WGM & MCX

[ewhite]

I’m working on setting managed preferences via Workgroup Manager so that I can enforce certain preferences on my InstaDMG image for 10.5.3.
By piecing together techniques from these two articles (https://www.afp548.com/article.php?story=using-mcx-in-the-dslocal-domain & http://managingosx.wordpress.com/2008/02/07/mcx-dslocal-and-leopard/) I’ve gotten a test machine “working.” The test machine is a MacBook that was imaged with an InstaDMG build.
I used WGM to create a localhost.plist with a blank ethernet address for the localhost computer (under the Network tab in WGM). Then I transferred the .plist to the test machine’s /private/var/db/dslocal/nodes/Default/computer/ directory, and wrote the following loginHook:

[code]#!/bin/sh

storedMacAddress=`/usr/bin/dscl . -read /Computers/$computerRecordName ENetAddress | cut -f2 -d ” “`

macAddress=`/sbin/ifconfig en0 | /usr/bin/grep ‘ether’ | /usr/bin/sed “s/^[[:space:]]ether //” | cut -f1 -d ” “`

if [ “$storedMacAddress” != “$macAddress” ] ; then

sudo dscl . -create /Computers/localhost ENetAddress $(ifconfig en0 |grep ether | awk ‘{print $2}’)

fi[/code]

On first login after copying the localhost.plist and setting up the loginHook, the settings aren’t present, but if I logout and log back in, my managed preferences are there (this works as I’d expect).

Some questions: Anybody doing this already? Have suggestions/ideas for how to incorporate the .plist and the loginHook into the InstaDMG ASR?

I have been able to make packages of software for my InstaDMG build using logGen/pkgGen/IceBerg and LanRev InstallEase, but have had trouble with Leopard PackageMaker.

Another question: If you are using WGM, can you setup MCXDockSpecialFolders for anything other than the Documents folder? (I’d like to also include the Downloads folder and perhaps the Home folder.)

– Esther

[Patrick Fergus]

If you’re really using a loginhook, this would be expected since loginwindow reads preferences (such as MCX) before you actually log in. When you log in, the loginhook executes, and when you log out, loginwindow rereads the preferences.

Possibly someone might have a suggestion regarding exactly how to craft a LaunchDaemon/StartupItem that’s guaranteed to run before loginwindow runs.

– Patrick

[ewhite]

Patrick, thanks for the clarification. I use the following command to setup the loginhook:
[code]sudo defaults write /var/root/Library/Preferences/com.apple.loginwindow LoginHook /etc/login.hook[/code]

[Patrick Fergus]

If the machine is performing the imaging on itself (in other words, you’re not going to image a drive and then drop it in a different machine), at restore time you could use a script to plunk the right MAC address into localhost.plist and avoid editing the MAC address at startup.

– Patrick

[ewhite]

Patrick, again, thanks for the tip. I am setting up some post-actions based on Bombich’s example scripts for NetRestore right now. I think this will really simplify my deployment process.

[Patrick Fergus]

Another suggestion, you should use dscl to act on the restored drive’s dslocal DirectoryService database. You should be able to use a one line post-action (but I haven’t tested this):
[code]#!/bin/bash

/usr/bin/dscl -f “$1″/var/db/dslocal/nodes/Default localonly -create /Computers/localhost ENetAddress $(ifconfig en0 | awk ‘ /ether/ {print $2}’)[/code]
(MAC address code borrowed from “dayglojesus”‘s comment on this article):

[url]https://www.afp548.com/article.php?story=using-mcx-in-the-dslocal-domain[/url]

The dscl “-f” switch tells dscl to act on a DirectoryServices database other than the startup disk’s. Make sure you’re restoring while running a version of OS X that’s equivalent to the one being restored–e.g. I don’t know what would happen if you were to use Tiger’s dscl to edit Leopard’s DirectoryService database.

[b]NOTE[/b]–the $1 variable pointing to the restored disk is [i]unique to NetRestore’s post-actions[/i]. If this was part of a Installer pkg’s pre/postflight, you’d want to use $3 instead.

– Patrick

[ewhite]

Patrick (or anybody else reading this for that matter!), I hope you’ll have some insight here:

I created a package called localhost.pkg that puts the localhost.plist created using WGM into /private/var/db/dslocal/nodes/Default/computers/ on the destination HD. This package gets installed as a NetRestore Post-Action.

I’ve been able to confirm that the plist is in place after restoring a computer.

I’ve also got a few NetRestore Post-Action scripts: one to hide files that should be hidden (hide_files.sh), one to put the right MAC Address into the localhost.plist file upon restore (localhost_config.sh), and one to rename the destination hard drive (zzz_rename_target.sh).

The tricky part is this: The post-actions are running (and the the HD is getting renamed successfully) but the localhost_config.sh script isn’t working. The MAC Address in localhost.plist remains incorrect after restore. However, when I setup a loginhook on the machine after it was imaged (see my above post), the managed preferences worked perfectly.

I’m posting my code below… hopefully someone will see a mistake?

[code]
#!/bin/sh
PATH=/bin:/usr/bin:/sbin:/usr/sbin export PATH

hwAddress=`ifconfig en0 |grep ether | awk ‘{ print $2 }’`

/usr/bin/dscl -f “$1″/private/var/db/dslocal/nodes/Default -create /Computers/localhost ENetAddress “$hwAddress”[/code]

[eholtam]

First thing to check is to make sure the file is executable in the NetRestore Post-Actions folder.

If it is try putting in some logging and echo out the hwAddress value to see if its getting what you think it should be getting.

[Author]

Posts