- Jamf Nation Community
- Products
- Jamf Pro
- Computer Name Change Based On User Enrollment Appl...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Computer Name Change Based On User Enrollment Applied Before Active Directory Binding
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-02-2016 05:22 PM
Here's my challenge...
I need to set the ComputerName, LocalHostName, and HostName values using the value of the username that was input into https://jss.domainname.com:8443/enroll at the time the QuickAdd.pkg is run...
We all know about the following commands:
sudo scutil --set ComputerName <ComputerName>
sudo scutil --set LocalHostName <LocalHostName>
sudo scutil --set HostName <HostName>So no need to discuss those.
Here is WHY I need this...
- We are setting a naming convention standard...
- Our Macs are bound to Active Directory...
- We need to truncate the ComputerName to 15 Characters to adhere to pre-Windows 2000 (NetBIOS) requirements...
Here is what I envision the process should look like...
- User self-enrolls via https://jss.domainname.com:8443/enroll
- User downloads and runs QuickAdd.pkg
- QuickAdd.pkg runs a script
- The script DOES NOT rely on the currently logged in username
- The script somehow gets the username the user typed in into the enrollment window
- The script massages the username to fit neatly into the 15-character or less format (if necessary)
- The script sets the ComputerName, LocalHostName, and HostName values
- QuickAdd.pkg continues and bind to AD using the 15-character or less ComputerName value
- The QuickAdd.pkg finishes with success
- I sit back and have a beer!
Awesome sauce. Right?!
So - I've been pouring over the QuickAdd.pkg installer log to see if there's a smoking gun to grep the user credentials as used to enroll into the JSS. Not seeing those. I see the local username details.
Anyone have an idea how I can get the username from the enrollment process passed to my script?
Thoughts?
Thanks!
Kind regards,
Caine Hörr
A reboot a day keeps the admin away!
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-02-2016 06:22 PM
Does the username populate into th JSS as "username" against the computers?
If it does you could use the API to pull it down, although this would require an account with read access to the JSS to do.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-02-2016 08:28 PM
so...
That account created when the user self enrolls will not be an AD account ....so why bind to AD at all? The smart users will keep using that local account.. It's time to stop binding to AD and move to using profiles to manage the Password...( IBM and many other big companies are no long using AD)
We have the same requirements naming convention standard and AD...
We bind once with the serial # the user logs in with their AD account then we unbind and re-bind with the naming convention standard..
C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-02-2016 09:08 PM
Have something like the following run before your bind policy?
#!/bin/sh
#set the api user creds
apiUser=$4
apiPass=$5
#pull the machine serial
serial=$(ioreg -c IOPlatformExpertDevice -d 2 | awk -F" '/IOPlatformSerialNumber/{print $(NF-1)}')
#query the jss
response=$(curl -k https://jss.yourdomain.com:8443/JSSResource/computers/serialnumber/${serial}/subset/location --user "${apiUser}:${apiPass}")
#cull the username
user_name=$(echo $response | /usr/bin/awk -F'<username>|</username>' '{print $2}');
#set names with truncated username
/usr/sbin/scutil --set ComputerName "${user_name:0:15}"
/usr/sbin/scutil --set LocalHostName "${user_name:0:15}"
/usr/sbin/scutil --set HostName "${user_name:0:15}"
#flush DNS cache
dscacheutil -flushcacheThis is a slightly altered (to fit your needs) version of a test I threw together a while ago, my api user and pass were passed encrypted using openssl so I just threw the $4 and $5 parameters in there to fill the space.
Hope that helps.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-04-2016 10:51 AM
Thanks! This look promising! I'll tinker with this and see if this works! If I can make this work, and if you're going to be at the JNUC 2016, I'll buy you a beer! ;-)
Kind regards,
Caine Hörr
A reboot a day keeps the admin away!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-04-2016 10:54 AM
You're preaching to the choir. Unfortunately, management trumps the engineer sometimes.
Kind regards,
Caine Hörr
A reboot a day keeps the admin away!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-04-2016 10:58 AM
I'll be there! Hope this works for you, I use a slightly different version of this to autoname machines that get added when we aquire a new company and need to incorporate their existing equipment prior to the bind policy. Works great for me!
Ours truncates the name to 12 characters and appends "mac" to the end, and passes the api user encrypted using openssl... but outside of that it's same-same so should do what you need.
