Crashplan - Trouble pulling username on deployment

macmanmk
Contributor

We have just upped our Crashplan instance to 6.8.8 and created a new deployment policy in Jamf because we are switching to cloud backup. This means a move away from short usernames to qualified e-mail addresses for authentication.

The deploy.properties file has a custom script embedded to pull the username and user home from the login.keychain. However, the script is failing to pull the username when it is run during deployment...it's not capturing the e-mail address. If I put the script on a user's machine and run it through Terminal as the user, it finds the information just fine. Is this a problem because the script is being run as root in Jamf?

3 REPLIES 3

robertliebsch
Contributor

tangent: can I see that script? Could help us eliminate a step of our "a few touches" deployment.

macmanmk
Contributor

Here it is. We are leveraging Enterprise Connect instead of AD binding.

#!/bin/bash

function main() {
   local username=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')
   local adUser=$(/usr/bin/security find-generic-password -l "Enterprise Connect" /Users/$username/Library/Keychains/login.keychain-db | awk -F "=" '/acct/ {print $2}' | tr -d """)
   local user_email=$(ldapsearch -o ldif-wrap=no -h ad.chgofirm.com -s sub -b `defaults read com.apple.Enterprise-Connect defaultNamingContext` sAMAccountName=$adUser mail 2>/dev/null|grep mail:| sed 's/mail: //'| awk -F: '{print $NF}') 
   echo "C42_USERNAME=${user_email}"
   echo "C42_USER_HOME=$(dscl . -read "/users/$username" NFSHomeDirectory | cut -d ' ' -f 2)"
}
main "$@"

Chris_Hafner
Valued Contributor II

@macmanmk @robertliebsch I want to to jump in here real quick. To be specific, that script should belong in the deployment policy section of the web console for Code42. Second, EC is now on it's way out... ish. I recently made the move to the cloud authority and decided to use the email addresses that we have in the JSS for the devices (Oddly, pulled from either EC or during initialization).Code42 hooked me up with this example and it's working rather well!

jssUser="API-User"
jssPass="API-Password";
jssUrl="https://jssURL:8443"
username=$(/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }')
user_email=$(curl -X GET -sku $jssUser:$jssPass -H "Accept: application/xml" $jssUrl/JSSResource/users/name/$username | xpath /user/email_address 2>/dev/null | sed -e 's/<email_address>//' | sed -e 's/</email_address>//')

ask () {
        osascript <<EOF - 2>/dev/null
        tell application "SystemUIServer"
        activate
        text returned of (display dialog "$1" default answer "")
        end tell
EOF
}

if [ -z "$user_email" ]; then
    name=$(ask 'CODE42 BACKUP - Your email address could not be found, please fill it in to continue: ')
    echo "C42_USERNAME=$name"
    echo "C42_USER_HOME=$(dscl . -read "/users/$username" NFSHomeDirectory | cut -d ' ' -f 2)"
else
    echo "C42_USERNAME=${user_email}"
    echo "C42_USER_HOME=$(dscl . -read "/users/$username" NFSHomeDirectory | cut -d ' ' -f 2)"
fi