Scripting help

Not applicable

Questions for scripting experts. I'm trying to run this as a script and for
some reason its not running. Here is what I've scripted.

#!/bin/sh

dsconfigad -groups "NAdomain admins,NAenterprise
admins,NAby-r-corpworkstationadmin-wk-f,NAby-r-MacAdminUsers-WK-F"

Does anything jump out that prevents this from running? After running the
script using Casper the log says it can't be found which I'm guessing there
is a syntax error somewhere?

Thanx,
Cyrus

22 REPLIES 22

milesleacy
Valued Contributor

It would help if you tell us what you're trying to accomplish with the
script.
I can alter this and make it do a bunch of different things.

ernstcs
Contributor III

The log says those groups can't be found or that the scripts can't be found?

Craig E

ernstcs
Contributor III

I have basically the same thing so I'm not sure what the issue is. If the machine is already bound you don't need to specify the domain in front of the names.

--

#!/bin/sh

######################################################
## This script will add the following group later to AD bindings.
## Created Wednesday, January 9, 2008 - ERNSTCS
######################################################

sleep 90

/usr/sbin/dsconfigad -groups "LAB.BITS.ADMINS,LAB.ADMINS"

--

I have a sleep in there to make sure the services needed to do this are running. This script runs at FirstRun after imaging so I make sure the AD binding part has finished first with the sleep.

You trust your domain and enterprise admins? =)

If the JAMF log is saying it can't even find your script that's a different problem. What happens if you run this script locally on a machine?

Craig E

Not applicable

You have escaping problems here. In bash (and sh) '' is reserved for escaping characters. If you want to put "quotes inside another set of quotes, you have to "escape" them with ''". Right now you are escaping 'd' (with d), etc. If you want to put those backslashes in, you need to also escape them. That can be done by just replacing them with .

A good way to test your string escaping is to just echo it for testing. Test this string with:

echo "NAdomain admins,NAenterprise admins,NAby-r- corpworkstationadmin-wk-f,NAby-r-MacAdminUsers-WK-F"

and I think it will return

NAomain admins,NAnterprise admins,NAby-r-corpworkstationadmin-wk- f,NAby-r-MacAdminUsers-WK-F

Note that double quotes doesn't solve this, single quotes might, but you should really double them up. Check out this part of the ABS for more info: http://tldp.org/LDP/abs/html/escapingsection.html

Ryan Harter
UW - Stevens Point
Workstation Developer
715.346.2716
Ryan.Harter at uwsp.edu

Not applicable

Trying to add an AD group for the AD plug-in. Like to add
'NAby-r-macadminusers-wk-f' to the existing three listed in the script
using dsconfigad command.

Using the command below works fine in terminal but not with the script I've
written. Just did a quick test in terminal and the script ran off the
desktop. So there shouldn't be any syntax errors.

To answer a few questions/commnents following this email.

The log says it can't find the script and not the group.
I can run the script locally as mentioned above so the syntax should be
OK. I'm not and AD expert and haven't looked to see who are domain and admin
members. They are populated when the machine is bound. Thanx for bringing
this up and I'll look to see if they need to be in there or not.
Ryan, I'm not sure what you mention in your email is causing any issues,
at least not based on running the script locally. Also tried your echo test
and output was as expected.
* I've also propagated permissions on the server with no change.

Thanx for all the input.

milesleacy
Valued Contributor

Are you running this at image time? If so, it should be run "at reboot",
otherwise you're executing it on your utility drive or whatever you're
booted to while imaging.

ImAMacGuy
Valued Contributor II

All,

I was hoping to borrow some of your knowledge in scripting.

I'm trying to configure a firstboot script that will set a lot of the
settings for us, I have a lot of them in place, but a couple are continuing
to cause trouble.

The major areas of frustration is using kickstart to configure
1. System Pref --> Sharing --> Remote Login.

- Specifically, Allow access for our Admin Account and Deployment Account
  1. System Pref --> Remote Management
    Specifically for setting Only these users for our Admin Account Note: echo AllowGroups OurDomainOurGlobalAdmin admin >> /etc/sshd_config ­ we want our

# ARD Configuration
#Enable ARD for macadmin
echo "Config ARD"
$kickstart -configure -allowAccessFor -users adminact,deploymentact
$kickstart -activate -configure -access -on -users "adminact" -privs -all
-clientopts -setvnclegacy -vnclegacy yes -setvncpw -vncpw <password>
-restart -agent -console

#Kerberos-Enabled SSH Authentication. Also specifies which specific groups
are allowed to ssh.
echo "Enable Kerberos SSH"
echo KerberosAuthentication yes >> /etc/sshd_config
echo KerberosOrLocalPasswd yes >> /etc/sshd_config
echo AllowGroups OurDomainOurGlobalAdmin admin >> /etc/sshd_config

Not applicable

There is a shell script called "enableARD.sh" in the Resource Kit that
you can download from JAMF that should allow you to easily set the ARD
users/settings that you want. Only very minor modification was
required for us to use this script (change the name of the ARD user,
password, etc.)

Damien Barrett
System Technician
Montclair Kimberley Academy
973-842-2812

talkingmoose
Moderator
Moderator

Additionally, this is a very handy page on Apple's site for using
On 9/28/10 11:55 AM, "Damien Barrett" <damien.barrett at gmail.com> wrote:
kickstart:
<http://support.apple.com/kb/HT2370>

--

William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492

tlarkin
Honored Contributor

If you've seen my post image script I have commands in there that set
remote log in and ARD settings

Not applicable

Hello,

I was wondering if I can get some scripting help here.

