Jamf Nation Community

ImAMacGuy · ‎08-09-2012

Would someone with more scripting ability be willing to look at my FB script for ML? It seems to knock the local admin accounts (JSS and our actual local admin). I tried creating new Quickadd packages with 8.6 and they error out on the systems as well.

https://github.com/n0brainer/Scripts/blob/master/firstboot.sh

nessts · ‎08-09-2012

not sure if i have more scripting ability, and not sure what knock the local admin accounts means. The only thing i would change in what you have done is where you are sleeping 30 seconds waiting for an account to exist, i would wait for /var/db/dslocal/nodes/Default/username.plist to exist.
sometimes things don't load at the same speed and 30seconds today might not work tomorrow.

ImAMacGuy · ‎08-09-2012

not exactly sure what's happening with them, but basically they are inactive. Casper wont talk to the systems, I can't SSH in using the local admin or the jss account. As best I can tell they just quit working. If I try to do a recon remotely it will start to gather applications then error out. If the user runs recon on his local machine (through the Casper Suite app) it errors out as well.

(Local Recon error as follows:
Recon failed during the submit process
Recon failed to submit to the jss. ...
Locating Package receipts..
locating printers...
locating software updates...
locating mobile device records...
submitting data to https://ourjss/....
failed to submit inventory
the management framework will be enforced as soon as all policies are done executing.

mm2270 · ‎08-09-2012

Are the accounts being deleted? Have you looked in dscl to see if they actually exist? Normal OS X Lion or Mountain Lion installs will delete any hidden accounts that are not part of the OS. So if your service accounts are sub 500 UIDs, they are likely being deleted unless you're adding them back in, or running a QuickAdd pkg after the fact.

ImAMacGuy · ‎08-09-2012

it doesn't look like they are. at least the folders are still in /private/var

mm2270 · ‎08-09-2012

Try doing a dscl . -list /Users and see if they show up in the list. Folders being in /private/var doesn't necessarily mean the accounts exist.

ImAMacGuy · ‎08-10-2012

it seems our local admin is there, but the jss is not.

dscl . -list /Users 
_amavisd
_appleevents
_appowner
_appserver
_ard
_atsserver
_avbdeviced
_calendar
_ces
_clamav
_coreaudiod
_cvmsroot
_cvs
_cyrus
_devdocs
_devicemgr
_dovecot
_dovenull
_dpaudio
_eppc
_ftp
_geod
_installassistant
_installer
_jabber
_kadmin_admin
_kadmin_changepw
_krb_anonymous
_krb_changepw
_krb_kadmin
_krb_kerberos
_krb_krbtgt
_krbtgt
_lda
_locationd
_lp
_mailman
_mcxalr
_mdnsresponder
_mysql
_netbios
_netstatistics
_networkd
_postfix
_postgres
_qtss
_sandbox
_screensaver
_scsd
_securityagent
_serialnumberd
_softwareupdate
_spotlight
_sshd
_svn
_taskgated
_teamsserver
_timezone
_tokend
_trustevaluationagent
_unknown
_update_sharing
_usbmuxd
_uucp
_warmd
_webauthserver
_windowserver
_www
cstaana
daemon
macadmin <-- local admin
nobody
root

nessts · ‎08-10-2012

what are the UIDs of both accounts, are you upgrading to 10.8 from something else? or is this a clean install? how are you creating the accounts if a clean install?

ImAMacGuy · ‎08-10-2012

its a self service upgrade from 10.7.x systems. it seems to be fine on my lab systems (fresh image of 10.7.4), but on user systems is when i have trouble.

nessts · ‎08-10-2012

Pretty sure that if you run the normal installer for 10.8 it will remove any hidden admin accounts, thus why i asked the UID on the admin accounts.

so just add a package or account creation in the JSS to the policy and you should be better off.

mm2270 · ‎08-10-2012

nessts is correct. 10.8 installation will delete any hidden accounts (sub 501 UIDs) that are not created by the system. This happened to me as well when doing some test installs on top of 10.7, so I've seen it myself.
Unless someone can figure out a way to modify the installation files, or if Apple does in a future update, there is no way to prevent this. Best you can do is add the accounts back in afterwards.
What happens if you run a QuickAdd install after the main OS installation?

ImAMacGuy · ‎08-10-2012

this is what i get when i run the quickadd i created under recon 8.6 on the machine

The installation failed
the following step failed: run postflight script for qwuickaddjss.  contact software manufacturer for assistance.

acdesigntech · ‎08-10-2012

looks like you should contact your software manufacturer for help ;)

j/k.

Apologies, this is for 10.6.8, but have you tried creating the user via terminal commands?

dscl . -create /Users/$ShortName dscl . -create /Users/$ShortName UserShell /bin/bash dscl . -create /Users/$ShortName RealName "$LongName" dscl . -create /Users/$ShortName UniqueID 529 dscl . -create /Users/$ShortName PrimaryGroupID 80 dscl . -create /Users/$ShortName NFSHomeDirectory /Volumes/Work/Users/$ShortName dscl . -create /Users/$ShortName Picture "/Library/User Pictures/Flowers/Red Rose.tif" dscl . -passwd /Users/$ShortName "$UserPass" dscl . -append /Groups/admin GroupMembership $ShortName

what is the result of that?

Jamf Nation Community

FirstBoot script help?