Posted on 11-07-2008 07:32 AM
Questions for scripting experts. I'm trying to run this as a script and for
some reason its not running. Here is what I've scripted.
#!/bin/sh
dsconfigad -groups "NAdomain admins,NAenterprise
admins,NAby-r-corpworkstationadmin-wk-f,NAby-r-MacAdminUsers-WK-F"
Does anything jump out that prevents this from running? After running the
script using Casper the log says it can't be found which I'm guessing there
is a syntax error somewhere?
Thanx,
Cyrus
Posted on 11-07-2008 07:35 AM
It would help if you tell us what you're trying to accomplish with the
script.
I can alter this and make it do a bunch of different things.
Posted on 11-07-2008 07:35 AM
The log says those groups can't be found or that the scripts can't be found?
Craig E
Posted on 11-07-2008 07:41 AM
I have basically the same thing so I'm not sure what the issue is. If the machine is already bound you don't need to specify the domain in front of the names.
--
#!/bin/sh
######################################################
## This script will add the following group later to AD bindings.
## Created Wednesday, January 9, 2008 - ERNSTCS
######################################################
sleep 90
/usr/sbin/dsconfigad -groups "LAB.BITS.ADMINS,LAB.ADMINS"
--
I have a sleep in there to make sure the services needed to do this are running. This script runs at FirstRun after imaging so I make sure the AD binding part has finished first with the sleep.
You trust your domain and enterprise admins? =)
If the JAMF log is saying it can't even find your script that's a different problem. What happens if you run this script locally on a machine?
Craig E
Posted on 11-07-2008 07:44 AM
You have escaping problems here. In bash (and sh) '' is reserved for escaping characters. If you want to put "quotes inside another set of quotes, you have to "escape" them with ''". Right now you are escaping 'd' (with d), etc. If you want to put those backslashes in, you need to also escape them. That can be done by just replacing them with .
A good way to test your string escaping is to just echo it for testing. Test this string with:
echo "NAdomain admins,NAenterprise admins,NAby-r- corpworkstationadmin-wk-f,NAby-r-MacAdminUsers-WK-F"
and I think it will return
NAomain admins,NAnterprise admins,NAby-r-corpworkstationadmin-wk- f,NAby-r-MacAdminUsers-WK-F
Note that double quotes doesn't solve this, single quotes might, but you should really double them up. Check out this part of the ABS for more info: http://tldp.org/LDP/abs/html/escapingsection.html
Ryan Harter
UW - Stevens Point
Workstation Developer
715.346.2716
Ryan.Harter at uwsp.edu
Posted on 11-07-2008 07:54 AM
Trying to add an AD group for the AD plug-in. Like to add
'NAby-r-macadminusers-wk-f' to the existing three listed in the script
using dsconfigad command.
Using the command below works fine in terminal but not with the script I've
written. Just did a quick test in terminal and the script ran off the
desktop. So there shouldn't be any syntax errors.
To answer a few questions/commnents following this email.
The log says it can't find the script and not the group.
I can run the script locally as mentioned above so the syntax should be
OK.
I'm not and AD expert and haven't looked to see who are domain and admin
members. They are populated when the machine is bound. Thanx for bringing
this up and I'll look to see if they need to be in there or not.
Ryan, I'm not sure what you mention in your email is causing any issues,
at least not based on running the script locally. Also tried your echo test
and output was as expected.
* I've also propagated permissions on the server with no change.
Thanx for all the input.
Posted on 11-07-2008 08:00 AM
Are you running this at image time? If so, it should be run "at reboot",
otherwise you're executing it on your utility drive or whatever you're
booted to while imaging.
Posted on 09-28-2010 09:39 AM
All,
I was hoping to borrow some of your knowledge in scripting.
I'm trying to configure a firstboot script that will set a lot of the
settings for us, I have a lot of them in place, but a couple are continuing
to cause trouble.
