Hi all,
I am pretty exited about 10.7.2 new feature:
OS X Lion's Profile management feature and the ADCertificatePayload
Plugin provide the ability to easily request and retrieve a digital
certificate from a Microsoft Active Directory Certificate Services
Certificate Authority. For a Lion system bound to Active Directory, this
feature greatly simplifies the process of obtaining a digital identity
for a computer or user account. (see below link)
http://support.apple.com/kb/HT4784
But I can't seem to find profile management for Mascs in jss 8.22. Do I
need 8.3? Also where is it in Server Admin Tools? Do I need OD (we use
Casper no OD, but I wanted to compare them)?
BTW anyone achieving this in 10.6?
I am trying to put a script together for Snow Leopard Macs as in below
sample (thanks to AFP548 chaps). Is this the right way to do it? Or is
there a script that I can study? I am not sure how to grep the KEY? How to
passhash the clear text pw?
http://www.afp548.com/article.php?story081231001749966
KEY
MACHINE_NAME
DOMAIN_NAME
CSR
CRT
CA_URL
REQ_ID
PK12
openssl req -new -batch -newkey rsa:1024 -nodes -keyout "${KEY}" -out
"{CSR}" -subj "/CN=${MACHINE_NAME}.${DOMAIN_NAME}"
ENCODED_CSR=`cat ${CSR} | hexdump -v -e '1/1 "%02xt"' -e '1/1 "%cn"' |
LANG=C awk '
$1 == "20" { printf("%s", "+"); next
}
$2 ~ /^[a-zA-Z0-9.()/-]$/ { printf("%s", $2); next }
{ printf("%%%s", $1)
}'`
curl -o ${CRT} --negotiate -u :
${CA_URL}/certnew.cer?ReqID=${REQ_ID}&Enc=b64
openssl pkcs12 -export -in ${CRT} -inkey ${KEY} -out ${PK12} -name
"${MACHINE_NAME}" -passout pass:mypass
security import ${PK12} -k /Library/Keychains/System.keychain -f pkcs12 -P
mypass
Thanks for looking.
Cem
