- Jamf Nation Community
- Products
- Jamf Pro
- lpadmin script
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
lpadmin script
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-28-2009 01:21 PM
Hello,
Can someone help me figure this script out? I am trying to setup rights for my network mobile users and they don't have rights to add printers.
But I found some help from apple that would let local and network users to add printers without being administrators.
http://support.apple.com/kb/HT3511
When you add them to the user group of lpadmin it would ask for password from the command line.
dseditgroup -o edit -p -d admin -t group _lpadmin
dseditgroup -o edit -n /Local/Default -u admin -p -a $3 -t user lpadmin (this line would ask for user of admin password, no idea where to add if I put it in the script?)
Thank you in advanced.
14 REPLIES 14
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-28-2009 01:30 PM
Tommy
Ever think of adding printers in Casper Admin then adding them as a self
service install and limiting the scope of clients to what printers you
want them to install.
I looked at that hint and it only allows the "add printer app" to run,
and it won't allow for users to add it via System Prefs. Every user is
part of the _lpadmin group but I couldn't get it to work either really.
Also are you running that as a log in hook? Because casper will only
use $3 as the current user when using it as a log in hook. If you run
it as a log in policy it should run as root and not ask for the
password.
-Tom
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-28-2009 01:51 PM
And, if you are using Casper 7 you can now push an MCX pref to not require
admin privs to add printers.
Steve Wood
Director of IT
swood at integer.com
The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-28-2009 01:57 PM
Steve,
Would you please extrapolate on this? As I am going to migrate to
version 7 here really soon and would love to just push out MCX instead.
Thanks
Tom
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-28-2009 02:09 PM
Thank you guys for your help, I think I’m going to try out the MCX and see if that would work.
Here is the script logs.
/usr/sbin/jamf is version 7.0
Executing Policy Lpadmin mobile...
Downloading http://10.8.10.134:80/APPSOSX/Scripts//lpadmin mobile.sh...
Running Script lpadmin mobile.sh...
Script Exit Code:255
Script Result: Please enter user password:
Authentication failed.
Running Recon...
Thanks,
Tommy Nguyen
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-28-2009 02:14 PM
Does anyone know if Casper 7 MCX settings will coexist with OD MCX settings? Or can this cause a potential problem?
JIM ORING, JR.
SCHAWK!
jim.oringjr at schawk.com
3116 West Avenue 32
Los Angeles, CA 90065 USA
schawk.com
Please consider the impact to the environment and your responsibility toward protecting it before
printing this e-mail.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-28-2009 02:16 PM
It seems that script requires a password, which means you can put the
password in there but you would then be putting the password in your log
files which is not a good thing.
I am not sure exactly the best work around for this. I would go with
the MCX method or with the Casper Admin and Self Service methods.
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry: 913-449-7589
office: 913-627-0351
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-28-2009 10:43 PM
I would say coexist as long as they don't overlap. Ie try to put same mcx in both od and Casper, u could use Casper as means to wenne itself off od, personally I'm gonna stick with od
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-29-2009 07:12 AM
If one did want to put the password in the script for testing, where would I
put it? I tried putting the password on the next line in the script, but it
throws an error when the script is run because it tries to run the password
as a command.
--
Alan Benedict
?
Macintosh Technician
The Integer Group
O: 515-247-2738
C: 515-770-8234
http://www.integer.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-29-2009 07:44 AM
You would use the "-p" flag in the dseditgroup command and put the password
right after it.
--missing content--
dseditgroup -o edit -n /Local/Default -u admin -p <adminpassword> -a
printerusers -t group lpadmin
Mobile user:
dseditgroup -o edit -n /Local/Default -u admin -p <adminpassword> -a studen
t
-t user lpadmin
Thomas
- in the JSS in 7 you can now create MCX preferences to push out. And
not to be a goob about it, but starting on page 302 of the Casper 7
manual, they lay out everything about Managed Preferences. It is
fairly simple to do, and during the creation of the profile you give
that MCX pref a scope of machines to work on.
