Jamf Nation Community

ToriAnneke · ‎10-09-2014

Hey all,

I've been using this script with JSS ver 9.24 to cURL the QuickAdd from the jss:

#Now lets download the QuickAdd package directly from the JSS to /tmp
echo "Downloading current QuickAdd from the jss server"
curl -d username="*localJSSAdminUser*" -d password="*thatPasswd*" -s -k -c "/tmp/cookie.txt" -o /dev/null https://my.jss.company.com:8443/enroll && curl -s -b "/tmp/cookie.txt" -c "/tmp/cookie.txt" -k -o /tmp/QuickAdd.pkg https://my.jss.company:8443/flatpackagedownload

Today I've upgraded to JSS 9.52 and it no longer downloads.

I did read in the release paper that the suffix /osxenroll has been removed and should now read /enroll which I have changed above.

I poked around the User-Initiated Enrollment and the Enable user-initiated enrollment for computers is ticked along with it's necessary info.

The localJSSAdminUser account I use has Full Permissions set.

Not sure what else I am missing. I'm not that groovy with shell scripts :(

JSS is on an Ubuntu 12.04LTS and the JSS is now ver 9.52

Thanks in advance as always!

-pc

Bobst · ‎10-09-2014

pvader we have updated to the new version of Casper as well version 9.52. We used the same curl command to pull the package from the site. Since the update and the added enrollment screen it no longer works. We are exploring ideas at the moment. I will keep checking post to see if anyone has come up with a solution or I will post when we find a solution.

mm2270 · ‎10-09-2014

Silly question, but have you guys checked to see if the "flatpackagedownload" is still a valid path to the download under version 9.52? Is it possible its called something else now in that version and that's why the curl is failing? I don't have access to a 9.52 JSS I can look at to help, but just wondering.

Also, consider removing all the "-s" in the curl commands during troubleshooting, since you're suppressing any output with that flag so you won't see what its actually reporting. I've found at times curl can be good at telling you what the issue is if you allow it to.

Bobst · ‎10-09-2014

I looked at that and it was able to download portion of the QuickAdd but, failed upon installation. We are testing a method now where we use a QuickAdd generated from Recon.app with an expect script to put in credentials for jamf enroll -prompt. This eliminates issues that we have seen with the jamf invitation expiring.

alexjdale · ‎10-09-2014

When I script this, I don't download the Quickadd pkg, I curl down the jamf binary that is natively on the JSS and run an enroll command with that. Any drawbacks to that approach?

ToriAnneke · ‎10-10-2014

Ok.. so I thought I was alone. I was thinking it's the new enrolment screen that is bombing out the script. Bummer dude :(

@alexjdale What is the code to download the jamf binary?
I'd like to try that.

One guy I work with suggested hosting a Recon made QuickAdd on our intranet and then cURL that down. I guess that would work too?

Whacha think?
-p

NoahRJ · ‎10-10-2014

@Bobst, have you tried using jamf enroll -invitation, with the invitation ID you create in the Enrollment Invitation section? If you set it for multiple uses, it should never expire. We've had ours up for about a year and have successfully enrolled about 100 computers where the jamf binary is already in place.

Bobst · ‎10-10-2014

How do you set the invitation to be used for multiple uses? Think I'm over looking something somewhere. A heads up would be great.

Thanks

chriscollins · ‎10-10-2014

@Bobst][/url

Under the computers tab on the left side you create an invitation by clicking Enrollment Invitations, you can just set it to send to your own email since you don't really care about the email invite, and then during the wizard you get this screen: https://dl.dropboxusercontent.com/u/519077/screenshot_40.png

After you get past that screen configuring it the way you want, it will tell you the invitation ID number and you can copy that and use it with the jamf binary for enrollment.

ToriAnneke · ‎10-10-2014

Solved my issue by making a QuickAdd.pkg from Recon. Zipped it, uploaded to our intranet and now can use a very simple cURL command to download it, then unzip it, then run installer -pkg

curl -o /tmp/QuickAdd.pkg.zip http://my.intranet/QuickAdd.pkg.zip
unzip /tmp/QuickAdd.pkg.zip -d /tmp/
installer -pkg /tmp/QuickAdd.pkg -target /

For my workflow, this works like I want and with less cURL canoodling for me.

But it would still be nice to know how to get it from the JSS itself.

Thanks all,
-p

tlarkin · ‎10-10-2014

@pvader][/url

I have several methods of auto enrolling devices on my github, one that just downloads the binary directly. Each of them have their pros and cons, and of course all this stuff is very alpha-build proof of concept. So please, if you decide to use any of it, test it at least 50 times before deploying it to production. :-)

https://github.com/JAMFSupport/autoenroll

Feel free to fork it, improve it, pick it apart, etc.

Thanks,
Tom

c0n0r · ‎10-10-2014

I'm a big fan of the recon-generated invite codes that effectively never expire.

We then wrote a daemon that not only ensures client-side agent health, but also is a universal enrollment for any machine that executes it. I then include that daemon in every package we deploy, to essentially enforce 100% compliance with machines being under management (a pain point for us in the past).

Right now, we are doing what @pvader ended up doing, which is essentially packaging the binary, and curling down that package. Once we get the environment updated for Yosemite (3rd party CA support is also huge for us, and taking time for us to test), we plan on updating that daemon to just curl down the binary from the web app directly (like @tlarkin mentions).

The raw scripts are all up on my github
https://github.com/cschutzman/schutzman-scripts

Jamf Nation Community

Download the QuickAdd using cURL with JSS 9.52