- Jamf Nation Community
- Products
- Jamf Pro
- Crashplan - Trouble pulling username on deployment
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Crashplan - Trouble pulling username on deployment
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-20-2019 03:39 PM
We have just upped our Crashplan instance to 6.8.8 and created a new deployment policy in Jamf because we are switching to cloud backup. This means a move away from short usernames to qualified e-mail addresses for authentication.
The deploy.properties file has a custom script embedded to pull the username and user home from the login.keychain. However, the script is failing to pull the username when it is run during deployment...it's not capturing the e-mail address. If I put the script on a user's machine and run it through Terminal as the user, it finds the information just fine. Is this a problem because the script is being run as root in Jamf?
Labels:
- Labels:
-
Jamf Pro
-
Software Distribution
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-20-2019 04:46 PM
tangent: can I see that script? Could help us eliminate a step of our "a few touches" deployment.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-20-2019 07:29 PM
Here it is. We are leveraging Enterprise Connect instead of AD binding.
#!/bin/bash
function main() {
local username=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')
local adUser=$(/usr/bin/security find-generic-password -l "Enterprise Connect" /Users/$username/Library/Keychains/login.keychain-db | awk -F "=" '/acct/ {print $2}' | tr -d """)
local user_email=$(ldapsearch -o ldif-wrap=no -h ad.chgofirm.com -s sub -b `defaults read com.apple.Enterprise-Connect defaultNamingContext` sAMAccountName=$adUser mail 2>/dev/null|grep mail:| sed 's/mail: //'| awk -F: '{print $NF}')
echo "C42_USERNAME=${user_email}"
echo "C42_USER_HOME=$(dscl . -read "/users/$username" NFSHomeDirectory | cut -d ' ' -f 2)"
}
main "$@"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-21-2019 12:57 PM
@macmanmk @robertliebsch I want to to jump in here real quick. To be specific, that script should belong in the deployment policy section of the web console for Code42. Second, EC is now on it's way out... ish. I recently made the move to the cloud authority and decided to use the email addresses that we have in the JSS for the devices (Oddly, pulled from either EC or during initialization).Code42 hooked me up with this example and it's working rather well!
jssUser="API-User"
jssPass="API-Password";
jssUrl="https://jssURL:8443"
username=$(/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }')
user_email=$(curl -X GET -sku $jssUser:$jssPass -H "Accept: application/xml" $jssUrl/JSSResource/users/name/$username | xpath /user/email_address 2>/dev/null | sed -e 's/<email_address>//' | sed -e 's/</email_address>//')
ask () {
osascript <<EOF - 2>/dev/null
tell application "SystemUIServer"
activate
text returned of (display dialog "$1" default answer "")
end tell
EOF
}
if [ -z "$user_email" ]; then
name=$(ask 'CODE42 BACKUP - Your email address could not be found, please fill it in to continue: ')
echo "C42_USERNAME=$name"
echo "C42_USER_HOME=$(dscl . -read "/users/$username" NFSHomeDirectory | cut -d ' ' -f 2)"
else
echo "C42_USERNAME=${user_email}"
echo "C42_USER_HOME=$(dscl . -read "/users/$username" NFSHomeDirectory | cut -d ' ' -f 2)"
fi