you have different user groups in use, you can put the user group name in between <UserGroup></UserGroup>
and it will load to that group when you fire up the VPN.
I build using the pkgbuild
binary since this is a relatively simple package and I don't want to fire up Packages or Composer for something this simple. I have a template folder that I clone and then I put stuff in the proper locations. Place any files you want to deliver to the machine in ROOT
using the full folder path to what you want. In this case I want to drop the Choices.XML
file and the AnyConnect
installer into /tmp
. Put your postinstall
script into Scripts
and then run the Build.sh
script. I have my script configured to need the name you want and the version and then it tacks on the date in ISO 8601 format.
#!/bin/bash
args=("$@")
pkgName="${args[0]}"
echo "Supply the package name and version: build.sh <pkgname> <version>"
# get date for package name
myDate=`date +%Y%m%d`
# Name of the package.
NAME="${pkgName}"
# Once installed the identifier is used as the filename for a receipt files in /var/db/receipts/.
IDENTIFIER="com.omnicom.$NAME"
# Package version number.
VERSION="${args[1]}"
# Remove any unwanted .DS_Store files.
find ROOT/ -name '*.DS_Store' -type f -delete
# Build package.
/usr/bin/pkgbuild
--root ROOT/
--scripts scripts/
--identifier "$IDENTIFIER"
--version "$VERSION"
"Output/$NAME-$VERSION-$myDate.pkg"
Hope that makes sense and helps.
Posted on 02-26-2019 09:15 AM
@stevewood I don't yet have my Jamf Server running - I'm waiting on my Linux team for MySQL - Postflight is new to me - Is the postflight script referenced above created by Jamf? Or, is this something created manually for each situation?
Posted on 02-27-2019 08:31 AM
A postlfight script is not a Jamf thing, it is a Mac packaging thing. A postflight (or preflight or postinstall or preinstall) script is part of a package that runs after the package has run to finish up things. The script is created for each package/situation, unless you're re-using the same package but slightly changing it in some way.
Posted on 02-28-2019 04:16 AM
Sorry - fount the solution. Host name was different to host adress, that confused me
Posted on 01-16-2020 02:09 PM
@stevewood I have been trying to get Cisco Anyconnect with just the VPN profile and our server address pre-populated into the application for a while I read through your post and this seems like a workable solution. Would you be able to point me in the direction of any online resources that could guide one on how to use pkgbuild binary? I am working with Jamf support and they keep nudging me in the direction of using Composer.... this is not working for me at all. Any assistance would be appreciated, thanks.
Posted on 01-17-2020 09:50 AM
http://thegreyblog.blogspot.com/2014/06/os-x-creating-packages-from-command_2.html
https://juusosalonen.com/post/139067064745/demystifying-pkgbuild-in-os-x
Even better, for a deep dive into packaging, @arminBriegel book: Packaging
You do not have to use pkgbuild
do this. This is just the way I do it. You can do this in Composer or using another packaging tool like:
The basics are that you're dropping the installer, choices file, and the VPN profile XML file into a temp location and then the postinstall script runs the install and then copies the XML into the proper directory.