Tools: CLAS - Bind MAC to Domain (Requires Credentials)
0 Votes |
Description
This tool will bind MAC computers to the UNCCHARLOTTE-NT domain.
Tested on: OS 10.7.x
Property Details
1379 | |
Tools: CLAS - Bind MAC to Domain (Requires Credentials) | |
BESC | |
Mac Tools | |
Internal | |
1/11/2013 12:00:00 AM | |
AD, Bind, Active Directory, MAC | |
True | |
scrull on 1/15/2013 11:59:53 AM | |
scrull on 1/15/2013 11:59:53 AM | |
6973 Views / 22 Downloads | |
* Average over 0 ratings. ** Log In or Register to add your rating. |
Relevance
(name of operating system = "Mac OS X")
Used in 1 fixlet | * Results in a true/false |
(system version >= "10.6" AND system version < "10.7") OR (system version >= "10.7" AND system version < "10.8")
Used in 1 fixlet | * Results in a true/false |
(version of client >= "6.0.0.0") AND (exists true whose (if true then (exists (if exists value of settings "_BESClient_ActiveDirectoryPathOverride" of client then value of setting "_BESClient_ActiveDirectoryPathOverride" of client else if exists true whose (if true then exists distinguished name of local computer of active directory else false) then distinguished name of local computer of active directory else "<none>") whose (it as string as lowercase contains "none" as lowercase)) else false))
Actions
Action 1 (default)
Action Link Click
here to deploy this action.
Script Type
BigFix Action Script
action parameter query "Username" with description "Please enter your network username:" with default ""
action parameter query "Password" with description "Please enter your network password:" with default ""
Delete __createfile
Delete JoinDomain.sh
createfile until endscript
#!/bin/sh
computerid=`/usr/sbin/scutil --get LocalHostName`
# Standard parameters
domain="its.uncc.edu" # fully qualified DNS name of Active Directory Domain
udn="{parameter "Username" of action}" # username of a privileged network user
password="{parameter "Password" of action}" # password of a privileged network user
ou="CN=Computers,DC=its,DC=uncc,DC=edu" # Distinguished name of container for the computer
# Advanced options
alldomains="enable" # 'enable' or 'disable' automatic multi-domain authentication
localhome="enable" # 'enable' or 'disable' force home directory to local drive
protocol="smb" # 'afp' or 'smb' change how home is mounted from server
mobile="enable" # 'enable' or 'disable' mobile account support for offline logon
mobileconfirm="disable" # 'enable' or 'disable' warn the user that a mobile acct will be created
useuncpath="disable" # 'enable' or 'disable' use AD SMBHome attribute to determine the home dir
user_shell="/bin/bash" # e.g., /bin/bash or "none"
preferred="-nopreferred" # Use the specified server for all Directory lookups and authentication
# (e.g. "-nopreferred" or "-preferred ad.server.edu")
admingroups="UNCCHARLOTTE-NT\Domain Admins" # These comma-separated AD groups may administer the machine (e.g. "" or "APPLE\mac admins")
# Login hook setting -- specify the path to a login hook that you want to run instead of this script
### End of configuration
# Activate the AD plugin
defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Active"
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist
sleep 5
# Bind to AD
dsconfigad -f -a $computerid -domain $domain -u $udn -p "$password" -ou "$ou"
# Configure advanced AD plugin options
if [ "$admingroups" = "" ]; then
dsconfigad -nogroups
else
dsconfigad -groups "$admingroups"
fi
dsconfigad -alldomains $alldomains -localhome $localhome -protocol $protocol \
-mobile $mobile -mobileconfirm $mobileconfirm -useuncpath $useuncpath \
-shell $user_shell $preferred
# Restart DirectoryService (necessary to reload AD plugin activation settings)
killall DirectoryService
# Add the AD node to the search path
if [ "$alldomains" = "enable" ]; then
csp="/Active Directory/All Domains"
else
csp="/Active Directory/$domain"
fi
#dscl /Search -create / SearchPolicy CSPSearchPath
#dscl /Search -append / CSPSearchPath "/Active Directory/All Domains"
#dscl /Search/Contacts -create / SearchPolicy CSPSearchPath
#dscl /Search/Contacts -append / CSPSearchPath "/Active Directory/All Domains"
# This works if the above code does not
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" -array "/Active Directory/All Domains"
defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Policy" -int 3
defaults write /Library/Preferences/DirectoryService/ContactsNodeConfig "Search Node Custom Path Array" -array "/Active Directory/All Domains"
defaults write /Library/Preferences/DirectoryService/ContactsNodeConfig "Search Policy" -int 3
plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist
endscript
delete JoinDomain.sh
move __createfile JoinDomain.sh
wait sh JoinDomain.sh
Success Criteria
This action will be considered successful when the applicability relevance evaluates to false.
Sharing
Social Media: |