Bash/sh: Where does the group name go? (Active Directory/Mac)
I'm working on a bash script designed to enable users that are given admin
permissions from Active Directory, to retain their Admin credentials when
they're not authenticating to AD (ie: took a work computer home and
working offline). By default you lose Admin permissions if you can't
authenticate... theoretically this script should add users from specified
AD groups and make them local admins.
I'm just running into one error near the end when it attempts to append
the users from the groups, instead of doing so and exiting the script,
it's stating, "No group name provided" three times. I'm a bash novice, so
here's to some assistance! I've changed our AD domain to mytfa.org to keep
it similar but inconspicuous as the word "example" when mirrororing
"example.com" was thoroughly confusing in the various connotations of this
script.
#!/bin/bash
#
#
# Script to detect if a user is a member of the admin group. If not,
and they are not a student, it will add them.
#
#
# say "script started"
# Check if user is already an admin
IsAdmin=$(dseditgroup -o checkmember -n . -u $1 admin)
# say "Is Admin variable assigned"
# echo "$IsAdmin"
if [[ $IsAdmin == yes* ]]
then
# echo "No further action needed"
# say "user is an admin"
exit
else
# All TFA check... -n is not null -o comparison for or $1
stores username
# say "All TFA check"
ATmember=$(dseditgroup -n /Active\ Directory/MYTFA/mytfa.org -o
checkmember -u $1 All\ TFA)
# Tech Team check
# say "Tech Team check"
TTmember=$(dseditgroup -n /Active\ Directory/MYTFA/mytfa.org -o
checkmember -u $1 Tech\ Team)
# Administrators check
# say "Administrators check"
AAmember=$(dseditgroup -n /Active\ Directory/MYTFA/mytfa.org -o
checkmember -u $1 Administrators)
# Adds to local admin if user is a member of All TFA, Tech Team, or
Administrators
if [[ $ATmember == yes* ]] || [[ $TTmember == yes* ]] || [[
$AAmember == yes* ]]
then
# say "User is a member"
# echo "User is a member of All TFA, Tech Team, or Administrators."
sudo dscl . append /Groups/admin GroupMembership $1
fi
fi
exit
Using 10.8.4 as root also tried as AD Admin account.
No comments:
Post a Comment