Created
October 10, 2023 15:03
-
-
Save phatmandrake/3afd256e61957125f7312c14b75afb1e to your computer and use it in GitHub Desktop.
JAMF MacOS dsconfigad Expect workaround
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/zsh | |
| :' | |
| There is an apparent bug in dsconfigad for MacOS that will cause dsconfigad to arbitrarily | |
| fail to bind to an existing computer record silently, even with the use of a force flag. | |
| When this happens, disconfigad prompts for approval interactively. This causes JAMF to over | |
| log the output to a tmp file that will eat all available harddisk space. This is particularly | |
| problematic in environments using self-healing AD binding scripts. By introducing expect, | |
| we can ensure that the y/n prompt is responded to or in the event of signficant network delay, | |
| terminated after 60 seconds. This gist can be used as a template for how to use expect, but follow best | |
| practices in your environtment to avoid passing secrets in plaintext where possible. | |
| ' | |
| /usr/bin/expect <<EOD | |
| set timeout 60 | |
| log_user 0 | |
| # Spawn the dsconfigad command with the variables | |
| spawn dsconfigad -a "$(hostname)" -username "$ad_user" -password "$ad_pass" -ou "$ad_computers_ou" -domain "$ad_domain" -mobile enable -mobileconfirm disable -localhome disable -useuncpath enable -alldomains enable | |
| log_user 1 | |
| expect { | |
| "Computer account already exists! Bind to Existing? (y/n):" { | |
| send "y\r" | |
| puts "Expected prompt detected and 'y' sent." | |
| expect eof | |
| } | |
| eof { | |
| puts "Command completed silently." | |
| } | |
| timeout { | |
| puts "Timeout reached." | |
| } | |
| } | |
| EOD |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment