We had a bunch of Macs come up with no network access this morning, and unjoining and rejoining the domain fixes that. I'm trying to make this as automated as possible.
The following works great from Terminal with "yes | sudo sh myscript.sh", but I'm not sure how to make the UNIX Command answer yes when prompted when it says "Computer account already exists! Bind to Existing? (y/n):"
Here's what I have, and any advice is appreciated:
domain="mydomain"
username="myusername" password="mypassword"
olddomain=$( dsconfigad -show | awk '/Active Directory Domain/{print $NF}' ) computername=$( scutil --get ComputerName ) adcomputerid=$( echo "${computername}" | tr [:lower:] [:upper:] ) prefix="${adcomputerid:0:6}"
dsconfigad -remove -force -u "${username}" -p "${password}"
dsconfigad -add "${domain}" -username "${username}" -password "${password}"
The full answer would be:
# ...
dsconfigad -add "${domain}" -force -username "${username}" -password "${password}"
The -force forces the action (skips asking for user confirmation).
Relevant portion of the helptext below:
$ dsconfigad
Usage: dsconfigad -add domain -username value [-computer value] [-force]
[-password value] [-ou dn] [-preferred server]
[-localuser value] [-localpassword value]
# ...
-force force the process (i.e., join the existing account)
# ...
Related
I have to reproduce these steps with Ansible:
Backup: sshpass -p $PASSWORD ssh $USER#$IP save_configuration -p $PASSWORD> $FILE
Restore: cat $FILE | sshpass -p $PASSWORD ssh $USER#$IP restore_configuration -p $PASSWORD
For the 1st one, I could storage the dump. But for the 2nd one, is there any way to move that "cat" in a fancy way?
Thank you!
#! /bin/bash
C_PASS="12345"
echo "enter user name which u want to create"
read UNAME
UPASS="987654321"
echo $C_PASS | sudo -S -k useradd $UNAME
echo "$UPASS" | echo "$C_PASS" | sudo -S -k passwd --stdin "$UNAME"
i got error like:
[sudo] password for admin: Changing password for user zzzak.
passwd: Authentication token manipulation error
plzz help me.
My New Job requires me to gather some info from thousands of servers. However they have no sshkey setup. Everything is linked to LDAP password.
Setup is
{ Mac using ITerm2 } -->ssh with LDAP+2fA --> Bastion Host --> Connect to all servers but only with LDAP Password.
I dont want to keep typing LDAP passwords for each host I am trying to login. I am non-privilege user on Bastion Host. I cannot Install anything on Bastion like sshpass,expect,plink,
How to Automate entering password with below script with ssh options either in the script itself or Can we use Iterm to autofill when it prompts for password ?
#!/bin/bash
inFile=$1
user="zaib"
ssh_options="-o ConnectTimeout=5 -o ConnectionAttempts=1 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
read -r -d "" commands << EOF
#My Commands Here
uname -a;
netstat -rn;
EOF
log="remote_cmd_$inFile"
((c=1))
for srv in $(cat $inFile | awk -F, '{print $1}'); do
echo -n "$c: $srv " | tee -a $log
nohup ssh -qtt $ssh_options $user#$srv "sudo --bash -c '$commands'" 2>&1 | tee -a $log
((c=$c+1))
done
I am a technician managing 10 Mac Computers. I do not have and MDM to manage them. I manage them manually and one by one... I have some of my Mac Computers that even putting them non Administrator, their managed account comes back to be administrator.
I am at the point where I will write a script to prevent them from falling administrator.
This is my script :
PASSWORD=$(echo U2FsdGVkX1+6JWRG1T9hsA/DIOfb2OZdXBf9uVcYTxY= | openssl enc -aes-128-cbc -a -d -salt -pass pass:wtf)
echo $PASSWORD | sudo -u administrateur adminUsers=$(dscl . -read Groups/admin GroupMembership | cut -c 18-)
for user in $adminUsers
do
if [ "$user" != "root" ] && [ "$user" != "administrateur" ]
then
dseditgroup -o edit -d $user -t user admin
if [ $? = 0 ]; then echo "Removed user $user from admin group"; fi
else
echo "Admin user $user left alone"
fi
done
The encryption command works but my second command(line 2) can't take my variable $PASSWORD, I have this :
sudo: administrateur: command not found
The script get stuck at "administrateur" from line 2.
There are several problems with the line
echo $PASSWORD | sudo -u administrateur adminUsers=$(dscl . -read Groups/admin GroupMembership | cut -c 18-)
First, $PASSWORD isn't in double-quotes, so several special characters might cause trouble. Actually, echo has its own problems with special characters, so printf '%s\n' "$PASSWORD" would be much more reliable.
Except that sudo doesn't accept passwords over standard input, so the pipe won't work anyway.
Also, you can't do a variable assignment in a sudo command. Well, you can, but it's useless because it would make a subprocess as the other user, set the variable in that subprocess... and then exit the subprocess so the variable vanishes along with it.
And the order of evaluation is all wrong. The shell expands the $( ) part before running any of the commands (and as the current user). So it expands to something like:
echo pwgoeshere | sudo -u administrateur adminUsers=root administrateur
... which will tell sudo to run the command administrateur with the variable adminUsers set to "root". Not what you want at all.
But there's good news: dscl can read the group membership from any user account, so you don't need sudo or any of that. Just use:
adminUsers=$(dscl . -read Groups/admin GroupMembership | cut -c 18-)
On the other hand, dseditgroup does need special access to change group membership. What user is this script running as? If it's already running as root, it'll just work. If not, you could use sudo (with the complications of passing the password to that), or much simpler pass the admin credentials as arguments, with the -u and `-P options:
dseditgroup -o edit -u administrateur -P "$PASSWORD" -d "$user" -t user admin
Two more suggestions: use lowercase variable names (e.g. password instead of PASSWORD) to avoid conflicts with the various the various all-caps names with special meanings, and run your scripts through shellcheck.net and correct the things it points out.
I have following postgres backup script, its a shell script and written to run ans postgres user.
But the problem is postgres user doesn't have permission to write these directories. I as a user don't have sudo on these machines but I have changed the directory to has 755 and added to one of the group that has major permission to do read-write-execute. Since postgres user isn't part of the unix user group I guess I am running into this issue.
My goal is to put this in the cron-tab but prior to that I need to get the script running with proper permission:
#!/bin/bash
# location to store backups
backup_dir="/location/to/dir"
# name of the backup file has the date
backup_date=`date +%d-%m-%Y`
# only keep the backup for 30 days (maintain low storage)
number_of_days=30
databases=`psql -l -t | cut -d'|' -f1 | sed -e 's/ //g' -e '/^$/d'`
for i in $databases; do
if [ "$i" != "template0" ] && [ "$i" != "template1" ]; then
echo Dumping $i to $backup_dir$i\_$backup_date
pg_dump -Fc $i > $backup_dir$i\_$backup_date
fi
done
find $backup_dir -type f -prune -mtime +$number_of_days -exec rm -f {} \;
Before doing this be sure to login as a super user (sudo su) and try executing these:
useradd -G unix postgres (Add postgres user to unix group)
su postgres (Login as postgres user)
mkdir folder (Go to the directory where postgres needs to write files)
***From this line down is my answer to #find-missing-semicolon question
Just to illustrate an example with a shell script, you can capture the password using the read command and put it to a variable. Here I stored the password in password and echoed it afterwards. I hope this helps.
`#!/bin/bash`
`read -s -p "Password: " password`
`echo $password`