03-21-2022 10:16 AM - last edited on 03-22-2022 01:10 PM by BScott
Hi,
Someone shared this script with me. I was told it was originally created by Scott Reid of JumpCloud.
You run it after JC Agent is installed.
#!/bin/bash
## Populate below variable before running command
JCAPIKey='XXX'
## Admin Group for Admin user deployment
systemGroupID='XXX'
## ------ MODIFY BELOW THIS LINE AT YOUR OWN RISK --------------
## Get the logged-in user's username
username="$(/usr/bin/stat -f%Su /dev/console)"
echo "Current logged in user is "$username
# lookup currently logged in user's Full Name
## Values for $5-$7 are passed in from JAMF in the policy that this script is added to.
## So the Admin user is the first user that just deployed during enrollment
adminUser="$username"
## Get JumpCloud SystemID
conf="$(cat /opt/jc/jcagent.conf)"
regex='\"systemKey\":\"[a-zA-Z0-9]{24}\"'
if [[ $conf =~ $regex ]]; then
systemKey="${BASH_REMATCH[@]}"
fi
regex='[a-zA-Z0-9]{24}'
if [[ $systemKey =~ $regex ]]; then
systemID="${BASH_REMATCH[@]}"
echo "JumpCloud systemID found SystemID: "$systemID
else
echo "No systemID found"
exit 1
fi
## Adds the JumpCloud system to the Workstations Group
groupAddition=$(
curl -s \
-X 'POST' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: '${JCAPIKey}'' \
-d '{"op": "add","type": "system","id": "'${systemID}'"}' \
"https://console.jumpcloud.com/api/v2/systemgroups/${systemGroupID}/members"
)
err=$?
if [[ ${err} -ne 0 ]]; then
echo "Could not add system to system group id: ${systemGroupID} error=${err}"
exit 1
else echo "System added to system group id: ${systemGroupID}"
fi
## Get JumpCloud UserID
userSearch=$(
curl -s \
-X 'POST' \
-d '{"filter":[{"username":"'${username}'"}],"fields" : "username activated email"}' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: '${JCAPIKey}'' \
"https://console.jumpcloud.com/api/search/systemusers"
)
regex='[a-zA-Z0-9]{24}'
if [[ $userSearch =~ $regex ]]; then
userID="${BASH_REMATCH[@]}"
echo "JumpCloud userID for user "$username "found userID: "$userID
else
echo "No JumpCloud user with username" "$username" "found."
echo "Create a JumpCloud user with username:" "$username" "and try again."
exit 1
fi
## Check user's current permissions
if groups ${username} | grep -q -w admin; then
echo "User is an admin. User will be bound with admin permissions."
admin='true'
else
echo "User is not an admin. User will be bound with standard permissions"
admin='false'
fi
## Checks if user is activated
regex='"activated":true'
if [[ $userSearch =~ $regex ]]; then
activated="true"
echo "JumpCloud account in active state for user: $username"
else
activated="false"
echo "JumpCloud account in pending state for user: $username"
fi
if [[ $activated == "true" ]]; then
## Capture current logFile
logLinesRaw=$(wc -l /var/log/jcagent.log)
logLines=$(echo $logLinesRaw | head -n1 | awk '{print $1;}')
## Bind JumpCloud user to JumpCloud system
userBind=$(
curl -s \
-X 'POST' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: '${JCAPIKey}'' \
-d '{ "attributes": { "sudo": { "enabled": '${admin}',"withoutPassword": false}} , "op": "add", "type": "user","id": "'${userID}'"}' \
"https://console.jumpcloud.com/api/v2/systems/${systemID}/associations"
)
## Checks and ensures user bound to system
userBindCheck=$(
curl -s \
-X 'GET' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: '${JCAPIKey}'' \
"https://console.jumpcloud.com/api/v2/systems/${systemID}/associations?targets=user"
)
regex=''${userID}''
if [[ $userBindCheck =~ $regex ]]; then
userID="${BASH_REMATCH[@]}"
echo "JumpCloud user "$username "bound to systemID: "$systemID
else
echo "error JumpCloud user not bound to system"
exit 1
fi
touch /var/log/JC-Added-Workstation-Device-Group.log
## Waits to see local account takeover
updateLog=$(sed -n ''${logLines}',$p' /var/log/jcagent.log)
accountTakeOverCheck=$(echo ${updateLog} | grep "User updates complete")
logoutTimeoutCounter='0'
while [[ -z "${accountTakeOverCheck}" ]]; do
Sleep 6
updateLog=$(sed -n ''${logLines}',$p' /var/log/jcagent.log)
accountTakeOverCheck=$(echo ${updateLog} | grep "User updates complete")
logoutTimeoutCounter=$((${logoutTimeoutCounter} + 1))
if [[ ${logoutTimeoutCounter} -eq 10 ]]; then
echo "Error during account takeover"
echo "JCAgent.log: ${updateLog}"
exit 1
fi
done
echo "Account takeover occurred at" $(date +"%Y %m %d %H:%M")
else
echo "Account not activated. Have user set a JumpCloud password to activate account and try again."
exit 1
fi
exit 0
Solved! Go to Solution.
03-21-2022 10:17 PM
I worked through it and found the problem. I've updated the original post with the working script and sanitized it.
03-21-2022 10:22 AM
This is great.. I'll take a look. What is the error message?
03-21-2022 10:17 PM
I worked through it and found the problem. I've updated the original post with the working script and sanitized it.
New to the site? Take a look at these additional resources:
Ready to join us? You can register here.