The major areas of frustration is using kickstart to configure
1. System Pref --> Sharing --> Remote Login.
- Specifically, Allow access for our Admin Account and Deployment Account
Specifically for setting Only these users for our Admin Account Note: echo AllowGroups OurDomainOurGlobalAdmin admin >> /etc/sshd_config we want our
# ARD Configuration
#Enable ARD for macadmin
echo "Config ARD"
$kickstart -configure -allowAccessFor -users adminact,deploymentact
$kickstart -activate -configure -access -on -users "adminact" -privs -all
-clientopts -setvnclegacy -vnclegacy yes -setvncpw -vncpw <password>
-restart -agent -console
#Kerberos-Enabled SSH Authentication. Also specifies which specific groups
are allowed to ssh.
echo "Enable Kerberos SSH"
echo KerberosAuthentication yes >> /etc/sshd_config
echo KerberosOrLocalPasswd yes >> /etc/sshd_config
echo AllowGroups OurDomainOurGlobalAdmin admin >> /etc/sshd_config
Posted on 09-28-2010 09:55 AM
There is a shell script called "enableARD.sh" in the Resource Kit that
you can download from JAMF that should allow you to easily set the ARD
users/settings that you want. Only very minor modification was
required for us to use this script (change the name of the ARD user,
password, etc.)
Damien Barrett
System Technician
Montclair Kimberley Academy
973-842-2812
Posted on 09-28-2010 10:23 AM
Additionally, this is a very handy page on Apple's site for using
On 9/28/10 11:55 AM, "Damien Barrett" <damien.barrett at gmail.com> wrote:
kickstart:
<http://support.apple.com/kb/HT2370>
--
William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492
Posted on 09-28-2010 10:33 AM
If you've seen my post image script I have commands in there that set
remote log in and ARD settings
Posted on 03-07-2011 02:41 PM
Hello,
I was wondering if I can get some scripting help here.
I have a script that adds a application to the users startup item
(loginwindow.plist) without overriding there current items and if I deploy
this using ARD to the user it works just fine and adds it to the users
loginwindow.plist. I can’t seem to get it to work in Casper though. Is there
anyone who can help me out with that, maybe as a login script so when the
user logs in it will write this to there loginwindow.plist.
I would really appreciate any help.
Thanks,
Armando
defaults write loginwindow AutoLaunchedApplicationDictionary -array-add
'<dict><key>Hide</key><true/><key>Path</key><string>PATH TO APPLICATION
HERE</string></dict>'
Posted on 03-07-2011 02:46 PM
Here's what I use. It is designed to apply to all users, but I suspect you can figure out how to make it apply to only one user.
Posted on 03-07-2011 02:55 PM
Thank you,
The application we are trying to add is UTC and I see it in your script
already.
So can I just upload this to the casper server and run it as a login script?
or is there a better way to do this.
Thank you so much.
Armando
Posted on 03-07-2011 02:58 PM
No, it only needs to run once per computer; pass it the UTC path as its parameter, and it will be added globally for all users.
Note that adding something again will add another entry to the list. This generally won't cause any harm, unless you do it too many times; things might slow down noticeably at login.
Posted on 10-24-2011 09:49 AM
I asked for some script help earlier and received some good suggestions. Now
my script needs help again. These lines grab the serial number and replace
the first five characters:
myKey="Serial Number (system):"
myComputerName=`system_profiler SPHardwareDataType | grep "$myKey" | awk '{
print $4}' | sed 's/^.{5}/NY2/g'`
I just got some new iMacs and they use a longer serial number!
Is there a was to tell sed to start at the end of the string and replace
everything before the last six characters?
Thanks,
-- jmca
Posted on 10-24-2011 10:19 AM
John,
If you want the last 6 characters, then you can grab them with echo ${[variable name]:(-6)}
So, you could just simply
mySerial=system_profiler SPHardwareDataType | grep "Serial Number (system)" | awk '{print $4}'
last6OfSerial=echo ${mySerial:(-6)}
echo NY2$last6OfSerial
Sean
Posted on 10-24-2011 10:47 AM
Sorry, thought I had to disappear so sent as was.