I have a script that adds a application to the users startup item
(loginwindow.plist) without overriding there current items and if I deploy
this using ARD to the user it works just fine and adds it to the users
loginwindow.plist. I can’t seem to get it to work in Casper though. Is there
anyone who can help me out with that, maybe as a login script so when the
user logs in it will write this to there loginwindow.plist.

I would really appreciate any help.

Thanks,

Armando

defaults write loginwindow AutoLaunchedApplicationDictionary -array-add

'<dict><key>Hide</key><true/><key>Path</key><string>PATH TO APPLICATION
HERE</string></dict>'

Not applicable

Here's what I use. It is designed to apply to all users, but I suspect you can figure out how to make it apply to only one user.

Not applicable

Thank you,

The application we are trying to add is UTC and I see it in your script
already.

So can I just upload this to the casper server and run it as a login script?
or is there a better way to do this.

Thank you so much.

Armando

Not applicable

No, it only needs to run once per computer; pass it the UTC path as its parameter, and it will be added globally for all users.

Note that adding something again will add another entry to the list. This generally won't cause any harm, unless you do it too many times; things might slow down noticeably at login.

McAdams
New Contributor III

I asked for some script help earlier and received some good suggestions. Now
my script needs help again. These lines grab the serial number and replace
the first five characters:

myKey="Serial Number (system):"
myComputerName=`system_profiler SPHardwareDataType | grep "$myKey" | awk '{
print $4}' | sed 's/^.{5}/NY2/g'`

I just got some new iMacs and they use a longer serial number!

Is there a was to tell sed to start at the end of the string and replace
everything before the last six characters?

Thanks,
-- jmca

sean
Valued Contributor

John,

If you want the last 6 characters, then you can grab them with echo ${[variable name]:(-6)}

So, you could just simply

mySerial=system_profiler SPHardwareDataType | grep "Serial Number (system)" | awk '{print $4}'

last6OfSerial=echo ${mySerial:(-6)}

echo NY2$last6OfSerial

Sean

sean
Valued Contributor

Sorry, thought I had to disappear so sent as was.

Clearly you can run the echo all as one, so to tidy up you can have

myComputerName=echo NY2${mySerial:(-6)}

Some people find system_profiler too slow (although this shouldn't be the case just pulling the hardware data), so you can also use ioreg to pull the serial number

ioreg -c "IOPlatformExpertDevice" | grep IOPlatformSerialNumber | cut -d """ -f 4

or use awk, specifying the " as a separator with -F

ioreg -c "IOPlatformExpertDevice" | awk -F '"' '/IOPlatformSerialNumber/ {print $4}'

Sean

rmanly
Contributor III

This is better.

How do I do string manipulations in bash? -
http://mywiki.wooledge.org/BashFAQ/100

http://mywiki.wooledge.org/BashGuide/Parameters#Parameter_Expansion

13:56 <feydrm> !abs
13:56 <greybot> The infamous "Advanced" Bash Scripting Guide should be
avoided unless you know how to filter out the junk. It will teach you to
write bugs, not scripts. In that light, the BashGuide was written:
http://mywiki.wooledge.org/BashGuide

;)

catonmat is awesome though. I paid for both of his PDFs and use his vi
readline mode cheat sheet a lot.

Ryan M. Manly
Glenbrook High Schools

On Tue, Oct 25, 2011 at 4:24 AM, Sean Holden <Sean.Holden at framestore.com> wrote: For anyone else that needs to do string manipulation, then I've just done

a quick google and come up with this page.

Hopefully you'll find it useful http://tldp.org/LDP/abs/html/string-manipulation.html In fact, whilst I'm at it awk: http://www.catonmat.net/blog/wp-content/uploads/2008/09/awk1line.txt sed: http://www.eng.cam.ac.uk/help/tpl/unix/sed.html Sean ----- Original Message ----- From: "John McAdams" <johnemac at tekserve.com> To: casper at list.jamfsoftware.com Sent: Monday, 24 October, 2011 5:49:49 PM Subject: [Casper] scripting help I asked for some script help earlier and received some good suggestions.

Now my script needs help again. These lines grab the serial number and
replace the first five characters:

myKey="Serial Number (system):" myComputerName=`system_profiler SPHardwareDataType | grep "$myKey" | awk

'{ print $4}' | sed 's/^.{5}/NY2/g'`

I just got some new iMacs and they use a longer serial number! Is there a was to tell sed to start at the end of the string and replace

everything before the last six characters?

jarednichols
Honored Contributor

WARNING, shameless gratuitous plug ahead:

If y'all are coming to the JAMF Software National User Conference (8-10 Nov 2011) you'll have the opportunity to learn more about shell scripting and how you can use it with The Casper Suite, put on by none other than yours truly and Miles "there's a dummy receipt for that" Lacey.

</plug>

Carry on.
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

sean
Valued Contributor

For anyone else that needs to do string manipulation, then I've just done a quick google and come up with this page.

Hopefully you'll find it useful

http://tldp.org/LDP/abs/html/string-manipulation.html

In fact, whilst I'm at it

awk:
http://www.catonmat.net/blog/wp-content/uploads/2008/09/awk1line.txt

sed:
http://www.eng.cam.ac.uk/help/tpl/unix/sed.html

Sean

tlarkin
Honored Contributor

Those one liner links are great, tagged them in Delicious! :-)

Also Python can easily do this just by using the print command and the character range

print s [6:9] # this would print out characters 6 through 9 in a string, remember the first character is 0 not 1

There is probably a module that easily grabs the serial number as well

-Tom

tlarkin
Honored Contributor

Just to clarify s would be the variable for the serial number in that example, so

s = command to get serial

Then just print the variable and give it the range of characters you want. Sorry just now finishing my coffee

-Tom