Make sense?
Steve Wood
Director of IT
swood at integer.com
The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475
On Wed, Jul 29, 2009 at 9:12 AM, Alan Benedict <abenedict at integer.com>wrote
:
If one did want to put the password in the script for testing, where woul
d
I put it? I tried putting the password on the next line in the script, b
ut
it throws an error when the script is run because it tries to run the password as a command. -- Alan Benedict =EF=A3=BF Macintosh Technician The Integer Group O: 515-247-2738 C: 515-770-8234 http://www.integer.com *From:* casper-bounces at list.jamfsoftware.com [mailto: casper-bounces at list.jamfsoftware.com] *On Behalf Of *Thomas Larkin *Sent:* Tuesday, July 28, 2009 1:57 PM *To:* Steve Wood *Cc:* Tommy Nguyen; <casper at list.jamfsoftware.com> casper at list.jamfsoftware.com *Subject:* Re: [Casper] lpadmin script Steve, Would you please extrapolate on this? As I am going to migrate to versi
on
7 here really soon and would love to just push out MCX instead. Thanks Tom >>> Steve Wood <swood at integer.com> 07/28/09 3:51 PM >>> And, if you are using Casper 7 you can now push an MCX pref to not requi
re
admin privs to add printers. Steve Wood Director of IT <swood at integer.com>swood at integer.com The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201 T 214.758.6813 | F 214.758.6901 | C 940.312.2475 On Tue, Jul 28, 2009 at 3:30 PM, Thomas Larkin < <tlarki at kckps.org>tlarki at kckps.org> wrote: Tommy Ever think of adding printers in Casper Admin then adding them as a self service install and limiting the scope of clients to what printers you w
ant
them to install. I looked at that hint and it only allows the "add printer app" to run, a
nd
it won't allow for users to add it via System Prefs. Every user is part
of
the _lpadmin group but I couldn't get it to work either really. Also are you running that as a log in hook? Because casper will only use $3 as the current user when using it as a log in hook. If you run it as
a
log in policy it should run as root and not ask for the password. -Tom >>> "Nguyen, Tommy" < <Tommy.Nguyen at raytownschools.org> Tommy.Nguyen at raytownschools.org> 07/28/09 3:21 PM >>> Hello, Can someone help me figure this script out? I am trying to setup rights for my network mobile users and they don=E2=80=99t have rights to add pr
inters.
But I found some help from apple that would let local and network users
to
add printers without being administrators. <http://support.apple.com/kb/HT3511>http://support.apple.com/kb/HT3511 When you add them to the user group of lpadmin it would ask for password from the command line. dseditgroup -o edit -p -d admin -t group _lpadmin dseditgroup -o edit -n /Local/Default -u admin -p -a $3 -t user lpadmin (this line would ask for user of admin password, no idea where to add if
I
put it in the script?) Thank you in advanced.