Clearly you can run the echo all as one, so to tidy up you can have
myComputerName=echo NY2${mySerial:(-6)}
Some people find system_profiler too slow (although this shouldn't be the case just pulling the hardware data), so you can also use ioreg to pull the serial number
ioreg -c "IOPlatformExpertDevice" | grep IOPlatformSerialNumber | cut -d """ -f 4
or use awk, specifying the " as a separator with -F
ioreg -c "IOPlatformExpertDevice" | awk -F '"' '/IOPlatformSerialNumber/ {print $4}'
Sean
Posted on 10-25-2011 12:01 AM
This is better.
How do I do string manipulations in bash? -
http://mywiki.wooledge.org/BashFAQ/100
http://mywiki.wooledge.org/BashGuide/Parameters#Parameter_Expansion
13:56 <feydrm> !abs
13:56 <greybot> The infamous "Advanced" Bash Scripting Guide should be
avoided unless you know how to filter out the junk. It will teach you to
write bugs, not scripts. In that light, the BashGuide was written:
http://mywiki.wooledge.org/BashGuide
;)
catonmat is awesome though. I paid for both of his PDFs and use his vi
readline mode cheat sheet a lot.
Ryan M. Manly
Glenbrook High Schools
On Tue, Oct 25, 2011 at 4:24 AM, Sean Holden <Sean.Holden at framestore.com> wrote: For anyone else that needs to do string manipulation, then I've just done
a quick google and come up with this page.
Hopefully you'll find it useful http://tldp.org/LDP/abs/html/string-manipulation.html In fact, whilst I'm at it awk: http://www.catonmat.net/blog/wp-content/uploads/2008/09/awk1line.txt sed: http://www.eng.cam.ac.uk/help/tpl/unix/sed.html Sean ----- Original Message ----- From: "John McAdams" <johnemac at tekserve.com> To: casper at list.jamfsoftware.com Sent: Monday, 24 October, 2011 5:49:49 PM Subject: [Casper] scripting help I asked for some script help earlier and received some good suggestions.
Now my script needs help again. These lines grab the serial number and
replace the first five characters:
myKey="Serial Number (system):" myComputerName=`system_profiler SPHardwareDataType | grep "$myKey" | awk
'{ print $4}' | sed 's/^.{5}/NY2/g'`
I just got some new iMacs and they use a longer serial number! Is there a was to tell sed to start at the end of the string and replace
everything before the last six characters?
Posted on 10-25-2011 12:14 AM
WARNING, shameless gratuitous plug ahead:
If y'all are coming to the JAMF Software National User Conference (8-10 Nov 2011) you'll have the opportunity to learn more about shell scripting and how you can use it with The Casper Suite, put on by none other than yours truly and Miles "there's a dummy receipt for that" Lacey.
</plug>
Carry on.
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
Posted on 10-25-2011 02:24 AM
For anyone else that needs to do string manipulation, then I've just done a quick google and come up with this page.
Hopefully you'll find it useful
http://tldp.org/LDP/abs/html/string-manipulation.html
In fact, whilst I'm at it
awk:
http://www.catonmat.net/blog/wp-content/uploads/2008/09/awk1line.txt
sed:
http://www.eng.cam.ac.uk/help/tpl/unix/sed.html
Sean
Posted on 10-25-2011 07:40 AM
Those one liner links are great, tagged them in Delicious! :-)
Also Python can easily do this just by using the print command and the character range
print s [6:9] # this would print out characters 6 through 9 in a string, remember the first character is 0 not 1
There is probably a module that easily grabs the serial number as well
-Tom
Posted on 10-25-2011 07:52 AM
Just to clarify s would be the variable for the serial number in that example, so
s = command to get serial
Then just print the variable and give it the range of characters you want. Sorry just now finishing my coffee
-Tom