Help

Set DNS Servers based on who logs in

Morningside
Contributor II

Posted on ‎11-05-2018 12:19 PM

I would like to set the DNS servers in both wifi and ethernet connections based on the user who logs in. I have taken a look at the Network Config Profile and it doesn't include the option for setting DNS Servers explicitly. Is there a way to do this with Jamf? As an example, based on the local or LDAP user who is logging in, I would like to configure the mac so that

  1. admin DNS = 8.8.8.8
  2. teacher DNS = 185.228.168.168
  3. Younger students DNS = 10.0.0.45
  4. Older students DNS = 10.0.0.54

Etc. Since we use DNS based filtering this will be a swell way to apply different filtering rules to different people, and not have to worry about which browser they are using, etc.

Update: I have determined the the terminal command:
'networksetup -setdnsservers Wi-Fi 185.228.168.168'
Will set the DNS server appropriately, so now I need o figure out how to build this into a login script with either case logic, or some sort of conditional that can look at the name of the person logging in.

0 Kudos
2 REPLIES 2

Look
Valued Contributor III

Posted on ‎11-05-2018 03:47 PM

If your happy with it running only when JAMF is available you can probably approach it something along these lines.
If you do it in a policy with login as the trigger $3 will be the username, you can also scope policies to users/groups for login triggers so you don't actiually need the conditionals.
You can also use the optional parameter which can be referenced as $4 in the script.
This means you could have one script that was used in multiple login policies each scoped to the appropriate users with the DNS server as a variable for the script as so.

#!/bin/bash
networksetup -setdnsservers Wi-Fi $4

One other consideration is that if you are running a script in a login policy it will hold up the login process and any other policies until it's completed (depending on the JSS settings) you can mitigate this by passing the script contents to a seperate task (not sure on the terminology but it works).

#!/bin/bash
(
networksetup -setdnsservers Wi-Fi $4
) &

You can have as many commands as you like between the enclosing bracket lines as long.

Morningside
Contributor II

Posted on ‎11-06-2018 09:07 AM

This is the script I cam up with, and testing reveals that it works good, too. The DNS addresses will change somewhat but I have the script successfully deployed to a couple of test machines.

#!/bin/bash

# Setting DNS by User

# Get variables. $3 is logging in user.
user=$3

# Root and Admin should be wide open

if [ $user = "root" ] || [ $user = "admin" ]; then
networksetup -setdnsservers Wi-Fi 8.8.8.8
networksetup -setdnsservers Ethernet 8.8.8.8

# Older students get an open, but filtered experience:

elif 

# Adams class
[ $user = "Student01" ] || 
[ $user = "Student02" ] || 
[ $user = "Student02" ] ||
[ $user = "Student04" ] ||

# Mariannes class:
[ $user = "Student05" ] ||
[ $user = "Student06" ] ||
[ $user = "Student07" ] ||
[ $user = "Student08" ]  

then
networksetup -setdnsservers Wi-Fi 185.228.168.139
networksetup -setdnsservers Ethernet 185.228.168.139

# Everyone else gets whitelisted DNS

else
networksetup -setdnsservers Wi-Fi 185.228.168.168
networksetup -setdnsservers Ethernet 185.228.168.168

fi

exit 0
0 Kudos