Casper mailing list <Casper at list.jamfsoftware.com>Casper at list.jamfsoftware.com <http://list.jamfsoftware.com/mailman/listinfo/casper> http://list.jamfsoftware.com/mailman/listinfo/casper
Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper
Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper
Casper mailing list Casper at list.jamfsoftware.com http://list.jamfsoftware.com/mailman/listinfo/casper
--0016e640876815654b046fd93b6d
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
You would use the "-p" flag in the dseditgroup command and put th
e password right after it.<div><br></div><div>From the Apple article, netwo
rk user:</div><div><br></div><div>dseditgroup -o edit -n /Local/Default -u
admin -p <adminpassword> -a printerusers -t group lpadmin</div>
<div><br></div><div>Mobile user:</div><div><br></div><div>dseditgroup -o ed
it -n /Local/Default -u admin -p <adminpassword> -a student -t user l
padmin</div><div><br></div><div><br></div><div>Thomas -=C2=A0in=C2=A0the=C2
=A0JSS=C2=A0in=C2=A07=C2=A0you=C2=A0can=C2=A0now=C2=A0create=C2=A0MCX=C2=A0
preferences=C2=A0to=C2=A0push=C2=A0out.=C2=A0=C2=A0And=C2=A0not=C2=A0to=C2
=A0be=C2=A0a=C2=A0goob=C2=A0about=C2=A0it,=C2=A0but=C2=A0starting=C2=A0on
=C2=A0page=C2=A0302=C2=A0of=C2=A0the=C2=A0Casper=C2=A07=C2=A0manual,=C2=A0t
hey=C2=A0lay=C2=A0out=C2=A0everything=C2=A0about=C2=A0Managed=C2=A0Preferen
ces.=C2=A0=C2=A0It=C2=A0is=C2=A0fairly=C2=A0simple=C2=A0to=C2=A0do,=C2=A0an
d=C2=A0during=C2=A0the=C2=A0creation=C2=A0of=C2=A0the=C2=A0profile=C2=A0you
=C2=A0give=C2=A0that=C2=A0MCX=C2=A0pref=C2=A0a=C2=A0scope=C2=A0of=C2=A0mach
ines=C2=A0to=C2=A0work=C2=A0on.</div>
<div><br></div><div>Make=C2=A0sense?</div><div><br></div><div><br><div>Stev
e Wood<br>Director of IT<br><a href"mailto:swood at integer.com">swood at inte
ger.com</a> <br><br>The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas
, TX 75201 <br>
T 214.758.6813 | F 214.758.6901 | C 940.312.2475 <br>
<br><br><div class"gmail_quote">On Wed, Jul 29, 2009 at 9:12 AM, Alan Be
nedict <span dir"ltr"><<a href"mailto:abenedict at integer.com">abene
dict at integer.com</a>></span> wrote:<br><blockquote class"gmail_quote"
style"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
If one did want to put the password in the script for testing, where would
I put it? =C2=A0I tried putting the password on the next line in the script
, but it throws an error when the script is run because it tries to run the
password as a command.<br clear"all">
<font color"#888888">
--<br>Alan Benedict<br>=EF=A3=BF<br>Macintosh Technician <br>The Integer Gr
oup<br>O: 515-247-2738<br>C: 515-770-8234<br><a href"http://www.integer.
com" target"_blank">http://www.integer.com</a></font><div><div></div><di
v class"h5">
<br><br>
<br><br><div class"gmail_quote"><blockquote class"gmail_quote" style
"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgc
olor"#FFFFFF"><div><div><blockquote type"cite"><div><div><div><div st
yle"border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in
">
<p style"margin:0in;margin-bottom:.0001pt"><b><span style"font-size:1
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-29-2009 07:53 AM
I created the printer MCX preferences and pushed them out to all the macs in my district and it worked so far.
Thank you guys for helping.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-29-2009 08:49 AM
Would you mind sharing the settings you used with the rest of us? :)
--
Alan Benedict
?
Macintosh Technician
The Integer Group
O: 515-247-2738
C: 515-770-8234
http://www.integer.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-29-2009 09:51 AM
If you still just wanted to add a directory group to the local admin group
using a script via a Casper policy, you don't need to supply the -p flag
and a password. Casper runs scripts as root on the local workstation.
For example, this is what we use:
/usr/sbin/dseditgroup -o edit -n /Local/Default -a od-staff-all -t group
lpadmin
where od-staff-all is our all staff group. You could change to using a
username there as well, such as with Casper's script parameters.
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-29-2009 10:13 AM
I always just use the following command, deployed by policy:
dscl . -append /Groups/_lpadmin GroupMembership [target user]
That fixes the issue of the user not being able o add printers
immediately..of course, if you don't want users adding printers, well...
Keith
Sent from my iPhone
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-29-2009 01:40 PM
That command worked, thank you Keith.
On the MCX settings I just used the "Creating Settings from Template" and Choose RequiredAdminToAddPrinters to Value false instead of true. RequiredAdminToPrintLocally to Valus False also.
With the MCX settings it takes awhile for the settings to kick in, and also there are no log files to see if any stations got the setting applied.
----Original Message-----
